Skip to content

Resources

This page describes compute resources in Raikoo and how they enable workflows to connect to remote systems for execution and processing tasks.

What are Resources?

Resources in Raikoo represent remote compute environments that workflows can connect to for various computational purposes. They provide a flexible and extensible way to define connections to external systems, enabling workflows to execute operations on remote machines, access specialized hardware, or interact with isolated execution environments.

Think of a resource as a remote computer or service that your workflow can utilize, complete with all the connection information and routing needed to access it securely.

Key Concepts

Connection Routes

At the core of Raikoo's resource system is the concept of a connection route. A connection route separates the authentication credentials from the routing logic, providing a clean architecture for complex network topologies.

Each connection route consists of:

  • Hops - A sequence of connection credentials representing intermediate hosts to traverse before reaching the final destination
  • Proxy (optional) - An initial proxy server to route traffic through before making any SSH connections

This separation allows you to define sophisticated connection paths that navigate through jump hosts, bastion servers, and proxy services while keeping the connection credentials modular and reusable.

Multiple Connections per Resource

A single resource can define multiple named connections, each with its own protocol and routing configuration. This allows you to:

  • Provide alternative routes to the same destination
  • Support different protocols for accessing the same resource
  • Organize connection options for different use cases or network conditions

SSH Connections

Currently, Raikoo supports SSH (Secure Shell) connections as the primary protocol for accessing remote compute resources.

Authentication Methods

SSH connections support two authentication methods:

Password Authentication

  • Username and password credentials
  • Standard port (22) or custom port configuration
  • Simple setup for systems that support password authentication

Private Key Authentication

  • SSH private key (typically RSA or ED25519)
  • Optional passphrase for encrypted keys
  • More secure than password authentication
  • Recommended for production environments

Connection Fields

Each SSH connection hop requires:

  • IP Address - The hostname or IP address of the target system
  • Username - The account to authenticate as
  • Authentication credentials - Either password or private key with optional passphrase
  • Port (optional) - SSH port, defaults to 22

Proxy Support

Raikoo supports routing connections through proxy servers, enabling access to resources behind corporate firewalls, NAT gateways, or other network boundaries.

Supported Proxy Types

HTTP Proxy

  • Standard HTTP CONNECT proxy
  • Optional username/password authentication
  • Port configuration (typically 8080 or 3128)

HTTPS Proxy

  • Encrypted proxy connections with TLS support
  • Optional username/password authentication
  • Advanced TLS configuration options:
    • Client certificates for mutual TLS
    • Custom CA certificates
    • Control over certificate validation

SOCKS Proxy

  • Support for SOCKS v4, SOCKS v4a, and SOCKS v5
  • Username/password authentication (SOCKS v5 only)
  • Port configuration (typically 1080)
  • Lower-level protocol suitable for various traffic types

Proxy Configuration

Proxies are configured at the connection route level and apply to all hops in the route. The proxy is established first, and then all subsequent SSH connections are tunneled through it.

Jump Hosts and Bastion Hopping

One of the most powerful features of Raikoo's resource system is support for jump hosts (also called bastion hosts). This allows you to connect to systems that aren't directly accessible from your network.

How Jump Hosts Work

A jump host connection works by:

  1. Establishing a connection to the first hop (potentially through a proxy)
  2. Using that connection to tunnel to the next hop
  3. Repeating this process through each hop in the sequence
  4. Finally reaching the destination system

Each hop in the chain can use different credentials and authentication methods, providing maximum flexibility for complex network architectures.

Use Cases for Jump Hosts

  • Accessing private networks - Connect to internal systems through a public-facing bastion
  • Multi-layer security - Traverse multiple security zones with different authentication requirements
  • Cloud environments - Access private subnets through a jump host in a public subnet
  • Legacy systems - Navigate through intermediate systems in complex enterprise networks

Text Replacements in Connection Fields

All connection fields in Raikoo resources support text replacements, allowing you to use dynamic values from your workflow context. This enables:

  • Credential management - Reference secrets stored in your project configuration
  • Dynamic routing - Adjust connection parameters based on workflow variables
  • Environment-specific configuration - Use different values for development, staging, and production

Text replacements work in all fields including hostnames, ports, usernames, passwords, and proxy configurations.

Working with Resources

Creating a Resource Connection

When creating a resource connection, you'll need to:

  1. Choose a protocol - Currently SSH, with more protocols coming soon
  2. Define the route - Specify the destination and any intermediate hops
  3. Configure authentication - Set up credentials for each hop
  4. Add proxy if needed - Configure proxy settings if required for network access
  5. Test the connection - Verify that the route works as expected

Using Resources in Workflows

Resources are referenced from operations within workflows. Operations that need to execute commands or access files on remote systems will use the configured resource connections to establish the necessary network paths.

Future Capabilities

The resource system is designed to grow and evolve with additional capabilities:

Additional Protocols

  • VNC - Remote desktop access for GUI applications
  • RDP - Windows Remote Desktop Protocol connections
  • Custom protocols - Support for specialized connection types like E2B sandboxes

Capability Expression

Future versions will include a capability system that allows resources to express what they can do:

  • Shell access - Execute commands on the remote system
  • Code evaluation - Run code in specific language environments
  • Desktop access - Interact with graphical user interfaces
  • GPU acceleration - Access to specialized hardware
  • Custom capabilities - Define domain-specific capabilities for specialized resources

This capability model will enable workflows to automatically select appropriate resources based on the requirements of each operation.

Best Practices

Security

  • Use private key authentication - Prefer SSH keys over passwords when possible
  • Protect sensitive credentials - Use text replacements to reference secrets rather than embedding them directly
  • Minimize jump hosts - Use the fewest hops necessary to reach your destination
  • Validate proxy certificates - Use proper TLS validation for HTTPS proxies in production

Organization

  • Name connections clearly - Use descriptive names that indicate the connection's purpose or destination
  • Document complex routes - Add descriptions explaining the network topology and why hops are needed
  • Group related connections - Keep connections for the same logical resource together
  • Test incrementally - When setting up complex routes, test each hop individually before combining them

Performance

  • Consider network latency - Each hop adds latency; minimize hops when possible
  • Reuse connections - Configure operations to share connections rather than creating new ones
  • Choose appropriate proxies - Select proxy types based on your network requirements and security policies

Conclusion

Resources provide a powerful and flexible way to connect Raikoo workflows to remote compute environments. The connection route architecture supports complex network topologies including proxies and jump hosts, while the extensible design ensures that new protocols and capabilities can be added as needs evolve. By understanding how to configure and use resources effectively, you can enable your workflows to operate across diverse computing environments and infrastructure.