About Airlock Microgateway

Airlock Secure Access Hub consists of Airlock IAM, Airlock Gateway and Airlock Microgateway. They complement one another to provide authentication and comprehensive protection services for web applications.

Airlock Microgateway is a containerized Web Application and API Protection (WAAP) solution particularly well suited to microservice architectures, allowing to decouple security from business logic and enabling teams to live DevOps principles. Airlock Microgateway provides comprehensive protection against OWASP Top 10 vulnerabilities by analysing HTTP traffic before it is forwarded to the protected service. Security guidelines can be established and enforced company wide by the security team.

Different patterns are available to integrate Airlock Microgateway​ into the existing system architecture depending on company needs. The table below showcases different architectures to support the decision-making process. Further information is provided in chapter System architectures.

Architecture A

Architecture B

Architecture C

Architecture D

Architecture A
Architecture B
Architecture C
Architecture D

Applicable Airlock Microgateway data plane modes

  • Not applicable
  • Sidecar
  • K8s Gateway API
  • K8s Gateway API
  • Sidecar
  • K8s Gateway API

Strengths of the different architectures

  • No or not much Kubernetes workload.
  • Requires not much Kubernetes know-how.
  • Classic workloads must be protected.
  • Security policies should be created and maintained by a single team (no shared responsibility).
  • No need for Zero Trust architecture.
  • Perimeter to secure any enterprise workload.
  • Classic workloads must be protected.
  • Kubernetes workloads must be protected.
  • Establishes DevSecOps principles with shared responsibility for Kubernetes workload.
  • Zero Trust architecture for microservices.
  • Short development lifecycle for Kubernetes workload. Therefore the need to bundle the security policies with the web application.
  • No need for a classic perimeter.
  • Single solution to protect classic and Kubernetes workloads.
  • Establishes DevSecOps principles with shared responsibility.
  • Zero Trust architecture. This requires descrete Airlock Microgateways per web application.
  • Short development lifecycle and therefore the need to bundle the security policies with the web application.
  • No need for a classic perimeter.
  • No classic workloads to protect.
  • Kubernetes workloads must be protected.
  • Establishes DevSecOps principles with shared responsibility.
  • Zero Trust architecture.
  • Short development lifecycle and therefore the need to bundle the security policies with the web application.