IAG concepts
This topic defines the core concepts you’ll encounter when working with Itential Automation Gateway (IAG) 5. For concepts related to cluster architecture and node types, see Choose a deployment architecture. For connectivity concepts, see Gateway Manager overview.
Automation resources
Services
A service is the core unit of automation in IAG. It represents a single, packaged automation task—one Ansible playbook, one Python script, or one OpenTofu plan—that has been given a name, defined inputs, and connected to source code in a Git repository. Once you create a service, Gateway Manager can discover it and add it to the workflow task palette, where any authorized user can run it without needing to understand the underlying script or tooling.
Decorators
A decorator defines the inputs a service expects: which parameters it accepts, what type they must be, and which are required. When a user runs a service through a workflow, the decorator validates that the correct inputs were provided before execution begins. A single decorator can be shared across multiple services that accept the same inputs, reducing duplication. Think of a decorator as a form definition that you attach to one or more services.
DSL files
A DSL (domain-specific language) file is a structured text file that describes an gateway resource—such as a service, repository, decorator, or secret—in a portable format. DSL files let you version-control your gateway configuration alongside your code in Git and replicate a configuration from one environment to another, such as promoting a development setup to staging or production, without manual reconfiguration.
Execution
Environment builder
When IAG runs a service, it automatically builds a clean, isolated execution environment for that automation. It installs the exact Python libraries or Ansible collections the script or playbook requires, as specified in a requirements file stored alongside the code in Git. The environment is cached for reuse and rebuilt only when requirements change. Because every run starts from a known, consistent state, IAG administrators don’t need to manually install or maintain dependencies on gateway servers.
Access control
Service groups
A service group is a named collection of gateway services managed in Gateway Manager. Administrators use service groups to control which users and teams can see and run which services. Users only see the service groups they’ve been granted access to, keeping the workflow task palette focused on their work and preventing access to services outside their scope.
Connectivity
IAG Connect
IAG Connect is the component inside IAG that manages the outbound connection from a gateway cluster to Itential Platform. It establishes and maintains the secure WebSocket connection to Gateway Manager, keeping the cluster registered and available for workflow execution. IAG Connect operates automatically—administrators configure the connection once, and IAG Connect handles ongoing connectivity, including reconnection if the connection is interrupted.
For information about how IAG uses mutual TLS (mTLS) to secure this connection, see Gateway Manager overview.
