Vulcan Gateway - Technical Deep Dive

Vulcan gateway is an on-prem component that allows the Vulcan platform to connect to connectors which have restrictive access controls without the need to open TCP connections.

In order to create a seamless connection between Vulcan SaaS offering, and on prem connectors, Vulcan utilized a small on-prem component called the Vulcan Gateway.
It is a small Ubuntu linux virtual machine in an OVA format - which knows to look for configuration about the connectors it needs to connect to from the Vulcan Platfrom. Once the configuration is loaded, it opens a reverse SSH tunnel to the TCP connector that the connector uses on the one hand, and on the other hand to a dedicated Vulcan server that acts as proxy for the Vulcan platform to use.

2. The OVA will use that ID, and try and download a JSON file – constructed from all the connectors configured for that specific ID. That Json can be pulled using any browser in order to inspect its content using:

This is an API gateway, that maps the request to an S3 Bucket, which is created / updated anytime someone makes a relevant change from the Vulcan UI.

3. After downloading the file, the OVA, will parse all the relevant IP addresses & ports, and will try to open the relevant tunnel for each.

4. The tunnel is opened using a dedicated random port – which is unique globally to that specific connector – and against the dedicated gateway server (gateway.vulcancyber.com, port 1939)

5. On the Vulcan Platform Side, the platform will know to replace the IP & Port that the user put in the UI, with the correct ones in the generated in the JSON.

​

Decomissioning Note

Upon expiration of the license, there will be no substantial alterations from an operational standpoint. As the OVA (On-premises Virtual Appliance) does not store any data and merely serves as a communication intermediary, its functionality remains unaltered. Vulcan, the associated cloud service, will cease to receive new data streams, as data polling is exclusively initiated from the cloud service itself. Moreover, it is imperative to note that the OVA does not retain any proprietary business logic, further ensuring continuity of existing operations.

The Gateway VM is a crucial component of the Vulcan system, responsible for managing communication between the Gateway server and the on-prem tool. In this article, we will discuss the various aspects of how the Gateway VM communicates with these components.

Every 60 minutes, the Gateway VM checks for an instruction JSON file from the Gateway server. This communication occurs through port 443, which is a secure and commonly used port for web traffic. The instruction file contains commands and updates for the Gateway VM to execute.

Upon receiving the instruction file, the Gateway VM processes the commands and identifies any changes since the last probe. It then sets up or removes SSH tunnels accordingly. This process ensures that the Gateway VM is always up-to-date and able to handle any changes in the system.

The Gateway VM also establishes a daily connection to the on-prem tool. This connection is established at a configurable time through the web interface, making it easy for users to customize the timing according to their needs.

The SSH tunnel is a secure and encrypted connection between the Gateway VM and the Vulcan servers. It uses port 1939 for outbound communication and port 443 for inbound communication, depending on the connector configuration. This ensures that all communication between the Gateway VM and the Vulcan servers is secure and protected.

The Gateway VM does not store any business logic or customer data at any time. All data is securely transmitted and stored on the Vulcan servers, ensuring the highest level of data protection for our users.