Skip to content

12Port Deployment Scenarios

Simple Deployment

The most simple 12Port deployment requires installation of a single node server with all services located on a single server.

The simple deployment:

  • Includes all functionality controlled by the license.
  • Uses embedded backend database.
  • Exposes WEB console and WEB sessions through HTTPs protocol terminated by SSL certificate.
  • Supports access through native SSH and RDP clients.
  • Executes account management and microsegmentation scripts on the endpoints accessible by the deployment.

The simple deployment works well for the trials, short term projects and small deployments accessed from the internal network.

12Port Simple Deployment

Extended Deployment

Extended deployment expands the simple deployment by introducing external backend database and a load balancer terminating client HTTP, RDP and SSH traffic.

Extended deployment brings the following benefits to the simple deployment.

  • External Database: Managed data storage.
  • External Database: The option to separate encrypted data in the database with the keys that encrypt the data.
  • External Database: The option to use different database for different tenants.
  • Load Balancer: Managed inbound traffic to service WEB Console and WEB Sessions.
  • Load Balancer: Centralized management of inbound traffic and inbound SSL certificates
  • Load Balancer: Expose default HTTPS port 443 to simplify URLs

Depending on the services, some ports operate on HTTP(s) level so WEB Load balancer will work for them and some other services (ports) that service traffic for native desktop or mobile clients (if used) operate on Level 4 so Load Balancer should support that. Port numbers are configurable but below is the list of services and default ports with the protocol

  • WEB Console (configuration, reporting)
  • WEB Sessions (RDP, SSH, VNC, Telnet, HTTP): port 6443 (usually this port is terminated by the WEB load balancer as standard https port 443)
  • RDP for native desktop and mobile clients such as mstsc: port 3300 (TCP level 4)
  • SSH for native desktop and mobile clients such as putty or ssh shell: port 2200 (TCP level 4)

Note

Extended deployment could be modified to only include Load Balancer or to only include external database.

The extended deployment is recommended for larger and long term projects as well as for the deployments open to the public Internet.

12Port Extended Deployment

High Availability (HA) Deployment

High availability deployment introduces active backup and improved performance to the extended deployment. When one of the nodes malfunctions the load balancer directs the traffic to another node. When both nodes are operational, the load balancer distributes the traffic to maintain similar load to both nodes.

Note

While WEB console access can work equally distributing network traffic between two nodes even when it comes from the single client, WEB Sessions by the nature of the endpoint connectivity require the load balancer to implement sticky sessions strategy to always direct the traffic from the same client to the same node selected by the load balancer during initial negotiation.

Note

The architecture allows more than two nodes in the high availability configuration.

Note

The high availability deployment requires external database shared for the multiple nodes. 12Port supports several editions of commercial, free or open source databases: Oracle RDBMS, MS SQL Server, MySQL, MariaDB or PostgreSQL.

High availability deployment provides an active backup solution with improved performance distributing the load.

12Port High Availability Deployment

Disaster Recovery (DR) Deployment

Disaster recovery deployment introduces passive backup to the extended deployment. Two nodes in DR deployment operate on two different databases setup with the periodic passive replication. When main nodes malfunctions the load balancer temporarily switches the traffic to DR node.

Note

Data replication might be setup using native database tools. Alternatively, the data replication might utilize 12port export and import capabilities.

Disaster recovery node provides a passive backup solution to the deployment availability as well as data backup for off-site data backup and when the external database does not maintain replicated data copy itself.

12Port Disaster Recovery Deployment

Multi-Site Deployment

Multi-site deployment allows to use the same asset database to manage and access assets located in isolated datacenters.

To support multi-site deployment, a Peer Node is required at each site. Main node will route traffic to the relevant peer node depending on the configuration. Other than main node, pPeer nodes are not exposed to the external network traffic. For a user connected to a Main node (with either WEB or native clients) all endpoints at all sites are available based on 12Port access controls. Main node is the only node using backend database to store keys, configurations, assets, logs and reports. Peer node are used only to provide secure access to the endpoints on the sites.

Note

Both Main node and Peer node at each site could be deployed in the high availability configuration. One single Load Balancer is required to access multiple Main nodes. The Main node will balance the traffic to multiple peer nodes deployed in the high availability configuration itself so no load balancer is required to balance peer nodes on each site. In this case each peer node should be accessible for the main node to connect. In case it is desired to only open one port for all peer nodes operating on each site, the load balancer should be used in front of site peer nodes to present all peer nodes as a single service for the main node to use.

Note

When it is not possible or not desired to open Peer ports in the remote site’s firewall to connect from the Main node, Peer node can establish and maintain reverse peer tunnels using Peer Tunnel technology.

12Port Multi-Site Deployment