Last modified on October 6, 2022

Gateways serve as the primary entry point to a strongDM network. They can be deployed with a DNS entry or sit privately on the corporate network behind a Virtual Private Network (VPN). You can also assign an IP address directly if you prefer not to use the Domain Name System (DNS) or a VPN.

In the case of a flat network, the gateway talks to the target systems on the corporate network. On a segmented network with no ingress, resources such as databases and servers may not be publicly accessible. A relay can be deployed behind your firewall to route traffic and function as the only access point to those protected resources.

strongDM Network Architecture
strongDM Network Architecture

Gateways are essentially relays with an assigned IP address and optional DNS entry. Both gateways and relays also decrypt end-user credentials and deconstruct requests for auditing purposes.

When clients connect to the strongDM network, they request a list of available gateways. StrongDM determines the most suitable route and sends all connections through one or more of these gateways. From the point of view of a resource, such as a database or server, all traffic originates from any relay or gateway with access to the resource.

Gateway settings and configurations can be managed in the strongDM Admin UI. To learn more, see Admin UI Gateways.