Deployment scenariosΒΆ
Note
It is advised to design network topology, so FUDO only mediates administrative connections. It will allow lowering system load, network traffic optimization as well as maintaining access to hosted services in case of hardware malfunction.
Bridge
In bridge mode FUDO mediates communication between users and servers regardless whether the traffic is being monitored (i.e. it uses any of supported protocols) or not.
![../../_images/deployment_bridge.png](../../_images/deployment_bridge.png)
When mediating the traffic, FUDO preserves source IP address when forwarding requests to destination servers.
![../../_images/deployment_bridge_ip_spoof.png](../../_images/deployment_bridge_ip_spoof.png)
Such solution allows keeping existing rules on firewalls which control access to internal resources.
For more information on configuring bridge refer to the Network configuration topic.
Forced routing
Forced routing mode requires using a properly configured router. Such solution allows controlling network traffic in third ISO/OSI network layer, so only administrative requests are routed through FUDO and the rest of the traffic is forwarded directly to the destination server.
![../../_images/deployment_router.png](../../_images/deployment_router.png)
This mode does not require changes in existing network topology and enables network traffic optimization due to separating requests from system administrators and regular users.
Connection modes
Transparent
In transparent mode, users connect to destination server using given server’s IP address.
![../../_images/deployment_transparent.png](../../_images/deployment_transparent.png)
Gateway
In gateway mode, users connect to destination server using the server’s actual IP address. FUDO mediates connection with the server using own IP address. This ensures that the traffic from the server to the user goes through FUDO.
![../../_images/deployment_gateway.png](../../_images/deployment_gateway.png)
Proxy
In proxy mode, administrator connects to destination server using combination of FUDO IP address and unique port number assigned to given server. Uniqueness of this combination enables establishing connection with a particular resource.
![../../_images/deployment_proxy.png](../../_images/deployment_proxy.png)
Such approach enables concealing actual IP addressing and allows configuring servers to only accept requests sent from FUDO.
Bastion
In bastion mode, target host is specified within the string identifying the user, e.g. ssh john_smith#mail_server@10.0.0.8
.
![../../_images/deployment_bastion.png](../../_images/deployment_bastion.png)
Related topics: