Security Tunnels

Question

I want to build a system like following to central manage devices.The system will have the components as:

1. Server on Cloud
2. Agent located behind NAT to manage devices. Agent should be able to communicate with Cloud Server.

Basically the system will work as following:

1. The devices behind NAT should be visible on Cloud Server.
2. Cloud Server should be able to remote manage the devices.

So we want to build tunnels between Cloud Server and Remote Agent, thus we could go through NAT to remote manage those devices behind NAT. We need to run both TCP/UDP/HTTP protocol on the tunnels programmatically, and the concurrent tunnels need to support 10K level.

Currently we have surveyed SSH Tunnel and VPN Tunnel,But still no clue about how to do it.So the questions are:

1. What kind of technologies could be used to build the above tunnels so that the Cloud Server could manage devices behind NAT?
2. How to implement it programmatically, is there any library available now?

Answer 1

Q1: use SSH reverse tunnel for TCP forward.

Q2: there is Apache SSHd for SSH server,jsch for SSH client.