Gateways
Installation and setup of the Keeper Gateway
Overview
Keeper Gateway runs rotation, discovery, connections, and tunneling from your managed environments. Deploy it on Docker, Linux, or Windows, on a host, VM, or cluster. One Gateway can reach both on-prem and cloud infrastructure. Deploy one Gateway, or a Gateway pool, for each managed environment.
Platforms Supported
Platform Specific Capabilities
The Keeper Gateway offers different feature capabilities based on the underlying operating system and hardware. We recommend using Docker on a Linux or Windows host with x86-64 CPUs for full feature support and ease of management.
Docker (Linux or Windows host w/ x86-64)
All features supported
Docker (Linux host on ARM)
No Remote Browser Isolation
Linux (Enterprise Linux 8 and 9 variants)
All features supported
Linux (Non-EL variants)
No Remote Browser Isolation
Windows Native
No Remote Browser Isolation
No database connections
System Requirements
System requirements vary based on the number of simultaneous user sessions and the types of connections being established. As the volume of simultaneous connections grows, CPU and memory resources must be scaled accordingly.
Non-RBI Connections
For non-RBI connections, Keeper Gateway follows a predictable scaling model based on concurrent sessions.
General Sizing Guidelines (Non-RBI Sessions)
1 CPU core and 2 GB of memory for every 25 concurrent sessions
0-25
2
8 GB
26-50
3
12 GB
51-100
4
16 GB
101-200
8
32 GB
200+
Contact Us
Contact Us
RBI Connections
Remote Browser Isolation (RBI) sessions have significantly higher resource requirements compared to standard gateway connections.
Each RBI session launches a dedicated headless Chromium instance, which consumes substantially more memory than non-RBI sessions.
Estimated memory usage per RBI session: up to 800 MB
Memory consumption scales linearly with the number of concurrent RBI sessions
CPU requirements also increase depending on page complexity and user activity
General Sizing Guidelines (Non-RBI Sessions)
800 MB per RBI Connection
1-5
4
8 GB
6-10
6
16 GB
11-20
8
32 GB
21-40
16
64 GB
40+
Contact Us
Contact Us
A minimum of 2 CPU cores, 8 GB of RAM and 10GB of storage is recommended for any deployment, even test environments.
Production Environments
For production deployments, a minimum of 4 CPU cores and 16 GB of memory is required.
Scale CPU and memory resources based on the number of concurrent sessions, and refer to the sizing table above for guidance.
Installation Steps
The Keeper Gateway generates encryption keys and a local Secrets Manager configuration that is used to authenticate with the Keeper cloud. The location depends on the context in which the Gateway is being run. It can be installed to the local user or installed as a service.
Login to the Keeper Web Vault or Desktop App
Click on Secrets Manager on the left side
Create a new Secrets Manager Application or select existing application
Click on the "Gateways" tab and click "Provision Gateway"
Select Docker, Linux or Windows install method
Install the Keeper Gateway using the provided method
During the creating of a Keeper Gateway using a one-time token method for Linux and Windows, you have the choice to select "Lock external WAN IP Address of device for initial request". This will additionally IP lock the Gateway in addition to the authentication and encryption built into the service.
Deployment Methods
Based on your Operating System, refer to the corresponding guide on installing the Keeper Gateway:
Container Services:
Additional Installation Configurations
If you are installing on an EC2 instance in AWS, the Keeper Gateway can be configured to use the instance role for pulling its configuration from AWS Secrets Manager. Detailed instructions on this setup can be found here.
Last updated