With the release of Version 1.3.0, IBM Secure Gateway for Bluemix announces key changes in the area of added security, separation of duties and updates in support of IBM Dedicated environments.
Starting with Secure Gateway 1.3.0, we’re bringing you the following additions:
- Server provides increased vertical and horizontal scaling automatically adjusting to load and customer’s needs.
- You now can create private destinations that are only scoped for access by your application.
- Client separation of duties, including updated Access Control List support, enable/disable support for gateways and destinations.
- Dedicated support for those customers who require additional security and services dedicated to their enterprise.
- Native installers are provided for Ubuntu, Red Hat and SuSE Linux environments.
- Secure Gateway SDK Language Bindings are now open source.
Server Scalability and High Availability
In this release there have been major changes applied to the server environment to provide dynamic scaling vertically within a given server and manually for horizontal scalability.
Dynamic Vertical Scalability
With the use of key open source technologies each server is now capable of scaling dynamically based on the number of CPU/Cores available and system load. As increased customer demands are placed on our infrastructure, new processes are created to handle the load dynamically using proxy to create a seamless experience for the customer. This new design not only provides better scalability, but also increases the high availability within a given node for any given process that appears slow or non-responsive.
Manually Horizontal Scalability and High Availability
Though Dynamic Vertical Scalability provides a major portion of increased scalability, the new design also required cross-node changes that provide for better management of Secure Gateway’s High Availability solution. Now with Dynamic Scalability on every node new cross-node handshaking and other architecture changes provide for increased horizontal scaling and better high availability across the entire solution. Additional nodes can be manually added as load increases, providing transparent scaling and increased high availability across the solution.
Private Destinations
A long standing requirement to provide a mechanism to isolate any particular destination from unwanted public attack is now realized in Version 1.3.0. In this release you can now create private destinations that are restricted to only those access definitions on the cloud side that you provide. By selecting this advanced option you can now create a totally private destination restricted to only cloud side access by your cloud application. Creation is as easy as selecting the option and providing the appropriate IP address or address range and port or port range, as shown by the example screenshot below:
Client Separation of Duties
Separation of duties, the definition of clear boundaries on what tasks are done by whom, moves a step closer in this new release. This support includes but is not limited to:
- The Access Control List (ACL) is automatically set to ACL DENY ALL
- Native installers which can be installed by a clearly defined administration role
In Version 1.3.0, the client starts up automatically restricting access to on-premises resources. You must specify an ACL file containing the access control list entries to use or interactively enter them so that access is granted or denied to your on-premises resources. Until this is done all access to on-premises resources are prevented or denied.
Docker Client Updates
The Secure Gateway Docker client has been updated for 1.3.0 and should be re-pulled to get the latest version. This includes important security updates and fixes, as well as the new client functions.
New Client Function
This new version of the Secure Gateway Client introduces new behaviors to some existing functions, these are as follows:
Access Control List Behavior Changes
When the Secure Gateway Client for this new version starts, the Access Control List (ACL) is automatically set to ACL DENY ALL. This means the user must either specify an ACL file containing the access control list entries to use, or interactively enter ACL commands to allow access. Until this is done all access to on-premises resources is prevented.
New Secure Gateway Client commands
In Secure Gateway Client version 1.3.0 two new commands are introduced. One to list the client’s configuration and another to show the current ACL settings in table format.
To view a client’s configuration once it is connected to the Bluemix Secure Gateway service, you can now use the displayconfig command or shortcut key ‘C’, as shown in the example below:
To view a client’s Access Control List (ACL) once you have loaded a file containing them or entered them interactively, you can now use the updated and existing show acl command or shortcut key ‘S’. Now instead of printing out one message for each setting a table is presented to the user with all the settings entered:
Dedicated Support
For those customers with interest, Secure Gateway now supports full dedicated cloud support. For those who have purchased a dedicated service agreement and installation with IBM Bluemix, they can now add Secure Gateway to the services they wish to use. All the features they currently have access to in the public Bluemix environment for Secure Gateway are also there in dedicated, it’s just more private and secure.
Native Installers for Secure Gateway Client
Beginning with version 1.3.0, the Secure Gateway client provides native client installation support for selected Linux environments. A native running client can improve over-all performance on both bare metal and virtual environments. You can run the natively installed client by using the system auto-start facility or manually by using a terminal session. When you use the auto-start facility, the client automatically logs events to the defined /var/log directory and file.
| Name | Versions |
|---|---|
| Ubuntu Linux | 14.04 (LTS) and greater |
| Red Hat Linux | 6.5 and greater |
| SuSE Linux | 11.0 and greater |
The native installer option is available when you create a new Secure Gateway. After you have entered the name for your new Secure Gateway you are given the client option to select, as shown in the following screenshot.
Currently there are two options for the supported platforms, a DEBIAN and an RPM installer, under the Software Installers section.
Secure Gateway SDK Language Bindings
The Secure Gateway SDK Language Bindings are now available as open source. Users are encouraged to extend and contribute to the existing Node.js bindings and create new ones for other languages in support of their own needs. These can now be found at github.com/IBM-Bluemix/secure-gateway-sdk.
The post IBM Secure Gateway 1.3.0 Updates appeared first on Bluemix
The post IBM Secure Gateway 1.3.0 Updates appeared first on Platform as a Service Magazine.
