NowConnect
NowConnect enables outbound‑only, agent‑mediated connectivity from on‑premises networks to cloud services, used here to access systems like LDAP without opening inbound firewall ports.
See How‑to for operational validation and health guidance.
NowConnect
NowConnect is a secure TCP tunneling service that lets cloud apps reach specific on‑prem systems without opening inbound firewall ports. A lightweight agent on‑prem makes a single outbound WebSocket to the Cloud Hub; the hub exposes TCP listeners (e.g., 389/636/22/1433) and relays bytes over that tunnel. TLS for end‑protocols (LDAPS/HTTPS/TCPS) remains end‑to‑end.
At a glance
- Protocol‑agnostic TCP: LDAP/LDAPS/GC, Kerberos (TCP), SSH, Telnet, ODBC (SQL Server/Oracle/Postgres/MySQL), and internal REST
- Single outbound
wss://tunnel from premise through corporate proxies (proxy/CA supported) - Multiplexed streams with bounded queues, backpressure, FIN/RST, and idle sweeper
- Auth: JWT on WS upgrade (audience, JWKS),
HELLO.agent_idreconciliation - Optional AuthZ: PDP on
OPEN(connector)and/or connector scopes in JWT (feature‑flagged) - Ops: Prometheus metrics, JSON logs (no payload),
/healthz/readyz, agent TCP health (OK→READY)
Visual overview
Session flow (happy path)
Key docs
- How-to: Premise Agent setup: how-to/premise-agent
- How-to: Cloud Hub deployment: how-to/cloud-hub-deploy
- Reference: Configuration (YAML/env): reference/configuration
- Reference: Wire protocol: reference/wire-protocol
- Reference: Metrics & Observability: reference/metrics
- Reference: Security model: reference/security
- Reference: IdP support and auth: reference/idp-and-auth
- Reference: Security overview: reference/security-overview
- Reference: Compliance mapping: reference/compliance-mapping
- Reference: Logging & retention: reference/logging-and-retention
- Reference: PKI guidance: reference/pki-guidance
- Reference: Ports & protocols: reference/ports-and-protocols
- Explanation: Architecture & design: explanation/architecture
- Explanation: Visual guide: explanation/visual-guide
- How-to: Connect common protocols: how-to/connect-common-protocols
- How-to: LDAPS with multiple backends: how-to/ldaps-multi-backend
Role-based guide
- CISO: Start with Security overview, Compliance mapping, and Logging & retention.
- IT Security Architect: See PKI guidance, Ports & protocols, and IdP support.
- DevOps/SRE: See Cloud Hub deploy, Enable HA, and Metrics. For k8s and rollout, see Kubernetes and upgrade guides.
- QA/Testing: See HA architecture test section and upcoming testing guide.