Brief:
Vulcan gateway is an on-prem component that allows the Vulcan platform to connect to connectors which have restrictive access controls without the need to open TCP connections.
Deep Dive:
In order to create a seamless connection between Vulcan SaaS offering, and on prem connectors, Vulcan utilized a small on-prem component called the Vulcan Gateway.
It is a small Ubuntu linux virtual machine in an OVA format - which knows to look for configuration about the connectors it needs to connect to from the Vulcan Platfrom. Once the configuration is loaded, it opens a reverse SSH tunnel to the TCP connector that the connector uses on the one hand, and on the other hand to a dedicated Vulcan server that acts as proxy for the Vulcan platform to use.
2. The OVA will use that ID, and try and download a JSON file – constructed from all the connectors configured for that specific ID. That Json can be pulled using any browser in order to inspect its content using:
https://gatewayconfig.vulcancyber.com/api/asset_manager/vulcangateway/get_config/<ID>/
This is an API gateway, that maps the request to an S3 Bucket, which is created / updated anytime someone makes a relevant change from the Vulcan UI.
3. After downloading the file, the OVA, will parse all the relevant IP addresses & ports, and will try to open the relevant tunnel for each.
4. The tunnel is opened using a dedicated random port – which is unique globally to that specific connector – and against the dedicated gateway server (gateway.vulcancyber.com, port 1939)
5. On the Vulcan Platform Side, the platform will know to replace the IP & Port that the user put in the UI, with the correct ones in the generated in the JSON.
Communication Methods
Purpose | source | destination | Protocol | port |
Web Management interface | Client Browser (any) | HTTP/S | 443 | |
Gateway config file | OVA | HTTP/S | 443 | |
Tunnel to Vulcan | OVA | gateway.vulcancyber.com | SSH | 1939 |
Tunnel to connector | OVA | Internal Connector IP | TCP | Internal Connector Port |
Decomissioning Note
Upon expiration of the license, there will be no substantial alterations from an operational standpoint. As the OVA (On-premises Virtual Appliance) does not store any data and merely serves as a communication intermediary, its functionality remains unaltered. Vulcan, the associated cloud service, will cease to receive new data streams, as data polling is exclusively initiated from the cloud service itself. Moreover, it is imperative to note that the OVA does not retain any proprietary business logic, further ensuring continuity of existing operations.