Viewing Secure Tunnel

With the Secure Tunnel tool in the IBM Cloud Pak for AIOps console, you can get the application mapping URL that can be accessed by your integration. In addition, you can view the configuration details and status of all tunnel connections and application mappings. If you have not accessed the Secure Tunnel web console previously, read this.

Secure Tunnel Components

There are four components on the Secure Tunnel page in the console that you can use to manage your connections. To access these, go to Administration > Secure Tunnel.

  • Manage connections

    Use Manage connections to manage your connections to remote networks, A connection links the network containing the Secure Tunnel to a remote network. Your applications can reside on either side of the connection. Secure Tunnel includes connection templates for common scenarios(ChatOps, VMware, Turbonomic). You can also create custom connections to support additional scenarios.

  • Manage templates

    Use Manage templates to manage your templates. This tool can help you create a new connection quickly. Secure Tunnel has pre-defined templates for common scenarios, but users can also create templates for their special requirements. Find out more about using templates

  • Audit operations

    Use Audit operations to check Secure Tunnel configuration changes, such as tunnel connection or application mapping configuration changes for auditing. Find out more about auditing Secure Tunnel

  • Audit traffic

    Use Audit traffic to check open/close connection events traffic and see the total amount of data that is sent or recieved from the specific connection listed in the close event. Find out more about auditing Secure Tunnel

Viewing tunnel connection list

Go to Administration > Secure Tunnel. In the Manage connections page, you can see the tunnel connection list with the following columns:

  • Name: Name of the tunnel connection. Click the name of the tunnel connection in the Manage connections page and you are redirected to the Application mappings page and the Connection details page.

  • Connectors: The number of connections. This indicates how many Connectors connect to the tunnel worker.

  • Application mapping(valid/total): The number of valid application mappings and the total number of application mappings that are passing this connection. You can click the entry in this column to go to the application mappings page for more details. See Viewing the application mappings.

  • Direction: The relationship between the Secure Tunnel and the Connector. A Connector in a private network initializes a connection to a Secure Tunnel in a public network or a Secure Tunnel in a private network initializes a connection to a Connector in a public network

  • Allowed list: The IP addresses and ports that are exposed across this connection by using application mappings.

  • Created: The date and time when the Connector was created.

  • Certificate expiration: Expiration time of certificates.

  • Status: Indicates whether the tunnel connection is accessible. Three kinds of status are provided:

    • Pending: This means that the tunnel connection is creating the tunnel worker. When the connection in in Pending status, you can't install the Connector for the connection.
    • Waiting: This means that tunnel worker is ready, but no Connector is connecting to it. You need to install a Connector and create application mapping for this connection.
    • Ready: This means that the connection is ready.
    • Error: This means that there are some errors with the tunnel connection. Hover over the status to see the detailed error message.
    • Incomplete: This means that the application mapping for the connection is invalid.

  • Tags: Used to signify the tunnel connection.

Viewing the application mappings

Go to Administration > Secure Tunnel. This opens the Manage connections page. Click the number in the Application mappings (valid/total) column. You are redirected to the Application mappings page. This provides details of all the application mappings of a connection.

  • Name: Name of the application mapping.
  • Creator: User that creates the application mapping.
  • Application original address: The private address of the application that you want to expose.
  • Application mapping address: The application mapping URL. You can access the private application by this mapping address.
  • Network policy: To control the traffic flow at the IP address or port level for this application.
  • Created: Time when the application mapping was created.
  • Status: Indicates whether the application mapping is accessible. Three kinds of status are provided:
    • Error: This means that there are some errors with the application mapping. You can move the mouse up to see the detailed error message.
    • Incomplete: If the application mapping status is Incomplete, hover your mouse pointer over the Status column to discover the problem. It could be that you did not install the Connector or that Connector is still waiting to connect. If a port conflict is indicated, uninstall the Tunnel connector, resolve the port conflict, and then re-install the Tunnel connector.
    • Ready: This means that the application mapping address is accessible.
  • Tags: Tags of the application mapping.

Certificate expiration

When the certificate for the Secure Tunnel connection expires, the IBM Certificate Manager renews it. The Secure Tunnel worker server automatically reloads the certificate, but the Secure Tunnel connector does not. You must download a new Secure Tunnel connector installation script, and then uninstall and reinstall the Secure Tunnel connector. For more information, see the instructions in Install the Secure Tunnel Connector.