SSL Support

The PowerConnect Cloud web ui can be secured with SSL. An external web server must be configured to do the ssl offload. Follow the steps below relevant to your environment.

AWS

In AWS we can use an Elastic Load Balancer (ELB) to perform the SSL offload and secure the PowerConnect web ui:

  1. Generate a SSL certificate using ACM or another certificate provider

  2. Create an ELB

    • Login to your AWS account

    • Browse to the EC2 service

    • In the menu on the left choose Load Balancers

    • Click the Create Load Balancer button

    • Click Create in the Application Load Balancer section

    • Give the ELB a name, choose HTTPs as the listener and pick which VPC and availability zones to create the ELB in

    • Click Next

    • Choose the certificate you created earlier (either through ACM or by uploading) and the Security Policy (ELBSecurityPolicy-2016-08 is the default)

    • Click Next

    • Create a new security group which allows inbound https traffic on port 443

    • Click Next

    • Create a new Target Group

    • Click Next

    • Add the PowerConnect Cloud instances to the registered targets using port 3000

    • Click Review then Create and the infrastructure should then be provisioned

    • The PowerConnect web ui should now be available on https://<your-elb-address>

Azure

In Azure we can use an Application Gateway to perform the SSL offload and secure the PowerConnect web ui:

  1. Generate a SSL certificate using a certificate provider

  2. Create an Application Gateway

    1. Login to the Azure Portal

    2. Click Create a resource

    3. Search for Application Gateway then click Create

    4. Fill out the details including the Application gateway name and min and max instance count. Either choose and existing Virtual network for the application gateway to reside or create a new one:

    5. Click Next

    6. Add new new public/private ip address (depending on UI access requirements):

    7. Add a new backend pool for the PowerConnect Cloud virtual machines. Add each server ip or virtual machine running PowerConnect Cloud to the targets:

    8. Click Add then click Next

    9. Clikc Add a routing rule

    10. Create a HTTP listener and rule for PowerConnect Cloud. Upload or choose a SSL certificate from the Key Vault:

    11. Click Backend targets

    12. Choose the backend pool created previously:

    13. Add a new HTTP Setting. By default the PowerConnect UI listens on port 3000:

    14. Click Add

    15. Click next and add any tags

    16. Click Next

    17. The validation should pass:

    18. Click Create to create the Application Gateway. The resources will now be deployed.

    19. Find the public ip address of the Application Gateway you just created and browse to it over HTTPS.
      The PowerConnect UI should appear: