To access a database inside a network that allows only egress connections, you must deploy CMAN at both the client site that is hosting the database and the server site that wants to access the database. The data transfer happens over an encrypted channel on the public internet using TLS, if TLS is configured between the two CMANs.
When client CMAN is started, the gateway connects to the server CMAN and creates a pool of connections, known as tunnels. Reverse connections from the server to the client are routed through these tunnels. You can also configure the pool size.
In the following figure, the client CMAN uses the tunnel service of the server CMAN to establish a tunnel connection. Once a client CMAN establishes a tunnel, the server CMAN offers the client CMAN identifier as a service for clients in site A.