Document toolboxDocument toolbox

Configuring the PowerConnect Agent UI to use SSL

Owned by Ben Bramley
Last updated: Aug 17, 2023
5 min read

Overview

The PowerConnect Cloud web ui can be secured with SSL. As of PowerConnect Cloud version 2.1.0 an external web server is no longer required. Follow the steps below relevant to your environment.

Local Web Server

As of PowerConnect Cloud 2.1.0 SSL is supported natively by the local web server as part of the software. The enable SSL for the PowerConnect web ui:

  1. Obtain a pem file containing the private key and certificate for the host where the PowerConnect Cloud agent is running

  2. Login to the PowerConnect Web UI, click the Configuration tab then click Certificates

     

  3. Click the Import Certificate button

  4. Give the certificate an alias and then click Choose file and select the pem file containing your private key and certificate

     

  5. Click Import and you should see your newly imported certificate in the Certificates table

     

  6. Click the Web Server tab

  7. Check the Enable SSL checkbox and click Save

     

  8. Restart the PowerConnect Cloud agent

  9. The PowerConnect Cloud agent web ui should now be accessible over SSL

AWS

In AWS we can use an Elastic Load Balancer (ELB) to perform the SSL offload and secure the PowerConnect web ui:

  1. Generate a SSL certificate using ACM or another certificate provider

  2. Create an ELB

    • Login to your AWS account

    • Browse to the EC2 service

    • In the menu on the left choose Load Balancers

    • Click the Create Load Balancer button

    • Click Create in the Application Load Balancer section

    • Give the ELB a name, choose HTTPs as the listener and pick which VPC and availability zones to create the ELB in

    • Click Next

    • Choose the certificate you created earlier (either through ACM or by uploading) and the Security Policy (ELBSecurityPolicy-2016-08 is the default)

    • Click Next

    • Create a new security group which allows inbound https traffic on port 443

    • Click Next

    • Create a new Target Group

    • Click Next

    • Add the PowerConnect Cloud instances to the registered targets using port 3000

    • Click Review then Create and the infrastructure should then be provisioned

    • The PowerConnect web ui should now be available on https://<your-elb-address>

 

Azure

In Azure we can use an Application Gateway to perform the SSL offload and secure the PowerConnect web ui:

  1. Generate a SSL certificate using a certificate provider

  2. Create an Application Gateway

    1. Login to the Azure Portal

    2. Click Create a resource

       

    3. Search for Application Gateway then click Create

       

    4. Fill out the details including the Application gateway name and min and max instance count. Either choose and existing Virtual network for the application gateway to reside or create a new one:

       

    5. Click Next

    6. Add new new public/private ip address (depending on UI access requirements):

       

    7. Add a new backend pool for the PowerConnect Cloud virtual machines. Add each server ip or virtual machine running PowerConnect Cloud to the targets:

       

    8. Click Add then click Next

    9. Clikc Add a routing rule

       

    10. Create a HTTP listener and rule for PowerConnect Cloud. Upload or choose a SSL certificate from the Key Vault:

    11. Click Backend targets

    12. Choose the backend pool created previously:

    13. Add a new HTTP Setting. By default the PowerConnect UI listens on port 3000:

    14. Click Add

    15. Click next and add any tags

       

    16. Click Next

    17. The validation should pass:

       

    18. Click Create to create the Application Gateway. The resources will now be deployed.

    19. Find the public ip address of the Application Gateway you just created and browse to it over HTTPS.
      The PowerConnect UI should appear: