tencent cloud


Security Gateway

Last updated: 2023-08-04 10:01:01


    A security gateway is a proxy system designed to integrate and interconnect iPaaS and your private network service. You can use it when you want to integrate your private network service through iPaaS (deployed in the public cloud) but your private network service is inaccessible over the public network.

    A security gateway consists of the Server and the Agent:

    • The Server is deployed in the private network of iPaaS, and you don't need to care about it.
    • The Agent is deployed in your private network. You can deploy multiple Agents in different regions or for different services and use the security gateway for forwarding data to implement data interaction between iPaaS and your private network service.

    Configuring the Agent

    Step 1. Download the Agent

    1. Log in to the iPaaS console and select Security gateway.
    2. Click Create and upload a public key as instructed in Generating Public and Private Keys.
    3. Configure the Agent IP allowlist and private network service, confirm the information, and click Save.
    4. Click Download Agent in the security gateway list.
    • The directory structure of the decompressed Agent package is as detailed below:
      • The bin directory contains the executable programs of the Agent, which are in sub-directories Linux, Windows, and Mac for use on different operating systems.
      • The configs directory contains the configurations required for Agent execution. In configs:
        • The client directory stores the configurations such as key required for Agent TLS communication. Such configurations correspond to those of the Server. Files in this directory cannot be deleted or modified.
        • The secret directory stores the private key for the Agent to connect to the Server. For more information on how to generate a private key, see Generating Public and Private Keys.
        • The config.yaml file contains configurations that must be depended on for Agent execution.
        • The logger_config.yaml file contains the log configuration for Agent execution. You can modify the log level and log backup policy.
      • The log directory stores logs generated during Agent execution.
      • The scripts directory stores the Agent startup/stop scripts (start.sh/stop.sh).

    Step 2. Configure Agent logs

    You can modify the logger_config.yaml file in the ipaas-private-cloud-agent/configs directory of the Agent to modify the gateway log level and log backup policy as needed. The meaning of each parameter has been detailed in the file.

    Step 3. Start the Agent

    Run the startup script for your operating system to start the Agent:

    Run the following command to start the Agent:


    Relevant commands

    Below are the commands for stopping the Agent on different operating systems:

    Run the following command to stop the Agent:


    Generating Public and Private Keys

    Step 1. Check the OpenSSL version

    Run the following command to check whether OpenSSL has been installed:

    openssl version

    If the OpenSSL version information can be output normally after the command is executed, OpenSSL has been installed and you can skip step 2; otherwise, install OpenSSL as instructed below.

    Step 2. Install OpenSSL

    The OpenSSL installation method varies by operating system as follows:

    Run the following command to install OpenSSL:

    brew install openssl

    Step 3. Generate and update public and private keys

    1. Run the following command to generate a private key:
      openssl genrsa -out private.pem 1024

    Place the generated private key in the ipaas-private-cloud-agent/configs/secret directory.
    2. Run the following command to generate a public key for the private key. The public.pem file generated in the current directory is the public key.

    openssl rsa -in private.pem -RSAPublicKey_out -out public.pem
    1. To generate a new private key, replace the private.pem file in the ipaas-private-cloud-agent/configs/secret directory.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support