How do you deploy appliances?
Trustgrid hardware appliances can be pre-configured before shipping to the install location or configured via console or local UI. Virtual appliances can be configured prior to download at the install location. Cloud appliances can be deployed via Terraform or AWS Cloudformation.
How can I deploy applications on a Trustgrid Node?
Trustgrid Nodes can host applications deployed as Docker containers or virtual machines (KVM format). Applications are deployed using Trustgrid’s Portal or API.
How can I connect a SaaS application to a customer site with Trustgrid?
The first step is to deploy Trustgrid Nodes in your public cloud or datacenter configured as Gateway Nodes and allow a single, inbound TCP/UDP port per Node. Then you will deploy a Trustgrid Node(s) in your customer's environment. The Trustgrid Node will automatically build a tunnel to your Trustgrid Gateway Nodes. Specific hosts or networks must be exposed by configuring NATs on each side.
Trustgrid also offers support for IPSec and WireGuard protocols to offer a low-cost method to connect to customer sites without a Trustgrid Node installed.
How does high availability work for pairs of Trustgrid Nodes?
Trustgrid Nodes offer active/passive high availability that is managed via a heartbeat over user-configured ports between the nodes. The time to failover is also user-configured. Failover occurs based on a determination of a down WAN connection by Trustgrid’s management tools.
How does disaster recovery work for Trustgrid Nodes?
Frequently Trustgrid Nodes are configured to failover to other environments (public cloud or datacenters). This is done by defining route priorities similar to other failover configurations. Trustgrid nodes monitor all routes and initiate failover when a route is determined to be unhealthy.
What types of traffic are supported through a Trustgrid tunnel?
Trustgrid tunnels offer full layer 3 tunnels for support of almost all layer 3 traffic. Enhancements have been made to support SFTP and FTP as well. ICMP is supported.
What is required to establish a tunnel between Trustgrid Edge Nodes?
Trustgrid tunnels can be established using either TCP or UDP. When Nodes are installed behind firewalls, Edge Nodes must be able to connect outbound to the internet over a user defined port. Gateway Nodes installed behind a firewall need to accept an incoming connection on the user defined port.
What encryption standards are used to protect transmitted data?
On Trustgrid TLS tunnels mutual, certificate based authentication is used with the ECDHE-RSA-AES256-GCM-SHA384 encryption cipher. On Trustgrid UDP tunnels mutual, certificate based authentication is performed using Poly1305 and encryption is performed using the ChaCha20 protocol.
How does monitoring work within the Trustgrid platform?
Trustgrid monitors the health of all Nodes from Trustgrid’s centralized management tools. Alarms are raised based on dozens of built-in alerts. Performance of each Node (CPU, bandwidth, disk space, etc) can be monitored globally or individually. Any alert can be matched to a user defined Alarm. Alarms include a filtering method (node name, severity, etc) and is paired with a Channel or Channels. Channels enable Alarm integration to third party tools such as Pager Duty, Slack, Teams, or other tools.
Can Trustgrid integrate with third party monitoring tools?
Yes. Trustgrid supports traditional monitoring tools with SNMPv3, Netflows, and ICMP to any node. Additional log and telemetry data is available via the Trustgrid API.
What authentication providers does Trustgrid support?
Trustgrid utilizes user authentication for portal access as well as to connect to remote applications deployed on Trustgrid Nodes. In both scenarios customers can configure any OpenID compliant identity provider. Trustgrid specifically supports Okta, Azure AD, AWS Cognito, Auth0 and others.
How can I support an on-premise or remote application?
Any on-premise or remote application can be exposed on the Trustgrid Network or over the public internet. If over the public internet applications are typically configured to only permit traffic from a Trustgrid Network. Once exposed on the Trustgrid Network customers’ support teams can connect to applications or hosts using the Agentless Portal for SSH, RDP, or HTTP/S access rendered in HTML5. Alternatively, support teams can use WireGuard agents to utilize local applications such as an RDP or SSH client.
How is the Trustgrid appliance secured?
The Trustgrid devices only accept remote management commands from the Trustgrid control plane. The base configuration does not expose any listening ports.
How are the Trustgrid VPN tunnels secured?
- The Trustgrid VPN tunnels utilize certificate-based, mutual authentication, TLS 1.2 tunnels. Edge devices make outbound connections only. This allows them to be placed behind a firewall easily and requires no inbound ports to be exposed to the internet.
Do you update the software on the Trustgrid (VPN) device? How are upgrades managed? Are Operating System security updates included?
- The Trustgrid control plane system includes centralized update management. The update process includes security updates for the operating system and all installed packages.
- Updates can be initiated manually in the Trustgrid Portal or through scheduled maintenance windows.
How frequently are the devices upgraded?
Updates are deployed when significant features, bug fixes, or security updates are made available. Usually, this is about once per quarter. If any critical security issues are identified those upgrades will be made available as soon as possible.
How are passwords managed on the Trustgrid device?
Trustgrid uses certificate authentication for the devices and certificates are centrally managed via the Trustgrid system such that no user has access. Thus there is no password to rotate.
What remote tasks can be performed from the device?
The Trustgrid management system allows authorized users to perform a limited set of commands on the remote devices. These commands include common network troubleshooting tools such as ping, arping, and netcat (nc). Additionally, upgrades can be triggered remotely through the Trustgrid system.
Is anti-virus installed on a Trustgrid appliance? Can I install my anti-virus / 3rd party agents on a Trustgrid appliance?
No. Trustgrid is always installed as an appliance - all software including the operating system, libraries, and Trustgrid code is installed by Trustgrid and only Trustgrid. No other software can be installed on a Trustgrid node without prior approval. All software on a Trustgrid node is scanned for vulnerabilities and malware prior to installation eliminating the need to scan on the node itself.
Antivirus and Malware Detection are needed on General Purpose (GP) computing environments, to mitigate risks incurred when a user or a process loads arbitrary executables from indeterminate sources. These risks are typical to GP computing environments, where users can execute code with minimal policy. Trustgrid’s appliance is pre-hardened and restricted to prevent arbitrary execution by any user and therefore does not support the installation of third-party software including agents.