The Artifactory On-Prem Edge node within the JFrog Platform on the cloud is commonly located within the corporate network protected by a firewall. Within your corporate network, you can choose to set up the On-Prem Edge within a DMZ (Demilitarized Zone) or alternatively build a VPN tunnel or using any other secure method.
The JFrog distribution process requires enabling ingress communication between the JFrog Platform on the cloud and Artifactory On-Prem Edge nodes. Please ensure that your corporate firewall is configured to accept this type of traffic.
The workflow for adding the an Artifactory On-Prem Edge Node to the JFrog SaaS environment includes:
Platform Deployments is now called Platform Management.
Use one of the following methods to connect Artifactory and the Edge nodes.
Identify & Access is now called User Management.
From Artifactory version 7.29.7, the recommended method for connecting between the source Artifactory and the Artifactory Edge nodes is the pairing token.
Creating a connection using the scoped token API, requires generating a token on the Edge node that is scoped for Distribution, and then providing that token to the SaaS Artifactory. To do this you will need to the following.
Generate a scoped token using the REST API Create Token call.
curl -X POST http://localhost:8084/access/api/v1/service_trust/pairing/mission-control -H "Authorization: Bearer $TOKEN"
Establish trust between servers by establishing a "Circle of Trust" between the SaaS environment and the On-Prem Artifactory Edge node. To do that you will need to do the following:
root.crtfrom the Artifactory SaaS instance by running the Get Root Certificate REST API against the SaaS instance.
root.certreceived in step 1 above as the trusted certificate in each Edge node by copying the service’s root certificate to the new Edge service’s
root.crtfrom the Edge nodes by running the Get Root Certificate REST API against each Edge.
root.certfrom the Edges, open a support request to copy the root certificate from step 2a to your SaaS instance.
From release 7.29.7, paired tokens are the default option used for connecting the source and node. If you are unable to upgrade your self-hosted instance, or need to continue using the circle of trust, refer to the explanation above.