What is the gateway model?

In the gateway model, traffic is initially directed to a PingAccess node, and PingAccess grants or denies access directly. The application in PingAccess is configured with the site as the destination.

Pros

  • Less cross-team coordination required — You can implement and maintain a gateway deployment with less coordination with application teams because the PingAccess infrastructure is installed on separate systems from the web servers.
  • Simpler setup — Because the PingAccess nodes are the only required components, this deployment model can be set up more quickly than the other models.
  • Simpler upgrade — The only components you must upgrade in a gateway deployment are the PingAccess nodes.
    Tip:

    You can upgrade PingAccess with zero downtime in a clustered environment.

  • Simpler troubleshooting — Issues are easier to isolate because there are fewer components sharing a system with the PingAccess infrastructure.
  • Simpler logging — All transactions that PingAccess processes are audited by the engine node, making it easier to view logs for a specific event.

Cons

  • Network impact — Using the gateway deployment model requires that you restructure your existing network to route traffic through PingAccess.
  • Additional network overhead — The overhead of an additional network hop can theoretically exceed a latency budget. This rarely happens in practice, and the agent model often makes a similar addition to latency, but this might occur in some environments.