In order for Cloudaware CMDB collector to discover infrastructure running on the private network, customers must deploy a local proxy. Local collector proxy must have ingress access to the target endpoint and egress access to the Cloudaware TunHub's server. 


Proxy configuration can be deployed to any Breeze agent that meets requirements. Up to 2 Breeze agents (active and standby) can be designated to support single endpoint connection.

Customers are able to set up the TunHub integration using a self-service interface in Cloudaware Admin panel.

Breeze Setup

Select any existing or a new server that has access to the resources in your private network and may communicate to Cloudaware. Follow the steps below to install Breeze agent:

1. Log in to Cloudaware account → Admin Breeze to download the Breeze agent.

2. Install Breeze on this server*.

Server requirements:

Linux only (Ubuntu v14 and newer, Centos/RedHat v6..8, Debian 9 and newer, Amazon Linux)

CPU: 1

Memory: 256 MB minimum

Storage: 200 MB


outbound TCP 443 for Breeze agent (dest:

outbound TCP 443 for TunHub (dest:

3. Once Breeze is installed, the server gets access to and may act as TunHub proxy.

TunHub Setup

Create A Tunnel

Create a tunnel to grant Cloudaware access to your private network resources. A tunnel should contain one or more routes, which can be added on the next step.

1. Log in to Cloudaware account → Admin.

2. Find TunHub in the list of integrations. Click +Add.

3. Fill in the required information:

*Description - the integration name

**Primary Channel - Breeze Agent ID of Breeze agent installed on the host (pay attention to this field as it cannot be edited later!)

To locate Breeze Agent ID, use CMDB Navigator in your Cloudaware account. Locate the server using the specific list view or general Search. Check the field 'Breeze Agent'. The field values may be of the following formats:

AWS EC2 Instances - i-XXXXXXXXXXXXXXXXX (=Instance ID)
vCenter Virtual Machines - vcenter_XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX_vm-1111111 (=vCenter ID_Virtual Machine External ID)
Google GCE Instances - 1111111111111111111 (=Google ID)
Physical Servers - ipXX.XX.X.XX_macXXXXXXXXXX (=Name)

***Standby Channel (optional) - Breeze Agent ID of Breeze agent installed on the reserve host. If Primary Channel is unavailable for any reason, Standby Channel will be used for Cloudaware TunHub integration until Primary Channel connection is restored.

Primary and Standby Channels must have different public IP addresses.

****Dedicated Port - check this box if it is not possible to have unique public source IP addresses for all egress Tunhub connections in your organization. This will assign a dedicated port out of 30000-40000 range (ensure that your firewall allows egress for this range). Otherwise, Tunhub listens on port 443 and expects the connection to be established from a unique public IP address.

4. Click Save to test the connection.

5. Review the integration details. The yellow light in 'Primary Channel' means that TunHub is waiting for the local collector proxy (Breeze) to connect. 

Configure Routes

Tunhub integration should have at least one route configured. A route is an entity that maps a private address in your network to the one which is reachable by Cloudaware. The route generates an alternate address which customers may use for adding integrations that require secure connection.

1. Click three dots → Edit Tunnel & Routes +Add Route.

Each private network resource requires a unique designated route to be configured in Cloudaware TunHub.

2. Fill the form:

*Description - the route name (= the resource name, e.g. MyCompany JIRA)

**Remote Host - Domain Name or IP address of the resource in a private network

***Remote Port - the port of the resource in a private network for Cloudaware to access (commonly 443)

3. Click Save. Breeze agent runs every 15 minutes, so allow some time for a route to get the green status and then proceed. 

4. Once the route is pre-configured and ready, get the generated Destination Host and Destination Port required for adding the integration in question.

Integration Name

Destination Host/Port To Be Used For Field(s)


URL (e.g.

vCenter Management Server

URL (e.g.


Host (e.g.
Port (e.g. 1245)

5. Go back to the integration details. The green light in 'Primary Channel' means that TunHub integration has been successfully added. If there is a red light, please contact

If the checkbox ‘Managed by Cloudaware' is checked, neither a managed tunnel nor its routes can be edited/deleted by a customer.