General Architecture

 

Information based on figure above:

  • Safous ZTNA service consist of two main components - Global POPs and App Gateway
  • Currently Safous ZTNA service POP resides in multiple region and countries that customer can leverages
  • App Gateway only need egress traffic to Global POPs using internet access and no need to open any ingress traffic at all so it will mitigate the attack surface from internet
  • App Gateway will became a bridge to communicate with various internal business app that resides in customer sites like Office, Datacenter or Cloud Environment
  • Not only internal business app in customer site, it can also accommodate SaaS App and Cloud App
  • From client perspective, user will be routed to nearest POP and access the respective App Gateway
  • Safous ZTNA service support various authentication method for SSO, from the traditional like using Directory Service (MS AD / LDAP) or External Identity Provider based on SAML and OpenID