Manage Gateways

A Gateway is a grouping of Gateway Instances that share the same configuration. To ensure high availability, Entrust recommends  that you add at least two instances to your gateway.

Once deployed, each Gateway Instance contains the following agents:

●       Password Agent—Performs Active Directory password authentication, password reset, password change requests, and sends requests to the Certification Authority (CA) Gateway.

●       RADIUS Agent—Performs RADIUS authentication for services such as VPN.

RADIUS agent supports the following authentication protocols:

–  Password authentication protocol (PAP)

–  Challenge-Handshake Authentication Protocol (CHAP)

–  Microsoft Challenge Handshake Authentication Protocol version 1 (MSCHAPv1)

–  Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2)

CHAP and MSCHAP are not supported by Active Directory (AD) Password authenticators. OTP and Token (including Entrust Soft Token Push) authenticators support all of the above RADIUS authentication protocols.

●       IdentityGuard Agent—Allows existing Entrust Identity Enterprise integrations and other clients to use Identity as a Service in place of Entrust Identity Enterprise.

●       Directory Sync Agent—Syncs Active Directory users and groups with Identity as a Service.

●       Management Agent—Handles gateway upgrade requests launched from Identity as a Service.

●       SIEM Agent—Communicates the Enterprise Service Gateway to the SIEM system.

Note: An Identity as a Service Gateway is hardened as required by the CIS Hardening Standards Level 1. See the Center for Internet Security for more information about the standards.

For Enterprise Service Gateways that connect to IDaaS, you must configure your firewall to allow connections to your IDaaS account. IDaaS uses HTTPS on port 443.

Identity as a Service Gateway port information

●       The Identity as a Service Gateway and its agents connect to Identity as a Service on port 443.

●       A VPN uses the UDP protocol to connect a RADIUS agent within the Identity as a Service Gateway. The RADIUS agent uses port 1812 by default.

●       The Entrust Identity Enterprise application connects to the Entrust IdentityGuard agent over TCP. The Entrust Identity Enterprise application must be configured to use port 8443 over TLS.

Topics in this section:

●       Create and configure a Gateway

●       Add a Gateway Instance

●       Enable, rename, and delete Gateways

●       Upgrade a Gateway Instance

●       Set Gateway Agent worker threads

●       Enable SSH on an IDaaS Gateway

●       Manage Gateway certificates