Initial Agent Setup

Deploy two agents and see traffic pass between them - 10 minutes

In this section, we will cover the initial setup of two Trustgrid agents on separate Ubuntu hosts to demonstrate communication across a Trustgrid virtual network. Examples where this could be useful in the real world include:

  • Enabling an application server secure access to a data source on a remote server
  • Enabling a server the ability to connect via SSH to one or more remote servers without exposing any ports to the internet

High-Level Steps

  • Deploy two Trustgrid agents
  • Initiate ping between devices
  • Utilize tools to monitor traffic passing between agents

Prerequisites

  • Trustgrid Trial Account
  • Two instances of Ubuntu 22.04 x86-64/AMD64 with sudo privileges to install additional repositories and packages.
    • Both instances need to be able to make outbound connections to the internet on ports 443 and 8443 and cannot be subject to TLS inspection that alters the certificate chain.
    • Ideally, these devices should not be able to communicate with each other directly. This is not a hard requirement.

Understanding the Default Network

To facilitate a smooth trial, a default virtual network is created. This network uses the carrier-grade NAT address space 100.64.0.0/10 as an IP Pool. Agents are automatically assigned an IP address from this pool when they are attached to the virtual network and routes are automatically created to allow communication between agents on the same virtual network.

Step 1 - Setup Agents

Install First Agent

Follow the process below to install on Ubuntu 22.04 Jammy Jellyfish operating systems:
  1. From the Nodes table, click the + Add Agent button to generate an agent token.

    Add Agent Button

  2. When prompted provide a name and choose the Virtual Network the agent will connect to. Then click Add.

    Name 'agent1' and assigned to 'default' virtual network

  3. Make sure the “Ubuntu Jammy” tab is selected and then click the copy button to copy the install command to your clipboard.

  4. Login to your Ubuntu instances as a user with sudo permissions.

  5. Paste the command from your clipboard and hit enter. The install process will run automatically.

    Terminal window showing the Trustgrid agent being installed

  6. After it completes you can return to the portal and close the Add Agent panel. You should see the new agent listed in the Nodes table and online.

    agent1 shows as online

Follow the process below to run the agent in a Docker container:

  1. From the Nodes table, click the + Add Agent button to generate an agent token.

    Add Agent Button

  2. When prompted provide a name and choose the Virtual Network the agent will connect to. Then click Add.

    Name 'agent1' and assigned to 'default' virtual network

  3. Make sure the “Docker” tab is selected and then click the copy button to copy the install command to your clipboard.

  4. Login to your Docker host as a user with permissions to run containers.

  5. Paste the command from your clipboard and hit enter. The container image will download from Dockerhub and will start automatically.

  6. After it completes you can return to the portal and close the Add Agent panel. You should see the new agent listed in the Nodes table and online.

    agent1 shows as online

Determine agent1 IP address

As part of registration, each agent is automatically assigned an IP address on the Trustgrid virtual network. We will need this IP address to confirm communication between the agents in later steps.

  1. From the console of agent1, run the below command:
    ip address show dev trustgrid0
  2. Look for an IP address starting with 100.64.
Console showing the Trustgrid IP address of 100.64.0.1

Install Second Agent

Repeat the above steps on the second Ubuntu instance to install the Trustgrid agent with a name like “agent2” on the same Virtual Network and determine agent2’s IP address This should return a different IP address in the same network.

Console showing the Trustgrid IP address of 100.64.0.2

Step 2 - Confirm communication

From agent2 run the below command to ping agent1 using its Trustgrid IP address:

ping -c 4 100.64.0.1
This should generate 4 ping requests with successful responses showing traffic is traversing the Trustgrid network between the two agents.
Successful ping from agent2 to agent1

Similarly, from the console of agent1 run the below command to ping agent2:

ping -c 4 100.64.0.2
Successful ping from agent1 to agent2

Step 3 - View Flow Logs

Flow logs provide visibility Trustgrid provides into the traffic passing through agents. They show details of every connection including source, destination, protocols, and more.

View on Overview

The flow logs for agents are shown on the Overview page for each node beneath the stats.

ICMP flow logs for agents 1 and 2

View Flow Logs Table

Additionally, the flow logs table is available under History > Flow Logs.

This table includes the ability to perform advanced searches and export the flow logs to csv.

In the below screenshot, the TCP flow log from the generated web traffic steps is visible including TCP flags. TCP Flags can be very useful in troubleshooting failed connections in the past. If only the SYN flag is shown this indicates the destination ip:port did not respond to complete the TCP handshake.

Flow logs table with search for agent2

Next Steps

Now that you have the basic agent setup complete and have seen traffic passing between the agents you can proceed to test using Access Policies to control what traffic is allowed on the network.


Deploying Ubuntu VMs

Details methods for deploying Ubuntu instances required for the trial steps