Satellite Connector and Secure Gateway
Satellite Connector replaces Secure Gateway to provide connection between IBM Cloud and your on-prem data center.
Terminology mapping
See the following table to compare terminology between Secure Gateway and Satellite Connector.
| Secure Gateway | Satellite Connector | Notes |
|---|---|---|
| Secure Gateways | Satellite Connector and Agents | Automatically created when you create a Satellite Connector. |
| Secure Gateway Client | Satellite Connector Agent | Satellite Connector is a containerized solution. |
| Secure Gateway Destination | Satellite Connector Endpoint | They are the same thing. |
| Secure Gateway API | Satellite Connector API | The constructs are similar. |
| Secure Gateway Endpoint | Satellite Connector API Endpoint | This term in Secure gateway refers to the API endpoint. |
| Secure Gateway Dashboard | Satellite Connector Endpoints page in cloud.ibm.com |
Capabilities
Satellite Connector offers a lot of the same capabilities as Secure Gateway and some additional features which provide a more seamless integration into IBM Cloud.
The following table highlights how capabilities are provided in Secure Gateway and Satellite Connector.
| Topic | Secure Gateway | Satellite Connector | Notes |
|---|---|---|---|
| Public internet access | Cloud side of a destination is exposed on a public IP address. | Cloud side of an endpoint is exposed only to the IBM Cloud private endpoint network so that it's reachable only from within IBM Cloud. | Satellite Connector Access Control List sets the access. |
| Integrations | N/A | Integrated when you connect your Satellite Connector Agent location to Activity Tracker, LogDNA, and Sysdig. | The agent itself runs on a container platform that isn’t integrated into the IBM Cloud tools. For example, Docker won’t send logs to logDNA. |
| Client access | Secure Gateway Client supports Windows, Linux, Mac, Node.js module, and container. | Satellite Connector supports container. | |
| Clients per instance | Limited to 4 client connections for high availability | For high availability support, use 3 clients. Up to 9 clients allowed to scale containers over time. | |
| Client requirements | See Requirements to run the Client. |
|
|
| Encryption (TLS support) | TLS version supported is 1.2. Protocols supported are UDP, TCP, HTTP, and HTTPS. | TCP, TLS (version 1.3), HTTP, HTTPS, and HTTP Tunnel. No UDP support. | |
| Authentication | Mutual authentication is supported. | Provided by the target and can be configured with mutual authentication on the Satellite Connector parts. | |
| Load balancing and high availability | Can connect multiple instances of the Secure Gateway Service client to your gateway to automatically use built-in connection load balancing and connection fail-over if a client instance goes down. | Can connect multiple Connector agents to your connector instance in Cloud to automatically use built-in load balancing and connection failover if an container goes down. |