PROVIDE GATEWAY – Reverse Proxy
Why harden a server using a reverse proxy?
Using a reverse proxy means you do not expose internal systems via public firewall ports. You can compare it with having a well-trained doorman who receives and delivers packages behind locked doors.
Setup and Installation
On Windows there is an easy setup software, which is done in a few clicks with no active choices needed.
It’s a secure tunnel allowing the traffic between ProVide and the Gateway, while terminating all other incoming traffic through the DMZ.
ProVide Gateway runs on both Windows (Server 2016/2019) and Linux (Ubuntu 18.04.4 is officially supported and in addition, it’s known that ProVide Gateway is used on Centos, SUSE and Debian distributions as well).
The reverse proxy service operates much like a guard booth. When a client comes to the counter and asks to deliver a package or to receive a package the guards will ask for credentials,
The KISS principle
The ProVide Gateway follows the KISS principle and provides two-way communication with connecting clients, but only responds to commands coming from a ProVide server. As such the gateway does not need to know or keep records, passwords or any other sensitive data.
With ProVide you get a reversed Proxy Gateway made for those who value very high security. It allows communication with ProVide through DMZ, and safely terminates all connections and never stores any data in your DMZ.
The client will never connect directly to the server, instead, it connects through the gateway to the server located safely in your internal network. Your external clients will connect just as they normally would without any need for additional hardware, software or knowledge.
This solution is preferable for companies that need a dedicated, encrypted server with an easy-to-use interface. Your end-users don’t need to install any software to access your files and can access them from any device or platform.
What is a Gateway?
A gateway works as a connection point which then sends the connection to the server in a secure way. The client never connects directly to the server but to the gateway which then sends the traffic to the server. For example, ProVide Gateway is a reverse proxy; increasingly minimizing the attack vectors by hiding the identity of your ProVide server using an opaque service, in other words, services that are detected on the calling side, such as a reverse proxy situated outside of the firewall, in your DMZ.
Why do you need one?
The short answer is, for a really high amount of security.
If you have a DMZ zone, you can keep the gateway on the internet side, while keeping the server unexposed on the internal network. You then form a secure connection between the gateway and the server, only allowing traffic to the server, while eliminating all other traffic. The reverse proxy means all connections from your ProVide server are made from within a firewall, or a tiered array of firewalls that need no externally exposed port openings.
How does it work?
ProVide Gateway allows you to make a secure connection between ProVide running in the Internal network and ProVide Gateway running connected to the internet. It’s a secure tunnel allowing the traffic between ProVide and the Gateway while terminating all other incoming traffic through the DMZ. You can configure ProVide to create a route to the gateway on the following protocols, SFTP, HTTP, HTTPS. Each route can be enabled and disabled with the press of a button.
Linux or Windows or Both?
ProVide Gateway runs on both Windows (Server 2016/2019) and Linux (Ubuntu Server v16 or later is officially supported and in addition, it’s known that ProVide Gateway is used on Centos, SUSE and Debian distributions as well).
How is the Setup?
On Windows there is an easy setup software, which is done in a few clicks with no active choices needed. On Linux you are simply provided with the executable, which you can simply run or register as a service if you wish to. Setting up connections between ProVide and the Gateway is done in the administration interface for ProVide.
ProVide Gateway can be configured to create routes through the gateway using SFTP, HTTP and HTTPS. Each route can after configuration be enabled and disabled with the press of a button in the ProVide Administration interface.
Over a million users around the globe
ProVide has been developed for over a decade. Today we have over a million users globally, making our solutions one of the most used professional file systems.
To be able to use Provide Gateway you need to install preferred version of Provide Server software.
With each server license, unlimited user licenses are included!
Would you like to know more about our solutions?
Sometimes it can be tricky to choose the right solution for your business. We are here to guide you, and we can also adapt the preferred solution to fit your needs and organisation.
Please make contact with our Provide Expert Ann-Charlotte Lund Nielsen for further information.
Key Account Manager
Ann-Charlotte Lund Nielsen
Phone: +46 (0)500 48 16 50 or +46 (0)500 27 11 52