Close
logodocs

Gateways

Gateways are the initial entry point into the strongDM network and each must therefore be assigned an address that is accessible to your users. Your users will need at least one Gateway to connect to resources, but we recommend running them in pairs. strongDM gateways can be exposed directly to the public internet, or you may instead deploy Relays to extend your strongDM network into a secure network or subnet.

Generating a Gateway token

  1. Generate a gateway token. Log in to the Admin UI and select Network and Gateways in the navigation. Click on the add gateway button in the upper right, and a box will pop up. You can rename the gateway here, or do it later. Advertised host should be the IP address or host that the gateway will be listening on. Select a TCP port (default 5000) for the service to listen on. Bind IP should be 0.0.0.0 unless you only want the gateway to listen on one specific interface. Finally, the second port field should match the first. Click on create and the gateway token will appear onscreen. Copy the gateway token and put it aside. You will need it again in a later step.

    New Gateway
    New Gateway

  2. Set up a 64-bit Linux instance that will run the gateway. Machines should have at least 2 CPUs and 4 GB of memory. If the instance is using SELinux you will need to disable SELinux to install the gateway.

  3. Log in to the gateway instance and download the SDM binary: $ curl -J -O -L https://app.strongdm.com/releases/cli/linux

  4. Unzip it: $ unzip sdmcli_*_linux_amd64.zip

  5. Run the installer: $ sudo ./sdm install --relay

    The installer must be run by a user that exists in the /etc/passwd file. Any users remotely authenticated, such as with LDAP or an SSO service, will fail to complete the installation.

  6. You will be prompted for the Gateway token you created in Step 1. Paste it into the terminal and press enter. For security purposes you will not see the token on the screen.

  7. Log in to the Admin UI and the Gateway you created should now appear as Online, with a heartbeat. You may need to hard refresh the page.

  8. Confirm your gateway creation was successful by verifying that the LISTENADDR is accessible from the appropriate end user network:

    telnet 10.0.50.17 5000
    Trying 10.0.50.17...
    Connected to 10.0.50.17
    Escape character is '^]'
  9. Repeat this process to create a second Gateway if you wish; we recommend running them in pairs for high-availability.

If any errors occur, please copy them into an email and send to support@strongdm.com.

Admin UI Guide — Previous
Network
Next
Relays