NoTouch Cloud Xtension is an extension of your existing or Data Center NoTouch appliance that allows you to extend management of your NoTouch OS endpoints to connections outside of the data center. Using the same version of NoTouch appliance configured as below allows the endpoints to take advantage of Enterprise Management without sacrificing security
*Please ensure your are using NoTouch Center 4.4.30 minimum version
1. First setup you Primary NoTouch Center instance, this will be the instance in your data center 2. Second setup your Cloud Xtension Instance this will be the external public facing instance
Make sure that "Primary NTC can contact "Cloud Xtension” via SSH port 22. (no traffic is going from external to internal.) There will be a secure tunnel established from NTC to Cloud Xtension
Now open the Settings page in NTC. Scroll down to "Cloud Xtension" \ SSh Public Key. Copy the key. Fill in the Gateway Address (internal IP) of your Cloud Xtension.
Go to Cloud Extension Virtual Appliance console. Click "Cloud Xtension. Switch it on. Paste the copied SSH Public key from NoTouch Center in the field there. Be sure to copy the SSH key (first) and click save for each option
Reboot NTC and Cloud Xtension Virtual Appliances
Your External NoTouch OS devices should be configured with the URL of your newly configured cloud gateway as management URL.
Note: Cloud Xtension will not provide a Managment interface as this is for managing data flow for your NoTouch Endpoints. Management will be through your internal NoTouch Center management URL
Verify successful connection to Cloud Xtension
You should be able to verify that NoTouch Center successfully connection to your Cloud Xtension, In NoTouch Center \ Resources \ About \ Connected to Cloud Xtension (image below)
- Administrators must be able to open connections to random TCP ports in the range 49152 - 65535 to NoTouch Center, so please ensure these are open for any firewall rules on your perimeter network.
- These ports are IANA-assigned for private use and no well-known ports use these services. You are not risking opening access to some service that might be running. That is strictly for on-demand shadowing and assigned randomly. If you think about making that range smaller, think twice, that makes it actually less secure!
For remote shadowing capabilities, you will need to allow Port 6667 from external address's to your Cloud Extension IP \ FW
Client OS Image update
The normal Client OS image update process will work as defined, there is no need to use Alternate FW Pool option unless you want the client devices to specifically use a different source than the default system assigned.
Client Management URL
After the setup is complete, your remote NoTouchOS Endpoints will use the External IP (FQDN) of your Cloud Xtension for the Management URL. Example: mgmt.mycompany.com/easyadmin/servlet/XmlRPC
NoTouch Cloud Xtension Port consideration - see image below or see video at https://www.youtube.com/watch?v=J8ctwhzmjzQ