General Architecture

Information based on the figure above:

  • Safous ZTA service consists of two main components - Global POPs and App Gateway
  • Currently Safous ZTA service POP resides in multiple regions and countries that customers can leverage
  • App Gateway only needs egress traffic to Global POPs using internet access and no need to open any ingress traffic at all so it will mitigate the attack surface from the internet
  • App Gateway will become a bridge to communicate with various internal business app that resides in customer sites like Office, Datacenter or Cloud Environment
  • Not only internal business apps in customer sites, but it can also accommodate SaaS App and Cloud App
  • From the client's perspective, the user will be routed to the nearest POP and access the respective App Gateway
  • Safous ZTA service support various authentication method for SSO, from the traditional like using Directory Service (MS AD / LDAP) or External Identity Provider based on SAML and OpenID