Table of Content:

1. Hybrid Agent Proxy Introduction
2. Hybrid Agent Proxy Advantages

1. Hybrid Agent Proxy Introduction

TIBCO Cloud allows applications running in the cloud to access any TCP-based on-premise resources via the TIBCO Cloud Integration- Hybrid Agent. The TIBCO Cloud Integration - Hybrid Agent is a proprietary secure point-to-point tunneling connection between on-premise machines and selected application containers running under the given subscription account.

There are three TIBCO Cloud components that are involved:

1. TIBCO Cloud Hybrid Agent  - is the downloadable binary intended to be used by end-users (i.e. TIBCO customers) and executed on-premise. This is a CLI tool that connects to a given application tunnel endpoint and establishes tunnel connections to all its containers.
2. TIBCO Cloud Router - exposes the secure tunnel endpoint associated with a given application.
3. TIBCO Cloud Tunnel Server (a.k.a. container-agent) - is a piece of software that runs in every container associated with applications that expose tunnel endpoints.
   

2. Hybrid Agent Proxy Advantages

The TIBCO Cloud Integration - Hybrid Agent architecture provides a number of key advantages over VPN connectivity:

• You can connect to only on-premises or private cloud (private virtual network on the cloud) resources explicitly specified on the TIBCO Cloud Integration - Hybrid Agent command line. No other arbitrary on-premises resources can be accessed from TIBCO® Cloud Integration. With VPN connectivity, whatever is exposed by the VPN server is exposed to TIBCO® Cloud Integration.

• You do not need service account credentials to run the TIBCO Cloud Integration - Hybrid Agent. For VPN connectivity, you have to add the corporate network VPN information and credentials to TIBCO® Cloud Integration. The TIBCO Cloud Integration - Hybrid Agent has more granular authentication requirements than VPN.

• The TIBCO Cloud Integration - Hybrid Agent enables secure communications without the need for you to open ports in your firewall.

• The TIBCO Cloud Integration - Hybrid Agent is lightweight, easy to install, and easy to configure with minimal technical prerequisites. The download is less than 10 MB.

• The TIBCO Cloud Integration - Hybrid Agent’s tunnels are isolated from each other. TIBCO® Cloud Integration ensures that only containers corresponding to the app associated with the specified tunnel endpoint can access the on-premises resources.

• You can configure a single instance of a TIBCO Cloud Integration - Hybrid Agent to connect to all internal (private) endpoint resources, or use multiple instances of a TIBCO Cloud Integration - Hybrid Agent to connect to each individual resource.

The TIBCO Cloud Integration - Hybrid Agent provides the following operational benefits:

• Application Scaling: If a TIBCO® Cloud Integration app with active tunnel connections is scaled down, the tunnel connections for the deleted instances (app docker containers) are automatically terminated. In a similar way, when an app is scaled up, the TIBCO Cloud Integration - Hybrid Agent process automatically discovers the new app instance and a new tunnel connection is created for the new container.

• High Availability (HA): The TIBCO Cloud Integration - Hybrid Agent is designed to work in HA mode. Multiple tunnel connections can be established at the same time by starting multiple TIBCO Cloud Integration - Hybrid Agent processes, ideally on different machines or physical locations, and connecting to the same endpoint. When a given on-premises resource is reachable by more than one tunnel, the first tunnel, in the order of connection, is used, and all others are in standby mode, ready to be used if the first tunnel fails.

• Fault Tolerance (FT): When a tunnel connection fails, for example, due to temporary network errors, the TIBCO Cloud Integration - Hybrid Agent process attempts to reconnect every 10 seconds. If the TIBCO Cloud Integration - Hybrid Agent was started in HA mode (see above), the first available standby tunnel becomes the active tunnel. When the initial tunnel connection is re-established, the new connection becomes a new standby tunnel.