Reviewing Secure Gateway deployment details
Secure Gateway is deprecated. For more information, see the deprecation details.
You can use the following steps to analyze the current usage of Secure Gateway for your secure data communications and collect the necessary information to create corresponding Satellite Connectors.
Goals
The goal of this tutorial is to help guide you through gathering the key information from your Secure Gateway instances that you will need when you migrate to Satellite Connector.
Review the Secure Gateway concepts
You might need to review the common terms and concepts of Secure Gateway. For more information, see the following links.
- Review the Getting started with Secure Gateway in general.
- Review the key Secure Gateway component topics.
Access your Secure Gateway instances
- The first step is to see what Secure Gateway instance(s) you have deployed. Most users only have a single instance, but some have multiple depending on the size of their deployment.
- Access your list of Secure Gateway service instances - see their names, what resource group they are in, what region they are deployed, their status, and any tags they might have
- For each instance follow the steps below to gather additional details, either via the UI or the CLI
Access your Secure Gateway instance details in UI
Access your Secure Gateway instance details
-
In this instance, you can see on the first page the total traffic, and a list of the Gateways in that instance. There may be no gateways, 1 gateway, or more gateways. If there are no gateways created, it means you are not using this instance to transfer traffic.
-
In any Gateway box, click the to review the following details for that Gateway.
- Gateway name
- Gateway key
- Gateway ID
- Node it's attached to
- Created & modified information
- Whether it is enabled or disabled
-
Click on a Gateway to review the Gateway page.
-
Review the Destinations tab for a list of destinations. In any Destination box, click the to review the following details for that Destination.
- Destination ID
- Cloud host & port
- Resource host & port
- Created & modified information
- Security protocal
-
Click the Clients tab to review the Clients that are connected to that Gateway.
-
Back on the Gateway screen information, you can extract all the information about that Gateway by clicking the Export button . Note that the file is saved with the unique ID for that gateway to your Download directory.
-
Complete the next steps to to parse the file and gather the data you need to set up Satellite Connector.
Keep in mind when reviewing your Secure Gateway details that each Gateway is similar to a Satellite Connector. So as you review your might have multiple Secure Gateway instances, and you might have multiple gateways and destinations set up within that instance. Also each of your Secure Gateaway Destinations are similar to Satellite Connector endpoints.
Parse the extracted Secure Gateway gateway files to gather data
In the previous step, if you extracted data about each Gateway, you can parse it using simple CLI tools to get the information easily. You can also get this data using the console, but the CLI allows you to examine and save with fewer manually copy and paste steps.
-
Prepare your machine.
- This is most useful on a linux-type environment - so use Mac OS terminal, Linux, or Windows Linux support terminal window
- You can load the json file into a browser or JSON viewing tool, but you also might want to use a JSON processor like JQ.
- If you want to use JQ as we do in the following example, you need to download it before beginning.
- Optional Each of the files saved have an extension
.gateway
. You can use them directly, but it also might help to pull into an editor if you rename them.json
.
-
Extract the data.
-
You can run a series of commands to get various pieces of data
-
Set the filename for convenience.
filename="<name of the file you want to example>"
- Display the whole file.
cat $filename | jq "."
- Get the Gateway name.
cat $filename | jq ".desc"
- Get the destiniations with all the sub array data.
cat $filename | jq ".destinations[]"
- Get just the destination names in all the destinations. This also tells you know how many destinations you have for that gateway.
cat $filename | jq ".destinations[] .desc"
- Get the details for a specfic destination where "0" is the number of the destination in the array of destinations.
cat $filename | jq ".destinations[0]"
-
Access your Secure Gateway instance details in the CLI
If you prefer working in the command line, you can obtain a number of the above details, with even less usage of the IBM Cloud console. If you already gathered your instance information, you can continue with this step as you like. You will need to have the IBM Cloud CLI set up and the "Cloud Foundry plugin installed.
These action are only available for installations with already have the cf plug-in installed! If the cf plugin is not installed already, please use the UI option.
-
Enable the command line feature flag that will permit to use Cloud Foundry commands.
export IBM_CF_EXTENSION=true
-
Install the
cf
plug-in.ibmcloud cf install
-
Target a CF org and space.
ibmcloud target --cf -r REGION -o ORG -s SPACE
-
Get an IAM refresh token for your session.
ibmcloud iam oauth-tokens
-
List your Secure Gateway instance details. Make a note of the
Organization ID
andSpace ID
. You will use these values as inputs in the next step.ibmcloud resource search 'name: *Secure*Gateway*'
Example output.
Name: Secure Gateway-qj Location: eu-gb Family: cloud_foundry Resource Type: cf-service-instance Organization ID: 8891a43f-cdac-4e48-a4f7-8cdaf399c183 Space ID: e832ed2e-3fe4-4d4f-9394-7f2b2b037eed CRN: crn:v1:bluemix:public:securegateway:eu-gb:s/e832ed2e-3fe4-4d4f-9394-7f2b2b037eed:86684bec-8174-4037-baed-70a0a4604220:cf-service-instance: Tags: Service Tags: Access Tags:
-
Get the details for each of your Secure Gateway instances by running the following
curl
command. Make sure to replaceORG-ID
andSPACE-ID
with the CF org and space IDs that you found in the previous step.curl -X GET -H 'Authorization: Bearer TOKEN' 'https://sgmanager.us-south.securegateway.cloud.ibm.com/v1/sgconfig?org_id=ORG-ID&space_id=SPACE-ID'
Review the output and make a note of the
_id
[{"_id":"AAAA","org_id":"ORG-ID","desc":"Disconnected Gateway","hostname":"cap-sg-prd-2.securegateway.appdomain.cloud","port":49998,"status":"ENABLED","jwt”:”xxxx”,”enf_tok_sec":true,"connected":false,"created_by":null,"created_at":"2023-05-22T14:39:53.807Z","modified_by":null,"last_status_change":"2023-09-27T14:11:39.882Z","authorization":{"cert":"CERT","key":"KEY"},"recentlyDisconnected":[{"id":"ID","disconnectedAt":1684773248414},{"id":"ID","disconnectedAt":1684767669028},{"id":"ID","disconnectedAt":1684766756637}],"active":true,"connectedClientsArr":[],"expiry":1703599899000},]
-
Use the
_id
you found in the previous step to get your destination details.curl -X GET -H 'Authorization: Bearer TOKEN' 'https://sgmanager.us-south.securegateway.cloud.ibm.com/v1/sgconfig/SG-ID/destinations'
Example output.
[{"_id":"AAA","configuration":"SG-ID","type":null,"port":18453,"connection_info":{"OnPremHost":"172.17.0.2","OnPremPort":"80","clientPort":null,"sni":"","Password":""},"proxy":{"ip":null,"port":null,"type":null},"enforceProxy":false,"certs":{},"keys":{},"TLS":"none","protocol":"HTTP","private":false,"enable_client_tls":false,"client_tls":"none","status":"ENABLED","created_at":"2023-07-05T14:10:07.678Z","created_by":null,"modified_by":null,"last_status_change":"2023-07-05T14:10:07.744Z","timeout":0,"compressData":true,"rejectUnauth":true,"exempt":null,"ip_table_rules":[],"org_id":"ORG-ID","space_id":"SPACE-ID","hostname":"cap-sg-prd-3.securegateway.appdomain.cloud","dedicatedIP":null,"desc":"perf-test-http"}]
-
Get the details of the connected clients.
curl -X GET -H 'Authorization: Bearer TOKEN' 'https://sgmanager.us-south.securegateway.cloud.ibm.com/v1/sgconfig/SG-ID/clients'
[{"id":"AAA","version":189,"version_detail":"Version 1.8.9","host":"0c081089b1c3","type":"docker"}]%
Analysis Summary
Let's summarize the information you have gathered about your Secure Gateway deployment
-
Instance list: You know how many instances you have, and their names, groups, locations, status, and tags.
-
Gateway list: For each instance, you know the information about the created gateways - how many you have, and for each one: key token, ID, node, key dates, and the enable/disable status.
-
Destination list: For each Gateway, you know the incoming destination(s) and details for each: name, host & port, authentication method, network security, proxy settings, and other miscellaneous info.
-
Client list: For each gateway, you know the connected clients.
Next steps
You can now use the output from the previous steps to begin Setting up Connector for testing Secure Gateway migration.