Convertigo Cloud is the cloud based technology developed by Convertigo to enable Convertigo servers to run in the cloud requiring no IT resources from enterprise. Convertigo cloud is based on Amazon’s EC2 IaaS (Elastic Compute Cloud) technology. This article describes how Convertigo cloud can access enterprise resources located behind the company’s Firewall.
The most important challenge is about security. How can an enterprise be sure that only Convertigo Cloud only will access some of the precious enterprise resources? The problem can be solved by using two techniques:
- Checking Convertigo Cloud IP addresses.
- Establish an SSLv3 secured connection over the net and checking the client SSL Certificate.
Also, having precious data transferred on the Internet is not suitable for most of the enterprises. This is why all traffic should be made using the SSLv3 protocol. Convertigo Cloud supports most of the protocols over SSL:
- HTTPS (For HTML/ Ajax resources)
- SOAP/REST/JSON over HTTPS (Web Services)
- TN5250, TN3270, TNVIP over SSLv3 (Mainframe and Legacy resources)
That is why firewalls should be configured to only accept SSLv3 connections and to check a given client certificate. Convertigo Cloud supports one unique client certificate by enterprise customer. This means that only a given enterprise’s Convertigo Cloud will be able to connect to its enterprise network. This SSL Client certificate has to be provided by the Enterprise and is mandatory for any Convertigo Cloud subscription.