Cloud Xtension - Extend management of your NoTouch OS

Cloud Xtension is an extension of your existing or Data Center NoTouch appliance that allows you to extend management of your NoTouch OS endpoints to connections outside of the data center.

NoTouch Cloud Xtension is an extension of your existing or Data Center NoTouch appliance that allows you to extend management of your NoTouch OS endpoints to connections outside of the data center. Using the same version of NoTouch appliance configured as below allows the endpoints to take advantage of Enterprise Management without sacrificing security

*Please ensure your are using NoTouch Center 4.4.30 minimum version

1. First setup you Primary NoTouch Center instance, this will be the instance in your data center 2. Second setup your Cloud Xtension Instance this will be the external public facing instance

Make sure that "Primary NTC can contact "Cloud Xtension” via SSH port 22. There will be a secure tunnel established from NTC to Cloud Xtension

Now open the Settings page in NTC. Scroll down to "Cloud Xtension" \ SSh Public Key. Copy the key. Fill in the Gateway Address (internal IP) of your Cloud Xtension.

NTC_Cloud_Key

Go to Cloud Extension Virtual Appliance console. Click "Cloud Xtension. Switch it on. Paste the copied SSH Public key from NoTouch Center in the field there. Be sure to copy the SSH key (first) and click save for each option

VA_Cloud_Setup

Reboot NTC and Cloud Xtension Virtual Appliances

Your External NoTouch OS devices should be configured with the URL of your newly configured cloud gateway as management URL.

Note: Cloud Xtension will not provide a Managment interface as this is for managing data flow for your NoTouch Endpoints. Management will be through your internal NoTouch Center management URL

Verify successful connection to Cloud Xtension

You should be able to verify that NoTouch Center successfully connection to your Cloud Xtension, In NoTouch Center \ Resources \ About \ Connected to Cloud Xtension (image below)

Verify_Xtension

Shadowing

  • Administrators must be able to open connections to random TCP ports in the range 49152 - 65535 to NoTouch Center, so please ensure these are open for any firewall rules on your perimeter network.
  • These ports are IANA-assigned for private use and no well-known ports use these services. You are not risking opening access to some service that might be running. That is strictly for on-demand shadowing and assigned randomly. If you think about making that range smaller, think twice, that makes it actually less secure!

For remote shadowing capabilities, you will need to allow Port 6667 from external address's to your Cloud Extension IP \ FW

 

Client OS Image update

The normal Client OS image update process will work as defined, there is no need to use Alternate FW Pool option unless you want the client devices to specifically use a different source than the default system assigned.

 

Client Management URL

After the setup is complete, Reboot your NTC and CX one time and your NEW remote NoTouchOS Endpoints will use the External IP (FQDN) of your Cloud Xtension for the Management URL. Example: mgmt.mycompany.com/easyadmin/servlet/XmlRPC

DO NOT CHANGE THE URL PREFIX IN No Touch Center SETTINGS THIS WILL PREVENT CLIENTS FROM CONNECTING

If you are adding new endpoints via the Cloud Xtension, the process is straightforward. During the setup wizard, you will be prompted to enter the management URL for these new endpoints. Simply point them to the EXTERNAL URL of the Cloud Xtension, which should be in the format of your organization's domain, such as mgmt.mycompany.com/easyadmin/servlet/XmlRPC. This ensures that the new endpoints will correctly communicate with the Cloud Xtension for management and updates.

For organizations that already have existing clients connected to the NoTouch Center (NTC) and wish to transition them to connect via the Cloud Xtension, additional steps are required to ensure a smooth transition. Within the NTC interface, navigate to the client settings. Here, you can select either Device Settings for individual clients or Group Settings if you want to apply changes to multiple clients at once. Once in the appropriate settings section, locate the Administration tab.

In the Administration menu, find the option labeled "Non-Standard Management URL." Here, you will need to enter the EXTERNAL URL of the Cloud Xtension, ensuring that it matches the format mentioned earlier. After entering the URL, it is crucial to announce the changes within the NTC interface. This process notifies the endpoints of the new management URL. Finally, to complete the configuration, reboot the clients. This restart will allow the clients to reconnect to the NTC using the new Cloud Xtension management URL, ensuring they are managed effectively through the external gateway.

 

NoTouch Cloud Xtension Port consideration - see image below or see video at https://www.youtube.com/watch?v=J8ctwhzmjzQ

CloudXtension2