Introducing VGS Satellite: Local Integration

February 4, 2021
Satelite

VGS is disrupting the typical linear integration flow that most of us are used to.

What does that mean for you? Let’s take a few minutes to explore how you can now seamlessly integrate VGS without sharing any of your data. In a world where information is worth almost as much as gold, you need to be able to implicitly trust a system that will be responsible for your business-critical data. That’s why we created VGS Satellite.

Try Before You Buy - Commitment Free

The convenience to “try before you buy” has always been an attractive way to satisfy curiosity about a service or a product that you’ve never used before. At VGS, we’ve come up with a way for you to experience our innovative platform without needing to go online to use the VGS dashboard.

Until today, seeing VGS in action meant having to go to the dashboard and set up a sandbox environment to try out your integration. The wizard for online integration is based on intercepting requests on our proxy and applying filters to secure the payload you’re passing. However, we didn’t want to restrict use of the integration wizard to only those who are logged in to our online platform.

What is VGS Satellite?

The VGS Zero Data Platform allows companies to use and share sensitive data without having to store that data themselves. VGS acts as a middleware system between your Client and Server, intercepting requests to gather sensitive data and substituting values with an ‘alias’. You then operate with aliases the same way you would operate with the real data.

VGS Satellite is an application for local integration with Very Good Security. It gives you the ability to run requests with your service and transform them into suitable route configurations, compatible with VGS dashboard.

How does it work?

Local integration experience with VGS Satellite looks something like this:

<
data:
  - attributes:
      destination_override_endpoint: 'https://example.com'
      entries:
        - classifiers:
            TAGS: account-number
          config:
            condition: AND
            rules:
              - condition: null
                expression:
                  field: PathInfo
                  operator: matches
                  type: string
                  values:
                    - /post
              - condition: null
                expression:
                  field: ContentType
                  operator: equals
                  type: string
                  values:
                    - application/json
          id: 7b81cf76-f391-43c3-b1aa-b80a94a6d33a
          operation: REDACT
          phase: REQUEST
          public_token_generator: UUID
          targets:
            - body
          token_manager: PERSISTENT
          transformer: JSON_PATH
          transformer_config:
            - $.account_number
      host_endpoint: (.*)\.verygoodproxy\.com
      id: 1e71f195-e1c6-4e19-bdee-4d3d86874ba9
      ordinal: null
      port: 80
      protocol: http
      source_endpoint: '*'
      tags:
        name: Route for example.com
        source: RouteContainer
    id: 1e71f195-e1c6-4e19-bdee-4d3d86874ba9
    type: rule_chain
version: 1
>

With the example configuration provided above, you will:

  • set up reverse proxy with 'https://example.com' as an upstream
  • pass any request as-is if not matches the filter
  • apply redact operation for every request to /post url path with Content-Type: application/json
  • substitute account_number value in JSON with alias of following format tok_sat_xxxxxxxxxx
  • create a value-to-alias representation upon any new alias creation

Every request will generate events that give insights into what has happened inside VGS when your request came through, for instance:

  • route/filter matching information
  • upstream response details
  • proxy processing time, etc
  • record usage (which operations were triggered)

3 Ways to Integrate

There are three ways to install VGS Satellite:

After applying configuration you can proxy requests through Satellite. This would give you an understanding of how the VGS dashboard works.

Having installed VGS Satellite, all that is left to do is run it, send your requests and pick-n-choose the ones with the data you want to secure. You can also upload any HAR request that you have generated previously.

CI/CD Pipeline

You can use VGS Satellite in your CI/CD-pipelines by using our headless Docker image. The image incorporates the proxy functional (both forward and reverse) and the management API. The management API exposes route configuration capabilities along with flow monitoring and audit-logs.

From Offline Integration to Online

This is how you get route configuration qualified to use for your service, the same main entity that is needed to build live integration with VGS. Now, when you know how VGS works, you are one button away from securing your real data. Go to the VGS Dashboard and import your route configuration using VGS YAML feature or VGS-CLI tool to import route/s.

Slepakurov Andrew Slepakurov

Services Team Lead at VGS

Share

You Might also be interested in...

PSD2 Explained: What You Need to Know About Strong Customer Authentication teaser image

PSD2 Explained: What You Need to Know About Strong Customer Authentication

Ena Kadribasic December 17, 2019

rds-monitoring

PostgreSQL Deadlock Monitoring in AWS | Very Good Security

Max Lobur June 19, 2019

Bank security

How Today’s Data Security Solutions Are Failing Banks

Channin Gladden December 15, 2020