General Architecture

Information based on the figure above:

  • Safous ZTA service consists of two main components - Global POPs and App Gateway.
  • Currently, Safous ZTA service POPs reside in multiple regions and countries that customers can leverage.
  • App Gateway only needs egress traffic to Global POPs using internet access and does not require any ingress traffic to be opened, which mitigates the attack surface from the internet.
  • App Gateway serves as a bridge to communicate with various internal business apps that reside in customer sites such as Office, Datacenter, or Cloud Environment.
  • It can accommodate not only internal business apps in customer sites but also SaaS Apps and Cloud Apps.
  • From the client's perspective, the user will be routed to the nearest POP and access the respective App Gateway.
  • Safous ZTA service supports various authentication methods for SSO, ranging from traditional methods like using Directory Service (MS AD / LDAP) to External Identity Providers based on SAML and OpenID.