Deploying Connectors

Read this guide if you need help selecting the best Connector deployment method for your target environment.

In all cases Twingate Connectors are deployed either via a Linux systemd package or an OCI (Docker) container.

Note: Twingate Connectors do not need to be deployed on every host in the network - a single connector can facilitate access to any resource that it can reach in the network in which it is deployed. Deploying additional connectors on separate hosts enables automatic load-balancing and failover as well as adding additional capacity.


Cloud VMs typically provide the most consistent performance so are the recommended choice where available. If you already have compute resources in a cloud environment then a VM deployment is preferable because you will be able to size the connectors according to expected end-user usage patterns. Connectors on Cloud VMs can access any resource they can route to including internal ones and are also appropriate for situations where you need a fixed Static IP for your users.

In Offices or Data Centers

Twingate is able to extend access to network resources in your offices or data centers including on-premises Remote Desktop, File Sharing and Active Directory resources. A connector can be deployed behind any Firewall or NAT Gateway with no inbound rules required - only outbound Internet access. Adding a second connector on a separate physical machine is recommended to allow automatic load-balancing and redundancy.

Serverless Environments (PaaS)

Serverless environments, or Platform-as-a-Service environments, are suitable where administrators do not manage their own servers or virtual machines. This has benefits for easier deployment and management but usually at the expense of less control over the resources (CPU, memory and network) allocated to Twingate connector instances.

Infrastructure-as-Code (IaC)

IaC allows administrators to script their infrastructure making it consistent and repeatable while reducing manual processes that are prone to human error. This approach can also help with improving overall security by allowing infrastructure to be placed under change control. Twingate integrates into existing IaC tooling to reduce time to rollout across multiple environments including multi-cloud deployments. Our webinar covering Best Practices for Secure Infrastructure-as-Code Initiatives may also be a useful resource.

Home Network

Deploying a Twingate connector inside your home network allows you to access resources such as Plex, Windows File Shares or Home Assistant while away from home and without having to open inbound firewall rules. This can be essential for users who have Dynamic IP addresses or CGNATs such as Starlink where this is no IP address for inbound connections.

Last updated 1 month ago