Sometimes it’s necessary and desired to access data or run processes from a remote system that does not allow external access. This is common in enterprise environments behind firewalls. PlaidCloud allows this ability by using PlaidLink, which enables remote systems access behind a firewall or where direct access from PlaidCloud is not desired.
PlaidLink uses an agent-based system. This means that an agent, the remote user, is installed on a system inside the firewall or other restricted area. The agent can then connect to PlaidCloud by using an outbound initiation process over a secure HTTPS websocket connection. It is as secure as any other encrypted web connection and usually does not require you to open non-standard ports. Before gaining access, the agent must identify itself by sending its agent identifier. From this, if the agent has a successful authentication process, the agent is granted access to the approved operations.
PlaidLink can be installed on Windows, Unix, and Linux systems and can run under low privilege users. On Windows systems, PlaidLink can operate as a Windows Service with full control from the Service panel. On linux or unix systems, it can run as a deamon process.
To manage agents:
This brings you to the PlaidLink Agents Table where you can view, modify, and obtain credentials for the list of available agents.
To create an agent:
Note: Any information not present on the new agent form will be automatically generated.
To configure PlaidLink agents on the remote system, you must first obtain the agent’s identifying information in order to maintain security. This information includes both a public and a private key.
To obtain these keys:
This will open a form where you can view the public and private key values.
Please see the PlaidLink installation documentation if you need to install the agent: :doc:’../../../plaidlink/getting_started.rst’
It is a good idea to periodically regenerate the public and private keys and update the configuration of remote systems in order to maintain security.
To regenerate the credentials:
Once the credentials have been regenerated, they can be obtained in the same way a new agent’s credentials are obtained (described above).
To disable an agent:
Note: When an agent is not marked as active, remote systems will not be able to connect using those agent credentials.
PlaidLink is designed to allow operation of multiple agents using a single service installation. Such a streamlined installation system permits one install to handle agents from multiple workspaces and / or agents with different levels of permissions for task execution.
To enable multiple agents, you simply add the agent credentials to the PlaidLink configuration file.