Why You Should Adopt SOCKs5

  Below are four key benefits to using a SOCKs5 proxy with SSH tunneling.

Why You Should Adopt SOCKs5

  1. Access Back-End Services Behind a Firewall

  Usually, a cluster is hosted in the cloud behind a firewall to minimize potential security vulnerabilities. There are two ways to access any backend services that are running inside a cluster, and each has its limitations:

  Expose backend services to public (and accept the associated security risk);

  Whitelist the client or user’s IP to allow traffic to backend services (this is not the right solution for when a user’s IP changes, however).

  A SOCKs5 proxy with dynamic port forwarding using SSH can be an alternative to the two undesirable options above. An administrator or developer could access any backend services within a cluster that is hosted in the cloud behind a firewall for debugging, monitoring and administrating from a public network without exposing the backend service ports or whitelisting specific IPs.

  Let’s look at a use case. For security reasons, the administration or monitoring application APIs or web user interface (UI) ports for monitoring Hadoop cluster are closed by default when hosted on the cloud. To access these APIs or web UIs, you can use SSH dynamic port forwarding to master or edge a node cluster, since the master node will have a public IP and run SSH services by default, which is exposed so the user can connect from outside.

  For another example, say you’re working with a virtual private cloud (VPC). You can deploy a bastion host to securely access remote instances within a VPC by limiting their access to the outside world. You can access the bastion host from the outside world, and only port 22 (SSH) is opened. Using SSH dynamic port forwarding (SOCKs5 proxy), you can access the remote instances that are running in the VPC.

  2. No Special Setup Required

  SOCKs5 doesn’t require special setup, as long as you have SSH access to either the Edge node or gateway of a cluster. Therefore, users such as administrators and developers can access back-end resources behind the firewall using an SSH tunnel without requiring a virtual private network.

  3. No Third-Party Public or Free Proxy Server in Your Deployments

  Since a SOCKs5 proxy routes all kinds of TCP and UDP traffic to their respective service through SSH tunneling, no layer 7 application-related special proxies are required for each service to route application requests.

  4. Fewer Errors, Better Performance

  Unlike other application proxies, SOCKs5 does not rewrite data packets. It just relays the traffic between devices. Therefore, it is less prone to errors, and performance increases automatically.