Action Required Service Updates

More secure and faster than ever! Secure Gateway 1.8.0

Share this post:

We’ve been hard at work improving the industry leading IBM Secure Gateway Service with throughput enhancements showing up to 10x improvement! With the release of version 1.8.0 you will also find the capability for weathering server-side service updates with zero downtime and more fine-grained controls over your destination settings .

First time learning about the Secure Gateway Service? Check out this blog.

Already using Secure Gateway and want to learn more about the new features? Keep reading below!

Security Enhancements

Action required: users that are attempting to create TLS or HTTPS connections to destinations configured to use TCP or HTTP may need to update both the Protocol and Resource Authentication of their destination(s) to match the expected communication channel, if their destinations were not already configured that way. As part of our ongoing effort to maintain and improve the security of Secure Gateway, we identified an issue that allowed encrypted traffic to flow across destinations configured to use unencrypted protocols. As part of this update, we now require that customers looking to use TLS and HTTPS connections must configure the security through the Secure Gateway Service as well. This will enhance security, and reduce the possibility of timing errors that some customers experienced when attempting TLS or HTTPS connections that were not configured this way.

Up to 10x Improvement in Data Throughput

With significant modifications to data management flows on both the Secure Gateway servers and the Secure Gateway client, we’ve reached overall data throughput improvements upwards of 10x faster than previous versions. The exact improvement that you see will be largely dependent on the type of workload you are pushing across Secure Gateway; the largest improvements will likely be seen across workloads using persistent, concurrent connections.

Zero Downtime Server Updates

Once you have upgraded to v1.8.0 Secure Gateway Client, you will no longer experience the previous small outages associated with each Secure Gateway server update. This version of the client has the capability to reload in place to take advantage of server-side changes without interrupting any active connections.

Data Compression

Previously, all data passing between the Secure Gateway client and the Secure Gateway servers in Bluemix went through compression, regardless of the compressibility of the data. Using our API, you can set whether or not data transferred for a particular destination should be compressed. By default, each new destinations will be configured to compress its data. To take advantage of this configuration, you can call our API with the following template:

curl -X PUT "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gatewayID>/destinations/<destinationID>" -H "Authorization: Bearer <gatewaySecurityToken>" -H "Content-type:application/json" -d '{"compressData": <boolean>}'

Where:

  • <gatewayID> must be replaced with your gateway’s unique ID
  • <destinationID> must be replaced with your destination’s unique ID
  • <gatewaySecurityToken> must be replaced with your gateway’s security token
  • <boolean> must be replaced with true or false depending on whether the data should be compressed

Other Fixes

Other minor fixes included in this version of Secure Gateway include:

  • Previously iptable rules could be added in the wrong order and cause a destination to be unreachable until resetting the rules, now they cannot be added in the wrong order.
  • We repaired an issue where HTTP headers with `host` instead of `Host` wasn’t being correctly updated.
  • The Destination Info panel and the Edit Destination panel now have matched protocols.
  • Gateway security tokens should no longer be generated with invalid characters.
  • We now provide a warning when a user attempts to import a gateway after reaching the gateway limit.

 

As always, we’re here to help! Please reach out to us in the support forums.

You can also check out additional information on the Secure Gateway Service at our catalog page here: Secure Gateway.

More Action Required Service Updates stories
April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 23, 2019

Announcing the Deprecation of the Watson Machine Learning JSON Token Authentication Service

We’d like to inform you about the deprecation of the Watson Machine Learning JSON Token Authentication service. This method of authentication will be retired on May 30, 2019.

Continue reading

April 9, 2019

Deprecating IBM Cloud Activity Tracker

We are announcing the deprecation of the IBM Cloud Activity Tracker service on April 30, 2019.

Continue reading