Gateways

Installation and setup of the Keeper Gateway

Overview

The Keeper Gateway is a service that is installed on any Docker, Linux or Windows machine in order to execute rotation, discovery, connection and tunneling. A single Gateway can be used to communicate with any target infrastructure, both on-prem and cloud. Typically, customers deploy a Keeper Gateway in each environment that is being managed.

Platforms Supported

Platform Specific Capabilities

The Keeper Gateway offers different feature capabilities based on the underlying operating system and hardware. We recommend using Docker on a Linux or Windows host with x86 CPUs for full feature support and ease of management.

Platform
Compatibility

Docker (Linux or Windows host w/ x86)

  • All features supported

Linux (RHEL 8, Rocky Linux 8)

  • All features supported

Docker (Linux host on ARM)

  • No Remote Browser Isolation

Linux Binary Install (Ubuntu, Debian)

  • No Remote Browser Isolation

  • Limited connection protocols

Windows Binary Install

  • No Remote Browser Isolation

  • No database connections

Note: EL9 which includes Rocky Linux 9 and RHEL 9 support is coming soon.

System Requirements

System requirements vary based on the number of simultaneous user sessions and the types of connections being established. As the volume of simultaneous connections grows, scaling CPU and memory resources becomes essential. In particular, remote browser isolation (RBI) launches a headless Chromium instance for each session. If you anticipate a high number of RBI sessions, ensure the system is scaled to meet these demands.

For a testing or sandbox a minimum of 2 CPUs with 8GB of memory and 10GB of storage is required. In a production environment, increase to at least 4 CPUs with 16GB of memory. Scale the number of CPUs and memory as the number of simultaneous sessions increases.

Installation Steps

The Keeper Gateway generates encryption keys and a local Secrets Manager configuration that is used to authenticate with the Keeper cloud. The location depends on the context in which the Gateway is being run. It can be installed to the local user or installed as a service.

  • Login to the Keeper Web Vault or Desktop App (version 17.1 or newer required)

  • Click on Secrets Manager on the left side

  • Create a new Secrets Manager Application or select existing application

  • Click on the "Gateways" tab and click "Provision Gateway"

  • Select Docker, Linux or Windows install method

  • Install the Keeper Gateway using the provided method

During the creating of a Keeper Gateway using a one-time token method for Linux and Windows, you have the choice to select "Lock external WAN IP Address of device for initial request". This will additionally IP lock the Gateway in addition to the authentication and encryption built into the service.

Based on your Operating System, refer to the corresponding guide on installing the Keeper Gateway:

Additional Installation Configurations

If you are installing on an EC2 instance in AWS, the Keeper Gateway can be configured to use the instance role for pulling its configuration from AWS Secrets Manager. Detailed instructions on this setup can be found here.

PreviousDevicesNextCreating a Gateway

Last updated

Was this helpful?