Overview
Hybrid Distribution as part of JFrog Platform on the cloud, supports the distribution of your Release Bundles from JFrog Distribution on the cloud to multiple Cloud and On-Prem Edge nodes within the same organisation. Enterprise customers can develop their software using the JFrog Platform on the cloud while gaining the flexibility of consuming the software on the Cloud and On-Prem.
Hybrid Distribution supports:
- Balancing your distribution workloads in response to changing workloads, new challenges, and increasing security requirements.
- Distributing sensitive, highly regulated, and mission critical Release Bundles to Artifactory On-Prem Edges while using the JFrog Platform on the cloud for mainstream public distributions and thereby gaining significant cost savings.
Available JFrog subscription levels:
Cloud (SaaS)
Hybrid Environment Requirements
The Artifactory On-Prem Edge node within the JFrog Platform on the cloud is commonly located within the corporate network protected by a firewall. Within your corporate network, you can choose to set up the On-Prem Edge within a DMZ (Demilitarised Zone) or alternatively build a VPN tunnel or using any other secure method.
Enable Ingress Traffic for Hybrid Distribution
The JFrog distribution process requires enabling ingress communication between the JFrog Platform on the cloud and Artifactory On-Prem Edge nodes. Please ensure that your corporate firewall is configured to accept this type of traffic.
Setting up Hybrid Cloud Distribution
The workflow for adding the an Artifactory On-Prem Edge Node to the JFrog SaaS environment includes:
- Install an Artifactory On-Prem Edge node and register your Artifactory Edge node in the Artifactory SaaS cluster.
- Establish a Circle of Trust between the SaaS environment and the On-Prem Artifactory Edge node.
- Secure the Distribution process using Public GPG keys.
On-Prem Data Transfer Tracking
The on-premises Artifactory Edge node usage and billing is tracked directly via MyJFrog.
Prerequisite
- Set up your JFrog Platform on the cloud in the MyJFrog portal. For more information, see Get Started: Cloud.
- Set up your predefined GPG key pair.
- Artifactory Edge node requires a valid license. The license for on-premises Artifactory Edge node is allocated using Bucket License mechanism.
- Obtain a license bucket directly in your account in the MyJFrog portal.
Once your license bucket is created, you will receive an email with a link to a dedicated web page. - Add the License Bucket in the JFrog Platform on the cloud by navigating to Administration module | Licenses| License Buckets, and click Add New Bucket. For more information, see Adding a License Bucket.
- Obtain a license bucket directly in your account in the MyJFrog portal.
Step 1: Set up the On-Prem Artifactory Edge Node
- Install the Artifactory Edge Node.
- Register your Edge Node as a JFrog Platform Deployment (JPD) in Administration module | Platform Deployments. For more information, see Managing Platform Deployments.
- Attach the License from the license bucket to the Edge Node via Administration module | Licenses | License Buckets. For more information, see Attaching Licenses.
Step 2: Establish the Circle of Trust
- Obtain the
root.crtby running the Get Root Certificate REST API. - Establish a "Circle of Trust" between the existing JFrog services, and the newly configured Edge instance, by copying the service’s root certificate to the new Edge service’s
$JFROG_HOME/artifactory/var/etc/access/keys/trustedfolder. For more information, Establishing a Circle of Trust.
Step 3: Place the Public GPG Key on the Edge Node
- Get the JFrog Distribution public GPG key using the Get Public Key REST API.
- Deploy the GPG public key on your Edge Node using the Set GPG Public Key REST API or the using the UI. The public key will be stored in the Administration module under Artifactory | Security | Trusted Keys on the Edge node.