What is a Gateway? Why do you need a Gateway?
A Gateway is the core proxy server component within a system, responsible for relaying user connection requests and establishing controlled, secure connections. It ensures secure and compliant data transmission while improving connection efficiency and stability.
Gateway Management Logic:
-
How the system selects a Gateway:
When a user connects to a resource, the system applies the following logic based on whether the resource is tagged with a Gateway segment (e.g.,gateway-office1
):- No Tag: The system randomly selects an available Gateway to fulfill the request. This is suitable for general needs without specific proxy server requirements.
- Tagged: The system randomly selects an available Gateway within the specified segment, ensuring efficient and targeted connections.
-
Ensuring Gateway Availability:
The system periodically syncs the status of each Gateway (every 15 seconds) and automatically retries upon detecting anomalies. If a Gateway is unavailable, the system logs an error and displays a connection failure message. -
Executing Connections:
After successfully selecting a Gateway, the system establishes the connection and starts session recording, logging the full operation history. If the connection fails, only an audit log is generated.
Handling Connection Failures:
- If no Gateway is available or the proxy cannot connect to the target device, the system logs an error and displays a connection failure message.
- Session recording is only enabled upon successful connection; otherwise, only an audit log is generated.
Supported Protocols:
Currently supports RDP, VNC, SSH, and SFTP, catering to diverse access needs both inside and outside the enterprise.
What is the Tunnel Feature?
The Tunnel feature ensures all connections pass through the system's default Gateway, enabling secure access to closed networks. It provides encrypted and isolated data traffic, reducing the risk of internal network exposure.
Use Cases for Gateway Management and Tunnel Features:
- Scenario 1: Resources Without Tags
A company has an internal file server without any Gateway segment tag, and the resource has no specific proxy server requirements.
- When a user attempts to connect, the system randomly selects a Gateway from all available options to handle the request, ensuring a controlled and successful connection.
- This applies to general resources without additional proxy planning.
-
Scenario 2: Resources Differentiated by Cloud Environments
A company has multiple resources distributed across cloud providers like AWS and GCP. To optimize connection efficiency, administrators tag these resources with different Gateway segments:- AWS Resources: Tagged as
gateway-aws
. - GCP Resources: Tagged as
gateway-gcp
. - When users connect to AWS or GCP resources, the system randomly selects a Gateway within the corresponding segment. For example, when connecting to an AWS resource, the system only chooses from the
gateway-aws
segment, avoiding cross-cloud proxies to reduce latency and improve efficiency.
- AWS Resources: Tagged as
-
Scenario 3: Internal Network Connections for Compliance
To meet security and compliance requirements, a company enables the Tunnel feature, ensuring all resource access passes through the default internal Gateway, preventing direct internal network exposure to the public internet.- With the Tunnel feature enabled:
- All connection requests must pass through the system's default internal Gateway, even for resources without specific segment tags.
- The system automatically provides encrypted channels for all connection traffic, ensuring end-to-end data protection and mitigating risks of data leakage or interception.
- External users (e.g., third-party vendors) are also subjected to strict connection paths filtered and controlled by the internal Gateway, ensuring secure resource access.
- With the Tunnel feature enabled: