--- title: "Overview" slug: "nucleus-agent-overview" updated: 2020-11-27T23:11:56Z published: 2020-11-27T23:11:57Z canonical: "help.nucleussec.com/nucleus-agent-overview" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt > Use this file to discover all available pages before exploring further. # Overview ## Overview There are two ways to use connectors: • Direct Integration via an exposed API • Nucleus Agent Organizations that use Nucleus also often use tools (scanning consoles, issue trackers, etc.) they'd like to connect that are only accessible from their internal network. In this case, those tools need to be exposed to Nucleus for consumption, which usually results in firewall or other network changes, as well as security approvals. This can take weeks or sometimes months to implement, especially for large enterprises, and can become a blocker for integrating with Nucleus. The Nucleus Agent simplifies the tool integration process and gives you the ability to integrate Nucleus with your internal tools without needing to expose each tool on the internet. You'll do this by installing the Nucleus Agent on an internal Linux server (CentOS or Ubuntu) to establish an outbound SSH tunnel to Nucleus servers. This image illustrates the high-level architecture of the Nucleus agent: ![agent1](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/agent1.PNG){height="" width=""} A single Nucleus Agent deployed to your internal network can provide connectivity to any number of internal tools in use. Depending on your network architecture and segmentation, multiple Nucleus agents may be required. :::(Info) (Note) If you choose not to use the Nucleus Agent to connect to your internal tools, you can still setup a connector via the [direct connection](/docs/connectors-overview) method. You can achieve this by exposing the API directly to Nucleus through firewall changes, or through the use of an API gateway. In both cases we recommend that only ingress traffic from the Nucleus egress IP address is allowed. Please contact Nucleus Support for the correct IP address to whitelist. ::: ## When should I use the Nucleus Agent instead of a direct connection? We always recommend the direct integration option (especially through the use of an API gateway) be used wherever possible; it's the quickest and easiest to setup, with the fewest touchpoints for failure and/or ongoing maintenance. When this is not possible or practical - if you don't have an API gateway, have specific compliance requirements, or are otherwise unable to make firewall changes - then the Nucleus Agent should be used.