Skip to main content

Machine Access

Updated

Machine Access Tunnels are used for devices/services/apps that do not use the Dymium Client. Some examples include a web application, a cloud BI tool or a developers workstation. These devices/services/apps connect to the Machine Tunnel using PostgreSQL just like they would connect directly to a PostgreSQL database server.

Machine Tunnels are deployed as a lightweight docker container. Generally Machine Tunnels are deployed on a network without external access, or at least a strict ACL/Firewall controlling which IP addresses have access to the Machine Tunnel. The machine tunnel itself does not require inbound access. It uses an outbound mTLS tunnel to talk to the Dymium platform

 

Creating a new machine tunnel

 

To create a new tunnel, navigate to "Add Machine Tunnel", enter a "Machine Tunnel Name" and select the "Groups" that can use this Machine Tunnel. Only Ghost Databases that have these groups assigned will be available through this machine tunnel

Click "Apply"

This will change the tab automatically to "Edit Machine Tunnels". The following information is listed:

  • Machine Tunnel Name
    • The name you configured in the previous step
  • Access Key and Access Secret
    • Together with Access Secret, this is used to identify the Machine Tunnel to the Dymium platform
  • Ghost Database Username and Password
    • These credentials can be used to access the Ghost Databases available to the groups configured. Usually used by applications that don't have their own user account
    • It is also possible to access the Ghost Databases using one's own credentials
  • Groups
    • The groups you have configured in the previous step can be changed here

If you make any change to the "Machine Tunnel Name" or "Groups", click Update

 

Client Downloads and Use

Here you can download the docker image, as well as see the configuration needed to run the Machine Tunnel. The Docker image is hosted on a public repository.

The docker run command shown is specific to your Dymium tenant, as it includes the portal URL which can be different, as well as the tunnelserver URL which is unique to each tenant

 

Powered by Zendesk