# Connector Deployment ## Table of contents - [Application Connector Deployment](https://www.manageengine.com/products/desktop-central/help/private-access/app-connector-deployment.html#deploy) - [Minimum System and Network Requirements](https://www.manageengine.com/products/desktop-central/help/private-access/app-connector-deployment.html#minimum) The Connector acts as a secure bridge between your internal applications and endpoints. It runs within your network, retrieves policy and configuration details from the Endpoint Central server, and routes user session requests to the appropriate internal applications. Depending on the architecture, you can deploy: - **Application Connector:** Installed within the internal network to connect to private applications. - **Edge Connector:** Typically deployed in the DMZ to handle external traffic before forwarding validated requests to the internal network. Deploying the Connector is essential for enabling Private Access, as it ensures that users can securely reach internal resources without exposing them to the public internet. **Note:** The deployment procedure for the Edge Connector follows the same installation and configuration steps as the Application Connector. The Application Connector is mandatory for Private Access, whereas the Edge Connector is optional and typically deployed in a DMZ environment. ## Steps to deploy Application Connector This section explains how to deploy Connector securely in your environment. 1. Navigate to **Connectors** in the console and click **Add Application Connector**. ![Add Application Connector](https://www.manageengine.com/products/desktop-central/help/images/app-connector1.png) 2. Provide a name and the Public DNS through which the connector will be accessible from endpoints, then save the configuration. ![Name & Public DNS](https://www.manageengine.com/products/desktop-central/help/images/app-connector2.png) 3. Download the Application Connector and transfer the file to the target Linux machine. We recommend using the `scp` command for secure file transfer. For example: ```plaintext scp -r me-sse-gateway.zip user@:/home/ ``` ![Download](https://www.manageengine.com/products/desktop-central/help/images/app-connector3.png) 4. On the Linux machine, run the installation command displayed in the console. After installation completes, the connector automatically registers with the server. You can view its status in the console, where it will appear as **Active** once the connection is successfully established. ![Successful deployment](https://www.manageengine.com/products/desktop-central/help/images/app-connector4.png) The Application Connector performs periodic health checks with the server to ensure continuous connectivity and to retrieve updated policies. If the connector cannot reach the server, its status in the console will automatically update to reflect the issue. ## Minimum System and Network Requirements for Connector Deployment To ensure a successful deployment and smooth operation of the Application Connector, the system must meet specific hardware and network prerequisites. These minimum requirements ensure stable performance and scalability for up to 5000 endpoints. ### Minimum System Requirements - **Operating System:** Linux (Ubuntu 24.04 or higher, or Debian 12 or higher) is required - **CPU:** Minimum of 4 physical cores - **RAM:** At least 4 GB (8 GB or more is recommended for environments expecting high throughput) - **Disk Space:** A minimum of 10 GB of free disk space (SSD storage is highly recommended for optimal performance) - **Network Interface:** 500 Mbps NIC at minimum, ideally configured with a public IP address - **Time Synchronization:** The Network Time Protocol (NTP) service must be enabled to maintain accurate time synchronization across systems ### Minimum Network Requirements **If only Application Connector is deployed:** - **Port Configuration:** Ensure **TCP port 8443** is open to allow connectivity to the Application Connector from the endpoints. - **Public Accessibility:** The Application Connector must have a public IP address and a DNS entry for external access. - **Internal Application Reachability:** Ensure that the internal applications are reachable from the Application Connector to enable successful access. **If both Application Connector and Edge Connector are deployed:** - **Port Configuration:** Ensure **TCP port 8443** is open to allow connectivity to the Edge Connector from the endpoints. - **Public Accessibility:** Endpoints must be able to reach the Edge Connector, which communicates with the Application Connector to enable access to internal applications. The Application Connector does not require direct public exposure in this deployment model. - **Internal Application Reachability:** Ensure that the internal applications are reachable from the Application Connector to enable successful access. **Note:** The number of connectors can be increased based on your usage requirements. Meeting these baseline requirements ensures the Connectors are optimized for secure, efficient, and scalable remote access as part of your Zero Trust strategy.