4.1 Feature Comparison of Different Types of Access Gateways

Access Manager includes Access Gateway Appliance and Access Gateway Service. Access Gateway Appliance installs its own embedded Linux operating system. Whereas, Access Gateway Service runs on top of an existing installation of the Linux operating system. Both types of gateways support similar functionalities, but they differ slightly in the way some of these features are supported. For example, both can be configured for the following features:

  • Protecting web resources with contracts, Authorization, Form Fill, and Identity Injection policies.

  • Providing fault tolerance by clustering multiple gateways of the same type.

  • Providing fault tolerance by grouping multiple web servers, so that if one web server goes down, the content can be retrieved from another server in the group.

  • Rewriting URLs so that the names and IP addresses of web servers are hidden from the users making requests.

  • Generating alert, audit, and logging events with notify options.

Most differences between Access Gateway Appliance and Access Gateway Service result from the differences required for an appliance and for a service. An appliance can know, control, and configure many features of the operating system. A service that runs on top of an operating system can query the operating system for some information, but it cannot configure or control the operating system. For the service, operating system utilities must be used to configure system parameters and hardware. For the appliance, the operating system features that are important to the appliance, such as time, DNS servers, gateways, and network interface cards, can be configured in Administration Console.

This table describes the differences between Access Gateway Appliance and Access Gateway Service. Only your network and web server configurations can determine whether the differences are significant.

Table 4-1 Differences between Access Gateway Appliance and Access Gateway Service

Feature

Access Gateway Appliance

Access Gateway Service

Platform support

SLES 12 SP5

  • SLES 12 SP5

  • SLES 15 SP2

  • Red Hat Enterprise Linux 8.2

  • Red Hat Enterprise Linux 7.9

Network configuration

  • DNS servers

  • Gateways

  • Network interface cards

  • Host names

Configurable from Administration Console.

After the installation, by default only one network interface card is displayed in Administration Console. To detect other network interface card, perform the following steps:

  1. Configure a primary IP Address in YaST for the remaining interfaces.

  2. Click Devices > Access Gateways > Select the device > New IP > click OK.

Configurable with standard operating system utilities.

Date and time

Configurable from Administration Console.

Configurable with standard operating system utilities.

Cache directory

Uses Apache-caching. The cached files are stored in clear text. The operating system must be configured to protect this directory.

For more information about the Apache model, see “Caching Guide”.

Uses filesystem provided by the Apache mod_cache module.

For more information about the Apache model, see “Caching Guide”.