Deploy a Managed Flex Gateway
Deploy a Managed Flex Gateway to a CloudHub 2.0 private space or Runtime Fabric namespace to launch a completely managed gateway. Configure the Managed Flex Gateway as an ingress to your target space by exposing a public endpoint, or configure the gateway to only handle internal traffic. You can have one or more Managed Gateway in each environment that the target space is shared with. Gateways can protect any instance from the same environment of the gateway or services in an external network.
Before You Begin
Before getting started with Flex Gateway, ensure:
-
The business group you want to deploy your gateway to has Managed Flex Gateway Resources. To redestribute Managed Flex Gateway resources to a business group, see Redistribute Resources Between Existing Business Groups.
Gateways cannot be shared across business groups. A user must be a member of the business group to access the Flex Gateway. -
You have created or have access to a deployment space:
Managed Flex Gateway on Runtime Fabric
| Flex Gateway is supported on Runtime Fabric as a limited availability GA release. For access, contact your sales representative. |
For Flex Gateway Agent Fabric deployments on Runtime Fabric, you must enable Open Telemetry with a 100 percent Sampling percentage. You cannot override the sampling percentage for individual APIs.
Deploy a Managed Flex Gateway
-
Log in to Anypoint Platform with your Anypoint username and password.
-
Select Runtime Manager.
-
Ensure you’re in environment where you would like to deploy your Managed Gateway
-
Click Flex Gateways in the side navigation panel.
-
Click Managed Flex Gateway.
-
Click Add Managed Flex Gateway.
-
Enter a Gateway Name.
-
Select the Deployment Target where you want to deploy your Managed Flex Gateway.
-
Select a Release Channel:
Release channel
Description
Edge
This channel releases a new minor version every four months. It has the latest features and shorter support windows.
Long-Term Support
This channel releases a new minor version once a year.
To learn more about the differences between release channels, see Flex Gateway Version Lifecycle.
-
Select Version.
Select the latest version unless if a later version is specifically needed.
-
Select Flow Plans:
Size
Description
Small Managed Flex Gateway
Use for testing and staging purposes. Small Managed Flex Gateways can deploy up to 50 APIs with a maximum of 100 requests per second.
Large Managed Flex Gateway
Use for production purposes. Large Managed Flex Gateways can deploy up to 500 APIs with a maximum of 500 requests per second.
To learn more about Managed Flex Gateway sizing, see Managed Flex Gateway Limits.
-
Configure Advanced options:
- Ingress
-
-
Public endpoint:
-
Select your desired private space Domain.
To learn more, see Creating Private Spaces.
-
Enter a Host.
-
Click Add Endpoint to add an additional endpoint to a different domain.
Managed Flex Gateway supports one Public endpoint per domain in your private space.
-
-
Ingress options:
-
Forward SSL Session:
Enables SSL forwarding during a session.
SSL forwarding is mostly used with client authentication. See Enable Client Authentication. SSL forwarding forwards client certificate details in HTTP request headers so they are available to the gateway. These fields can identify an authenticated client and allow the gateway policies to determine and use the identity.
The following headers are available:
Header Name Value x-ssl-client-verify
SUCCESS/FAIL
x-ssl-issuer
Client certificate issuer
x-ssl-client-serial
Client certificate serial number
x-ssl-client-dn
Contents of the client certificate DN field
x-ssl-client-cert
Contents of the client certificate
-
Last-mile Security:
Specifies that TLS termination and decryption for the forwarded HTTPS connections occurs in the gateway.
-
-
- Properties
-
To configure how long Managed Flex Gateway waits for response or idle connections, configure the timeout properties:
Parameter
Description
Upstream Connection Idle Timeout
The time a upstream connection can remain idle without receiving client requests. Upstream responses are not included in this timeout.
Upstream Response Timeout
The time the upstream service has to respond from when Flex Gateway sends a request.
Stream Idle Timeout
The time a stream can remain idle without receiving additional client requests or upstream responses.
- Logging
-
-
Forward application logs to Anypoint Monitoring:
Forwards Flex Gateway logs to Anypoint Monitoring. When disabled, logs are only available in Runtime Manager.
-
Additional Log Levels:
-
INFO: Informative messages
-
DEBUG: Debugging messages
-
WARNING: Warning messages
-
ERROR: Error messages, such as when an exception occurs
-
FATAL: Fatal messages for when an application fails
You can use Access Management audit logs to track Managed Flex Gateway actions, such as creating, editing, starting, and stopping gateways. Audit logs don't require configuration.
To learn more, see xref:flex-managed-view-status.adoc#audit-logs[View Managed Flex Gateway Audit Logs].
-
-
- Distributed Tracing
-
-
Distributed tracing:
Enable to generate OpenTelemetry distributed tracing data for the Managed Flex Gateway. When enabled, you can set the sampling percentage.
-
Sampling percentage:
Set the overall distributed tracing sampling percentage. This setting corresponds to the
overallsampling percentage. Theclientandrandomsampling percentages are set to 100% by default, if the sampling percentage is set to a non-zero value here.Set the Sampling percentage to 0 if you want to specify the sampling percentage only on a per-API basis, using the Tracing policy.
For Flex Gateway Agent Fabric deployments on Runtime Fabric, you must enable Open Telemetry with a 100percent Sampling percentage. You cannot override the sampling percentage for individual APIs.
-
-
Click Save & deploy.
Edit a Managed Flex Gateway Settings
To edit a Managed Flex Gateway setting:
-
From Anypoint Platform, select Runtime Manager > Flex Gateways.
-
Click the Managed Flex Gateway name.
-
In the navigation menu, click Settings.
-
Make the necessary edits.
-
Click Apply changes.