Secure Gateway Service and Support Continues During Transition Planning

4 min read

IBM Cloud will be deprecating the Secure Gateway product in favor of IBM Cloud Satellite.

January 2022 update: Please see the final section of this post for information on the timeline of the deprecation.

For a number of years, the IBM Cloud Secure Gateway Service has provided a secure solution for connecting resources in a protected environment to cloud resources. As the IBM Cloud has matured and new technologies have become available, IBM is always working to provide the best possible solutions for our clients.  As such, IBM Cloud will be deprecating the Secure Gateway product in favor of the newly released IBM Cloud Satellite. Satellite is a much more mature and fully capable solution, and it is the future of remote location access of customer applications and resources.

As IBM Cloud moves forward to the latest level of technology to secure client communications among our hybrid cloud deployments, we have introduced IBM Cloud Satellite for extending consistent cloud resources and simplicity to all sites. It allows you to build faster, securely, anywhere. Satellite provides the same application-level transport through common ports as Secure Gateway, with greater client visibility and audit control, but also enables the deployment of additional IBM cloud-managed services and features directly in your on-premises or cloud locations.

IBM Cloud Satellite 

IBM Cloud Satellite allows you to launch consistent cloud services anywhere — across any cloud, on-premises and at the edge — with speed and simplicity. It includes Satellite link functionality, which improves upon the Secure Gateway client experience with a highly available and secure-by-default communication between the cloud and client premise, third-party clouds or network edge.

Satellite runs as a set of three REL7 hosts that define a location. The location is a small instance of IBM Cloud where ever you need it to be. The client can use Satellite as application transport (Layer 4) between the location and other IBM services or their own applications running within IBM Cloud. Once in place, they can also run those same services locally, at the location, to address a number of real-world challenges: 

  • Consistent public cloud experience across geographies and clouds: Satellite provides a consistent cloud experience in all parts of the world, regardless of the lack of any given public cloud provider’s regional presence. A consistent development platform results in higher development velocity.
  • Co-locating data and processing: Satellite allows data processing to happen close to the data, alleviating latency. This is especially important when using predictive AI analytics or other critical applications with large date sets.
  • Data sovereignty, security and compliance needs: Satellite allows client data to remain in-country, meeting local regulatory, contractual, information security or compliance needs. 

Check out these sites for more information on IBM Cloud Satellite, or contact your IBM sales representative.

Virtual Private Network

Another option to replace Secure Gateway is a Virtual Private Network (VPN). In essence, VPNs enable users to share data across public networks as though they were using a private network. They create virtual point-to-point connections using tunneling protocols, encryption and dedicated connections, which facilitate secure and functional environments for the data to be shared.

There are a few VPN-related technologies on the IBM Cloud that provide this level of VPN connection capability:

  • IPSec VPN: VPN facilitates connectivity from your secure network to IBM IaaS platform’s private network. A VPN connection from your location to the private network allows for out-of-band management and server rescue through an encrypted VPN tunnel. Communicating using the private network is inherently more secure and gives users the flexibility to limit public access while still being able to access their servers. Any user on your account can be given VPN access, which is available as both SSL and PPTP.
  • VPN for VPC: With Virtual Private Cloud (VPC), you can quickly provision generation 2 virtual server instances for VPC with high network performance. VPC infrastructure contains a number of Infrastructure-as-a-Service (IaaS) offerings, including Virtual Servers for VPC.

Usage scenarios: VPN vs. IBM Cloud Satellite

The products above are useful in different circumstances and bring different levels of capability to your Cloud experience. IBM Cloud Satellite is considered a distributed cloud, which is also what parts of Secure Gateway could generally be described as. So, when do you want a distributed cloud, and when do you want a VPN?

One of the key differences between VPNs and distributed clouds is that VPNs expose the entire network by default. This is useful if the intention is to share significant amounts of resources over the network, but it requires extensive configuration to secure the resources that you don’t want to share. 

Distributed clouds approach things in the opposite manner; by default, access to local resources is denied. To allow access to a resource, it has to be added as a "location," and authorization needs to be granted in the access control list. This makes IBM Cloud Satellite a powerful choice if there is a limited amount of resources that need to be accessed, because it involves significantly less configuration to keep other assets secure.

You can use both distributed clouds and VPNs to connect and access resources through the IBM Cloud, but the ideal option will depend on your use case. If only a limited set of resources needs to be accessed, then a distributed cloud is probably the best way to go. This is because IBM Cloud Satellite is quicker and easier to configure and won’t run the risk of exposing assets that were intended to remain closed off.

On the other hand, if a company needs to share vast amounts of its resources between its various offices, VPNs can be a better choice. The administrators can then configure the VPN to lock down those resources that they don’t want shared over the virtual network.

So, the decision of what kind of technology to use when securing your cloud resources depends on your intended usage, overall security concerns, and level of configuration effort required with each method. Generally speaking, if you want the very latest in computing capability, flexibility in infrastructure options, a consistent operational experience, and the very best security possible across multiple locations, you should consider IBM Cloud Satellite.

Secure Gateway deprecation details

Based on complete customer scenarios, IBM is delaying the execution of the Secure Gateway deprecation. IBM continues to work closely with our valued customers, and while an end-of-life date for the Secure Gateway service has not been determined, we will update with full details and a plan to start the process, no sooner than July 2022. At that time all Secure Gateway users will be updated with timelines and service migration options.

Secure Gateway will remain fully operational and supported until we update with the plan in the future.

Be the first to hear about news, product updates, and innovation from IBM Cloud