Skip to content

xConnect Bridge

This platform component is used to enable private/isolated network's agents access to the xConnect API. This is only required for environments that are monitoring devices that do not have a direct route or unfettered access to the internet.

It will host a squid server to proxy HTTP(S) traffic from the agents to the * API endpoints.

graph LR A(Edge Devices) --> B(Agent) B --> A B -->|HTTPS|C(Bridge - Optional) C -->|HTTPS|D(xConnect Cloud Dashboard - Azure); style C fill:#04acec; linkStyle default stroke-width:2px,fill:none,stroke:black;


  • Host must have northbound and southbound network access
  • Northbound - Route to internet (specifically, *
  • Southbound - Route to private network where devices being monitored are
  • Minimum System Requirements:
  • Physical or Virtual Machine
  • Linux-based distribution that supports docker, podman, or kubernetes
  • 2 CPU Cores
  • 4 GB RAM

Deploying with Docker

  • Note: Take note of the IP address of the host system for the xConnect Bridge

  • Install docker ce if not already installed

  • Install docker-compose if not already installed
  • curl -o xconnectbridge.conf

Docker Compose

  1. curl -o docker-compose.yml
  2. docker compose up -d

Docker Swarm

  1. Ensure Docker Swarm mode is enabled (docker swarm init)
  2. curl -o docker-compose.yml
  3. docker stack deploy -c docker-compose.yml xconnect

Deploying with Kubernetes

  1. curl -o xconnectbridge.conf
  2. kubectl create configmap squid-conf --from-file=xconnectbridge.conf
  3. kubectl apply -f

Configure Agents to leverage the xConnect Bridge

  • Note: default port that the agent will try to connect with is 8884 unless changed in docker-compose.yml

  • curl --request POST 'http://localhost:8886/updateProfile' --header 'Content-Type: application/json' --data-raw '{"profile": {"proxy_host": "<IP_ADDRESS_OF_BRIDGE_HOST>"}}'


  • This bridge is a simple forward proxy server and is restricted to only work for xconnect services.
  • Only traffic destined for * over https will be allowed through
  • All traffic not destined for * will be denied