In Hybrid Cloud models, we deploy the iconik Storage Gateway onto on-premise networks.
This daemon is responsible for managing files and storage for iconik. No communication can be instigated from iconik to the iconik Storage Gateway and all communication is instigated from the iconik Storage Gateway up to iconik. This means that you can be sure that iconik Storage Gateway doesn't not have to be open from the outside world whilst living on your network. Commands can still be issued from iconik to the iconik Storage Gateway as the gateway periodically polls iconik for instructions.
The iconik Storage Gateway can be firewalled so that no incoming connection can be established, and we suggest that you do this. It only needs outbound HTTPS port 443 open for communicating with the iconik Cloud Service. You can configure the iconik Storage Gateway to function through an https proxy but it is not recommended as it can lead to performance degradations. It is recommended that the iconik Storage Gateway has a direct connection to iconik and the cloud storage vendor you use. You can limit which ports and ip addresses the iconik Storage Gateway can communicate with to the ones listed in our Ports and IPs listings
No VPNs are needed in the standard security model for iconik. If you are an enterprise customer and wish to utilise VPNs for all traffic between on-premise and iconik please contact sales and support. Please note that it may also require access to Cloud Storage.
- Keep the server running the iconik Storage Gateway secure and patched with the latest security updates.
- Consider scanning content that will be uploaded into iconik for malware as iconik or the iconik Storage Gateway does not perform any malware scanning. Media Files, Spreadsheets, PDFs and many other filetypes are at risk and even if it has no consequence to iconik, end users will still be able to download and distribute them using iconik