Remoteler implements native database wire protocols for supported SQL & NoSQL databases with certificate-based authentication, RBAC, and database activity auditing features.
To better understand the concepts used in the diagram below, we recommend taking a look at Remoteler Basic Concepts first. The architecture diagram assumes that database instances and clients can be located on different private networks, and only Remoteler Proxy offers a publicly accessible endpoint:
Remoteler Database Access is simple because all Remoteler components in the diagram are implemented in a single dependency-free executable which can run as a Linux daemon or in a Kubernetes pod.
tshcommand to authenticate and receive short-lived certificates.
mysqlcommands, enabling smooth user experience.
Remoteler Database Access currently supports the MariaDB, Microsoft SQL Server, MongoDB, MySQL, PostgreSQL and Redis protocol.
For PostgreSQL and MySQL, the following Cloud-hosted versions are supported in addition to self-hosted deployments including Amazon RDS, Amazon Aurora (except for Amazon Aurora Serverless, which doesn’t support IAM authentication), Amazon Redshift, Google Cloud SQL, and Azure Database.
Let’s consider what happens when a client needs to connect to a database.
tsh login --proxy=proxy.remoteler.netcommand. This command triggers the Single Sign-On (SSO) sequence with an identity provider (Remoteler offers a built-in database of users too). After a successful authentication,
tshreceives a short-lived x.509 certificate and stores it on a client side, usually in
tsh db login. This command will configure the database client such as
psqlwith a Remoteler Proxy Service address and the selected database. The list of available databases can be printed with
tsh db lscommand.
mysqlas usual, to connect to the selected database.
The audit information is collected by the Remoteler Auth Service. Remoteler logs the following information:
The location of the audit log is configurable. The following locations are supported:
Remoteler relies on the storage back-ends to provide the encryption at rest capabilities. Remoteler uses a documented JSON format for the audit log events, making it easy to export audit log events into external SIEM tools or general purpose solutions such as Splunk or Elastic.
Example of a JSON event recorded in Remoteler Audit Log:
To learn more about Database Access, take a look at Remoteler Documentation.