Brief:
Vulcan gateway is an on-prem component that allows the Vulcan platform to connect to connectors which have restrictive access controls without the need to open TCP connections.
Deep Dive:
In order to create a seamless connection between Vulcan SaaS offering, and on prem connectors, Vulcan utilized a small on-prem component called the Vulcan Gateway.
It is a small CentOS linux virtual machine in an OVA format - which knows to look for configuration about the connectors it needs to connect to from the Vulcan Platfrom. Once the configuration is loaded, it opens a reverse SSH tunnel to the TCP connector that the connector uses on the one hand, and on the other hand to a dedicated Vulcan server that acts as proxy for the Vulcan platform to use.
2. The OVA will use that ID, and try and download a JSON file – constructed from all the connectors configured for that specific ID. That Json can be pulled using any browser in order to inspect its content using:
https://gatewayconfig.vulcancyber.com/api/asset_manager/vulcangateway/get_config/<ID>/
This is an API gateway, that maps the request to an S3 Bucket, which is created / updated anytime someone makes a relevant change from the Vulcan UI.
3. After downloading the file, the OVA, will parse all the relevant IP addresses & ports, and will try to open the relevant tunnel for each.
4. The tunnel is opened using a dedicated random port – which is unique globally to that specific connector – and against the dedicated gateway server (gateway.vulcancyber.com, port 1939)
5. On the Vulcan Platform Side, the platform will know to replace the IP & Port that the user put in the UI, with the correct ones in the generated in the JSON.
Communication Methods
Purpose | source | destination | Protocol | port |
Web Management interface | Client Browser (any) | HTTP/S | 443 | |
Gateway config file | OVA | HTTP/S | 443 | |
Tunnel to Vulcan | OVA | gateway.vulcancyber.com | SSH | 1939 |
Tunnel to connector | OVA | Internal Connector IP | TCP | Internal Connector Port |