As stated in the previous section on Data security, a fort does not require public incoming connections, but it does require three public outgoing connections as well as incoming connections from clients, which can be over a private network, when using a VPN, for example. This section details the purpose of each of these connections as well as details about how those connections are secured.
Fort to Mender
Mender is a service that enables Qlik to remotely update Forts at scale or on an individual basis, which is used for Tier 3 support purposes. The fort runs a service called the Deployment Manager, which connects to Mender using Mutual HTTPS/TLS. This connection is used to determine if new updates are available and to download them.
Fort to AWS IoT
You might ask, if a fort doesn’t require incoming public connections, how would Qlik Cloud notify the fort about certain events, like when it’s time for a scheduled reload to run? AWS IoT enables external devices, like a fort, to make a connection to an MQTT messaging bridge. The MQTT connection is outgoing from the fort, but these connections enable other clients of the MQTT bridge, like Qlik Cloud, to send events to the fort through the bridge and back to the fort over its outgoing connection to the bridge. This connection is secured using AWS HTTP Request Signature Signing v4.
Fort to Qlik Cloud
The fort also connects directly to Qlik Cloud for things like authorizing a user to perform a certain action since authorization settings for the space that the app is part of are stored in Qlik Cloud. These connections are secured over HTTPS/TLS with JWTs.
Client to fort
Clients, like the Hub or App Viewer have incoming connections to the fort over HTTPS/TLS with JWTs. These connections are used to send customer data back to the user’s browser, which is usually connected to a fort over a private network, for example, when using a VPN.