Gateway Manager overview
Gateway Manager is an Itential Platform application that registers and manages your IAG 5 gateway clusters, discovers the services they expose, and makes those services available as tasks in your automation workflows. It handles secure connectivity, service discovery, and access control between your gateway deployments and Platform.
How Gateway Manager works
Gateway clusters often run in environments that are physically or logically separate from the Itential Platform deployment, in a different network segment, or behind a corporate firewall. Gateway Manager provides the integration layer that connects them.
IAG 5 initiates an outbound connection to Itential Platform using WebSocket and mutual TLS (mTLS). Gateway Manager receives the connection, registers the cluster, and discovers all services on it. Those services immediately appear in the workflow task palette—no manual registration or restarts required.
When a workflow calls a gateway service, Platform routes the task through Gateway Manager to the appropriate cluster. The cluster executes the service locally and returns the result.
Key features
Secure, VPN-free connectivity
IAG uses mTLS to connect to Platform, requiring both sides—the gateway cluster and Platform—to present and verify certificates before exchanging any data. This application-to-application model removes the need for site-to-site VPN tunnels. Your gateway cluster can reach a cloud-hosted Platform over the public internet through standard firewalls, without corporate IT involvement to establish a private network connection. Either side can terminate the connection at any time.
Gateway Manager manages certificates per cluster and supports self-signed, CA-issued, and wildcard certificates.
Learn more:
Automatic service discovery and workflow integration
Gateway Manager monitors connected clusters and discovers services as they’re added or updated. New services appear in the workflow task palette without any manual steps. Each service’s inputs and outputs are defined as JSON Schema, giving workflow builders clear visibility into what parameters a service requires.
For more information, see Add gateway services to workflows.
Service lifecycle protection
If a service is removed or renamed on a connected cluster, Gateway Manager detects the change and protects dependent workflows automatically:
- Flags affected workflows
- Moves affected workflows to draft status
- Pauses related jobs
This prevents silent failures and gives operators a chance to review the impact before any affected workflows run.
Service groups and access control
Gateway Manager supports role-based access control (RBAC) and group-based access control (GBAC). Administrators organize services into named service groups and assign user groups to them. Workflow builders only see the service groups they’ve been granted access to, keeping the task palette relevant to their work and preventing access to services outside their scope.
For more information, see RBAC in Gateway Manager.
Multi-cluster support
A single Gateway Manager instance can connect to multiple gateway clusters at the same time. This enables you to support geo-distributed deployments, network-segmented environments, and logical domain separation—such as separate clusters per geographic region or organizational unit—while managing everything through a single Platform instance.
For more information, see Choose a deployment architecture.
