IBM Secure Gateway Service
Create a secure and persistent connection between your protected environment and the cloud
Get started for free
person standing before translucent cube that’s connected to various server and cloud elements
What is Secure Gateway Service?

The Secure Gateway Service provides a quick, easy and secure solution to connect anything to anything. The solution provides a persistent connection between on-premises or third-party cloud environments and the IBM Cloud®.

Secure Gateway Service features Fast and simple

Quickly set up gateways to connect your environments, manage the mapping between your local and remote destinations, and monitor all of your traffic.

Encryption and authentication

All communication with Secure Gateway is easily configurable to provide TLS encryption and mutual authentication.

Resource monitoring

Monitor all your gateways from the Secure Gateway Service dashboard or monitor individual gateways from the Secure Gateway Service client.

Access control list

Simple access management controls are available from the Secure Gateway Service client to allow or deny access on a per-resource basis to prevent any unauthorized access. This list will automatically synchronize to any client connected to the same gateway.

Load balancing and high availability

With Professional and Enterprise plans, you can connect multiple instances of the Secure Gateway Service client to your gateway to automatically use built-in connection load balancing and connection fail-over if a client instance goes down.

Next-level integration

Secure Gateway Service is just one part of a modern approach to integration. It’s now in an IBM Cloud Pak with everything else you need to round out your capabilities.

Learn more
Secure Gateway Service versions

Available free: one gateway, one destination and one client, transferring up to 500 MB per month

Connect securely for free

Offering five gateways with five destinations each and 50 GB per month throughput included. Connect to two clients per gateway for HA and load-balancing.

Access Professional edition

Offering 25 gateways with 25 destinations each and 500 GB per month throughput included. Also includes a dedicated hostname and static IP for users that require static IPs for their networking needs.

Access Enterprise edition
Related products IBM API Connect®

An end-to-end API solution that enables the automated creation of APIs, the simple discovery of systems of records, self-service access, and built-in security and governance

IBM App Connect

Set up flows that define how data is moved from one application to one or more other applications, without writing a single line of code. (link resides outside IBM)

IBM Cloud Product Insights

Using Product Insights, organizations can extend on-premises products and achieve the benefits of cloud environments.

IBM Watson® Studio

Build and train AI models, and prepare and analyze data, all in one integrated environment.

IBM Data Refinery

Discover a fully managed data preparation and data integration service.

IBM Cloudant® NoSQL DB

Explore a highly scalable and performant JSON database with powerful, query, analytics, replication and sync—all powered by Apache CouchDB.

Frequently asked questions

The IBM® Secure Gateway Service is not a VPN. It uses a server-client pairing to create a persistent, secure connection from the on-premises network to IBM Bluemix® that allows connections to specific resources in the on-prem network. Rather than bridging the environments at the network level, it provides granular resource control on both the cloud and on premises. Rather than starting with everything exposed and limiting connectivity with a VPN, we only require two outbound requests from the on-prem network, and default to denying access to local resources.

The Secure Gateway service represents layer 4 of the OSI model.

The Secure Gateway Service supports TLS version 1.2.

For the encrypted protocols, we offer both server-side and mutual authentication. Beyond that, we also offer iptables for these public-facing listeners to ensure only specific locations can initiate connections. From the Secure Gateway Client, there is also an Access Control List that determines what the client is allowed to connect to. This means that just because a resource has been defined and a public endpoint has been provided, no resource will be exposed until the Access Control List has been modified.

We currently support TCP, TLS, HTTP, HTTPS, and UDP. In theory, anything operating on top of those protocols should be possible to use. Once a resource has been defined within Secure Gateway, we will provide a unique public connection point to access the resource.

Resources IBM Secure Gateway Service documentation

See the official IBM® Secure Gateway Service documentation to help you get started. Find info on basics, technical specifications, guides and more.

IBM Garage™

Hybrid cloud. AI. Transformative technologies. And a whole new way of working.

Talk to an IBM Garage expert

Co-innovate with our teams and discover how to develop 67% faster and release 6 times more projects to production by designing smarter hybrid cloud and AI solutions.

Get started on Secure Gateway Service in minutes
Get started for free
More ways to explore Documentation Community and learning IBM Cloud Blog