SSH Gateway

Description

SSH Gateway is a highly configurable, production quality ssh-based solution that customers can choose to implement if they have private, on-premise data stores that need to be accessed by their Ascend environment. This is a premium level feature which requires the ENTERPRISE subscription tier.

SSH Gateway provides the following benefits:

  • Simple Configuration
  • Single-service access (No extra Network ACLs are required to limit traffic to different hosts)

Preliminary Step

In order to establish an SSH connection with Ascend, Ascend's Public Key has to be stored in the Bastion Host.
Ascend's Public Key can be found under the Admin Tab, in the Cluster Management Menu.

SSH Public Key location on Cluster Management MenuSSH Public Key location on Cluster Management Menu

SSH Public Key location on Cluster Management Menu

Information Required

This solution requires Ascend to collect network information that is specific to your site. Please work with your customer success representative to collect the following required pieces of information:

  • Service name (required): A short friendly name for the data store e.g. redshift or mysql. This should be a short text string that does not contain any special characters (also, do not use an underscore).
  • Service Hostname (required): What is the hostname of the target data store we're connecting to
  • Service Port (required): This is the port on which the desired service is accessible, e.g. 5439 for Redshift
  • Bastion Hostname/IP (required): This is the location of the bastion host.
  • Bastion IPv6 (optional): If you need IPv6 for your bastion host, indicate that here (if you don't include this you will get IPv4)
  • Bastion SSH User (required): What username will Ascend use to connect to the bastion host.

Example Configuration

  • Service name (required): redshift
  • Service Hostname (required): myredshift.randomid.us-east-1.redshift.amazonaws.com
  • Service Port (required): 5439
  • Bastion Hostname/IP (required): mybastion.ascend.io
  • Bastion IPv6 (optional): False
  • Bastion SSH User (required): ascend

📘

Hostname to use Ascend UI Connections

Once Ascend configures the SSH gateway on your environment, and your bastion host is also set up, you will use a hostname that takes the form ssh-proxy-<Service name>.default.svc.cluster.local. For example, if your service name above was "redshift", then you would use ssh-proxy-redshift.default.svc.cluster.local as the hostname within connections in the Ascend UI (instead of the actual service's hostname), to connect through the SSH gateway to this specific data source.


Did this page help you?