Bridge Introduction
Lobster Bridge is engineered to securely transmit data from on-premises installations and databases to cloud environments. It enables organisations to use cloud capabilities without exposing internal resources to external security risks.
Purpose
Act as a secure intermediary to facilitate communications between the Data Platform and external systems without exposing customer systems directly to the internet.
Secure Data Flow
Uses a tunnel to manage and streamline requests securely between systems. No VPN needed.
Deployment
Allows multiple Bridge instances to connect to a single Data Platform installation across different locations.
Security
Lobster Bridge enforces rigorous security by exclusively utilizing HTTPS protocols, ensuring that all data exchanges remain encrypted,authenticated, and tamper-proof. The application’s endpoints remain completely internal, eliminating any public exposure and significantly reducing external attack surfaces.
Adhering to a Zero Trust Security Model, Lobster Bridge incorporates several critical security measures:
No Direct Inbound Connections
Lobster Bridge does not accept direct inbound connections. Communication from the cloud environment to on-premises resources occurs exclusively through an internally managed, secure Bridge Tunnel established from the Lobster cloud platform. This method ensures no ports on the customer’s side are opened or exposed externally.Controlled Outbound Communication via Bridge Tunnel
Requests are securely routed and initiated solely by the cloud platform, utilizing the secure Bridge Tunnel to communicate with Lobster Bridge, maintaining controlled, predictable, and secure communication paths.Authentication and Encryption
Each HTTPS request through the tunnel is subject to stringent authentication, validation, and encryption via TLS protocols, guaranteeing confidentiality and data integrity.
This security architecture substantially mitigates risks related to unauthorized access, data breaches, and external attacks, making Lobster Bridge ideal for securely managing sensitive and business-critical integrations.
Terms:
Bridge
The software, that runs on a remote system. The Bridge creates a secure tunnel to the Bridge Gateway and which provides the following features:
access to databases, the Platform can use remote databases, which the Bridge can access
file transfers via AS2,
ETL/ELT Pipelines like on the Platform
Bridge Gateway
The Gateway is the server, which both, a Bridge and a Platform, can reach. Bridge and Gateway communicate over a tunnel connection. Depending on the use case, the communication from the Bridge to the Platform runs through the tunnel or directly from the Bridge to the Platform. The Bridge itself can only be reached through the tunnel. There is a public Lobster Bridge Gateway, which is used by default. If that is not wanted, private Gateways within the customers network can be also used.
Lobster Data Platform
The Lobster Data Platform.
Lobster API Server
Lobster cloud service which hosts the bridge and the gateway registry.
Bridge Registry
The bridge registry is considered the part of the Lobster API server where bridge configurations are stored.
Gateway Registry
The bridge registry is considered the part of the Lobster API server where gateway configurations are stored.
Certificates
Each system (Platform and Bridge) has its own private key and public certificate. Each HTTPS request through the tunnel is subject to stringent authentication, validation, and encryption via TLS protocols, guaranteeing confidentiality and data integrity. The private key never leaves the system on which it was created, the certificate is uploaded to the bridge registry. To avoid misunderstandings terms like "local" and "remote" are avoided because they depend on the point of view. So they are called bridge certificate and platform certificate.
Request Handling and Secure Data Flow
The secure communication process within Lobster Bridge follows a clearly defined request-response pattern:
Bridge initiates tunnel connection to Bridge Gateway Server
Request Initiation: Cloud environment securely initiates HTTPS requests via tunnel
Secure Reception: On-premises Lobster Bridge securely receives and authenticates these HTTPS requests.
Local Data Query Execution: Queries against databases or services are securely executed locally within the protected on-premises environment.
Encrypted Response: Responses are securely transmitted back to the cloud environment using encrypted HTTPS communication channels, completing the secure data exchange loop.
