Skip to Main Content

Set Ops Tunnel for TroubleShooting

Refer to Overview▸. The AutoMQ BYOC environment supports Ops Tunnel, allowing user environment administrators to initiate the creation of secure and trusted Ops Tunnels that grant temporary access to AutoMQ technologists. This article introduces how to use Ops Tunnel.

Prerequisites

The principle of Ops Tunnel is that the BYOC console exposes a secure and trusted WebSocket channel that supports temporary access by AutoMQ technical staff. To use Ops Tunnel, the AutoMQ BYOC console needs to be exposed to the internet and allow connection from the AutoMQ operations platform.

You can configure it as follows:

  • Configure public internet exposure: Enterprises can create a public load balancer, attach it to the AutoMQ console, and achieve public internet exposure.

  • Firewall Policy Configuration: Enterprises can configure critical access source controls and select limited exposure ranges for the console operation channel.

Tip

When configuring network channels for load balancing, note that the AutoMQ Ops Tunnel service exposes services through port 8080.

Usage Process

Create Ops Tunnel

  1. The environment administrator logs into the AutoMQ console, clicks Ops Tunnel, and creates an Ops Tunnel.

  2. Fill in the related information for Ops Tunnel and create the Ops Tunnel.

    1. Name: Alias of the Ops Tunnel.

    2. Ops Tunnel Domain: Enter the domain and port reserved by the AutoMQ console for Public Cloud access. The format is http[s]://host:port. Ensure that this access point can be accessed by Public Cloud in advance and configure appropriate security rules.

    3. Ops Tunnel Duration: Select the authorization duration, either 24 hours or 48 hours.

  3. Click confirm to create the Ops Tunnel.

Tip

Ops tunnels can be connected within their validity period, and environment administrators can terminate and close ops tunnels in advance.

  1. After the Ops Tunnel is created, go to the Ops Tunnel details page, copy the Ops Tunnel URL, and send it to AutoMQ technicians.
Danger

Warning:

The Ops Tunnel URL contains temporary login information. Ensure that the Ops Tunnel URL is not disclosed or shared to avoid risks.

Close Ops Tunnel

AutoMQ technicians access the BYOC console using the Ops Tunnel URL within the authorized timeframe. The environment administrator can also manually close the Ops Tunnel ahead of time to reject new connections. The steps are as follows:

  1. The environment administrator logs into the AutoMQ console, accesses Ops Tunnels, and enters the details page.

  2. Click "Close Tunnel" and confirm to close it.

Danger

Note:

After the Ops Tunnel is closed, new connections cannot be established, existing active connections will be closed, and it cannot be restored later.

Inspecting Operation Audits

AutoMQ environment administrators can review historical sessions and operation logs of Ops Tunnel through the operation audit function.