IBM Cloud Docs
Reviewing Secure Gateway deployment details

Reviewing Secure Gateway deployment details

Secure Gateway is deprecated. For more information, see the deprecation details.

You can use the following steps to analyze the current usage of Secure Gateway for your secure data communications and collect the necessary information to create corresponding Satellite Connectors.

Goals

The goal of this tutorial is to help guide you through gathering the key information from your Secure Gateway instances that you will need when you migrate to Satellite Connector.

Review the Secure Gateway concepts

You might need to review the common terms and concepts of Secure Gateway. For more information, see the following links.

Access your Secure Gateway instances

  • The first step is to see what Secure Gateway instance(s) you have deployed. Most users only have a single instance, but some have multiple depending on the size of their deployment.
  • Access your list of Secure Gateway service instances - see their names, what resource group they are in, what region they are deployed, their status, and any tags they might have
  • For each instance follow the steps below to gather additional details, either via the UI or the CLI

Access your Secure Gateway instance details in UI

Access your Secure Gateway instance details

  1. In this instance, you can see on the first page the total traffic, and a list of the Gateways in that instance. There may be no gateways, 1 gateway, or more gateways. If there are no gateways created, it means you are not using this instance to transfer traffic.

  2. In any Gateway box, click the Settings icon to review the following details for that Gateway.

    • Gateway name
    • Gateway key
    • Gateway ID
    • Node it's attached to
    • Created & modified information
    • Whether it is enabled or disabled
  3. Click on a Gateway to review the Gateway page.

  4. Review the Destinations tab for a list of destinations. In any Destination box, click the Settings icon to review the following details for that Destination.

    • Destination ID
    • Cloud host & port
    • Resource host & port
    • Created & modified information
    • Security protocal
  5. Click the Clients tab to review the Clients that are connected to that Gateway.

  6. Back on the Gateway screen information, you can extract all the information about that Gateway by clicking the Export button Export Button. Note that the file is saved with the unique ID for that gateway to your Download directory.

  7. Complete the next steps to to parse the file and gather the data you need to set up Satellite Connector.

Keep in mind when reviewing your Secure Gateway details that each Gateway is similar to a Satellite Connector. So as you review your might have multiple Secure Gateway instances, and you might have multiple gateways and destinations set up within that instance. Also each of your Secure Gateaway Destinations are similar to Satellite Connector endpoints.

Parse the extracted Secure Gateway gateway files to gather data

In the previous step, if you extracted data about each Gateway, you can parse it using simple CLI tools to get the information easily. You can also get this data using the console, but the CLI allows you to examine and save with fewer manually copy and paste steps.

  1. Prepare your machine.

    • This is most useful on a linux-type environment - so use Mac OS terminal, Linux, or Windows Linux support terminal window
    • You can load the json file into a browser or JSON viewing tool, but you also might want to use a JSON processor like JQ.
    • If you want to use JQ as we do in the following example, you need to download it before beginning.
    • Optional Each of the files saved have an extension .gateway. You can use them directly, but it also might help to pull into an editor if you rename them .json.
  2. Extract the data.

    • You can run a series of commands to get various pieces of data

    • Set the filename for convenience.

    filename="<name of the file you want to example>"
    
    • Display the whole file.
    cat $filename | jq "."
    
    • Get the Gateway name.
    cat $filename | jq ".desc"
    
    • Get the destiniations with all the sub array data.
    cat $filename | jq ".destinations[]"
    
    • Get just the destination names in all the destinations. This also tells you know how many destinations you have for that gateway.
    cat $filename | jq ".destinations[] .desc"
    
    • Get the details for a specfic destination where "0" is the number of the destination in the array of destinations.
    cat $filename | jq ".destinations[0]"
    

Access your Secure Gateway instance details in the CLI

If you prefer working in the command line, you can obtain a number of the above details, with even less usage of the IBM Cloud console. If you already gathered your instance information, you can continue with this step as you like. You will need to have the IBM Cloud CLI set up and the "Cloud Foundry plugin installed.

These action are only available for installations with already have the cf plug-in installed! If the cf plugin is not installed already, please use the UI option.

  1. Enable the command line feature flag that will permit to use Cloud Foundry commands.

    export IBM_CF_EXTENSION=true
    
  2. Install the cf plug-in.

    ibmcloud cf install
    
  3. Target a CF org and space.

    ibmcloud target --cf -r REGION -o ORG -s SPACE
    
  4. Get an IAM refresh token for your session.

    ibmcloud iam oauth-tokens 
    
  5. List your Secure Gateway instance details. Make a note of the Organization ID and Space ID. You will use these values as inputs in the next step.

    ibmcloud resource search 'name: *Secure*Gateway*'
    

    Example output.

    Name:              Secure Gateway-qj
    Location:          eu-gb
    Family:            cloud_foundry
    Resource Type:     cf-service-instance
    Organization ID:   8891a43f-cdac-4e48-a4f7-8cdaf399c183
    Space ID:          e832ed2e-3fe4-4d4f-9394-7f2b2b037eed
    CRN:               crn:v1:bluemix:public:securegateway:eu-gb:s/e832ed2e-3fe4-4d4f-9394-7f2b2b037eed:86684bec-8174-4037-baed-70a0a4604220:cf-service-instance:
    Tags:
    Service Tags:
    Access Tags:
    
  6. Get the details for each of your Secure Gateway instances by running the following curl command. Make sure to replace ORG-ID and SPACE-ID with the CF org and space IDs that you found in the previous step.

    curl -X GET   -H 'Authorization: Bearer TOKEN' 'https://sgmanager.us-south.securegateway.cloud.ibm.com/v1/sgconfig?org_id=ORG-ID&space_id=SPACE-ID'
    

    Review the output and make a note of the _id

    [{"_id":"AAAA","org_id":"ORG-ID","desc":"Disconnected Gateway","hostname":"cap-sg-prd-2.securegateway.appdomain.cloud","port":49998,"status":"ENABLED","jwt”:”xxxx”,”enf_tok_sec":true,"connected":false,"created_by":null,"created_at":"2023-05-22T14:39:53.807Z","modified_by":null,"last_status_change":"2023-09-27T14:11:39.882Z","authorization":{"cert":"CERT","key":"KEY"},"recentlyDisconnected":[{"id":"ID","disconnectedAt":1684773248414},{"id":"ID","disconnectedAt":1684767669028},{"id":"ID","disconnectedAt":1684766756637}],"active":true,"connectedClientsArr":[],"expiry":1703599899000},]
    
  7. Use the _id you found in the previous step to get your destination details.

    curl -X GET -H 'Authorization: Bearer TOKEN' 'https://sgmanager.us-south.securegateway.cloud.ibm.com/v1/sgconfig/SG-ID/destinations'
    

    Example output.

    [{"_id":"AAA","configuration":"SG-ID","type":null,"port":18453,"connection_info":{"OnPremHost":"172.17.0.2","OnPremPort":"80","clientPort":null,"sni":"","Password":""},"proxy":{"ip":null,"port":null,"type":null},"enforceProxy":false,"certs":{},"keys":{},"TLS":"none","protocol":"HTTP","private":false,"enable_client_tls":false,"client_tls":"none","status":"ENABLED","created_at":"2023-07-05T14:10:07.678Z","created_by":null,"modified_by":null,"last_status_change":"2023-07-05T14:10:07.744Z","timeout":0,"compressData":true,"rejectUnauth":true,"exempt":null,"ip_table_rules":[],"org_id":"ORG-ID","space_id":"SPACE-ID","hostname":"cap-sg-prd-3.securegateway.appdomain.cloud","dedicatedIP":null,"desc":"perf-test-http"}]
    
  8. Get the details of the connected clients.

    curl -X GET -H 'Authorization: Bearer TOKEN' 'https://sgmanager.us-south.securegateway.cloud.ibm.com/v1/sgconfig/SG-ID/clients'
    
    [{"id":"AAA","version":189,"version_detail":"Version 1.8.9","host":"0c081089b1c3","type":"docker"}]%
    

Analysis Summary

Let's summarize the information you have gathered about your Secure Gateway deployment

  1. Instance list: You know how many instances you have, and their names, groups, locations, status, and tags.

  2. Gateway list: For each instance, you know the information about the created gateways - how many you have, and for each one: key token, ID, node, key dates, and the enable/disable status.

  3. Destination list: For each Gateway, you know the incoming destination(s) and details for each: name, host & port, authentication method, network security, proxy settings, and other miscellaneous info.

  4. Client list: For each gateway, you know the connected clients.

Next steps

You can now use the output from the previous steps to begin Setting up Connector for testing Secure Gateway migration.