With the launch of IGEL Universal Management Suite (UMS) 12, the Unified Protocol used for all communication between the UMS and IGEL OS 12 devices was introduced, see Overview of the IGEL UMS. The Unified Protocol is a secure protocol that uses TCP 8443, see IGEL UMS Communication Ports. However, depending on the structure of your UMS environment, company's security policies, etc., it may be insufficient, and the use of the /wiki/spaces/ENLITEICGP/pages/74799178 IGEL Cloud Gateway (ICG) or reverse proxy may be required. In the following article, you will find pros and cons of each solution.
...
In the case of the ICG, endpoint devices connect to the ICG as well as the UMS connects to the ICG, see Devices and UMS Server Contacting Each Other via ICG. The WebSocket communication between the ICG and the UMS as well as between the ICG and the device is only established after mutual authentication, and the communication is encrypted with TLS. All data is routed through this WebSocket.
...
Legend to the image:
: Shows that the traffic in the WebSocket runs in both directions.
(multicolored): Shows from which side firewalls etc. must be opened.
...
UMS as an Update Proxy feature cannot currently be used, i.e. IGEL OS devices can download the apps from the App Portal only, not from the UMS Server. See Configuring Global Settings for the Update of IGEL OS Apps.
Higher latency and longer command execution in comparison to the reverse proxy. For large enterprise environments, the use of a reverse proxy may be considered.
...
Another possibility to route the traffic via port 8443 is to use a reverse proxy. The reverse proxy will forward the requests from devices to the UMS.
...
Legend to the image:
: Shows that the traffic in the WebSocket runs in both directions.
(multicolored): Shows from which side firewalls etc. must be opened.
...
Reverse proxy with SSL offloading is possible as of UMS 12.02. See NGINX: Example Configuration for as Reverse Proxy in IGEL OS with SSL Offloading.
The FQDN and port of the reverse proxy must be specified as a Cluster Address, see Server Network Settings in the IGEL UMS.
Info A reverse proxy / load balancer can also be used to distribute traffic from devices within the company network. For more information on network component integration, see IGEL Universal Management Suite Network Configuration.
It is advisable to use TLS 1.3 for the reverse proxy configuration.
...
Load balancing
UMS as an Update Proxy feature can be used, i.e. IGEL OS devices can download the apps from the UMS Server. See Configuring Global Settings for the Update of IGEL OS Apps.
Adds an extra layer of security (depending on the configuration)
...
In this case, IGEL OS 12 devices communicate directly with the UMS, see Devices Contacting UMS.
...
Legend to the image:
: Shows that the traffic in the WebSocket runs in both directions.
(multicolored): Shows from which side firewalls etc. must be opened.
...
port 8443 (can be changed under UMS Administrator > Settings > Web server port) must be opened in a firewall, but no other configuration is required
suitable for communication with devices within the company network
...