Securing Redis traffic to Orient Me (Windows)

If your deployment runs HCL Connections on Windows, secure Redis traffic by creating a tunnel between Connections on Windows and the Orient Me services (running on Linux). This is an optional, but recommended, step.

Before you begin

These instructions explain how to create the SSH tunnel using PuTTY configured to run as a service. To perform this task, you must install the following software:
  • For Orient Me:
    • Open SSH
  • For Connections:
    • PuTTY
    • Redis client

Procedure

On Connections, set up the SSH connection:

  1. In PuTTY, enter the host name or IP address of the Kubernetes master node, make sure the "Connection Type" is SSH, and enter a name of your choice in the "Saved Sessions" section.

    PuTTY Configuration options
  2. Click Category > Connection > SSH > Tunnels and select the ports for "Source" and "Destination".

    The Source port will be 30379 (default Redisnode_port) and for convenience, this example uses the same port as the destination.

    For "Source Port" enter the Redisnode_port and as the "Destination" enter 127.0.0.1:destination (in this case 127.0.0.1:30379). Press "Add" and you will see something like this: PuTTY configuration values

  3. Select Category > Session and click "Save" to ensure that the changes can be loaded in the future.
  4. Click Open.
    A PuTTY session launches.
  5. Log in to the server as normal and exchange keys if prompted.
  6. To test if the tunnel is working, right-click on the PuTTY window and select Event Log.
    If the tunnel has been set up correctly, the log will contain an entry informing you of local port forwarding. PuTTY Event Log
  7. Test the tunnel connection.

    To test the tunnel connection, you can use any Redis management tool. The following example uses Redis Desktop Manager (available at https://redisdesktop.com). Start by opening the Redis Desktop Manager and selecting Connect to Redis Server.

  8. Enter the following for the tunnel connection:
    • Name: enter a name of your choice for the connection. For example: ssh_tunnel
    • Host: set to localhost
    • Port: the port number used for the destination in the tunnel. For example: 30379.
    • Auth: the Redis password configured.

      Once you have set your details, press "Test Connection". If everything is correct you will see a success message.

  9. Click Test Connection. X
    If everything is correct, you will see a success message:Successful connection to the redis-server.
  10. Click OK to dismiss the status window then click OK to close the configuration window.
  11. Click Import/Export and export the tunnel setup for future use.
    Tip: Double-click a tunnel name to view and manage all of the running Redis databases.