Resources

Use these required resources for onboarding using Secure Hybrid Access:

Sites enable you to define your virtual or physical network boundaries. Sites are synchronized using ExtremeCloud IQ and in general should be created and managed using that interface. To manage a site, see Add Sites.
Deploy Service Connector enables you to add secure application access over encrypted protocols. For more information on Service Connectors, see Deploy Service Connectors.
Deploy RadSec Proxy ensures RADIUS communications over untrusted networks. For more information on RadSec Proxies, see Deploy RadSec Proxies.

These are two required tasks to set up resources for Secure Application Access:

Service Connector Location enables you to add and manage network sites by defining your virtual and physical network boundaries. A site can contain one or more service connectors. The same site is global and can be used for other places in Universal ZTNA to define boundaries
Deploy Service Connector allows you to select an encryption protocol such as IPsec or WireGuard and deploy a service connector on the customer premises such as private data center or public cloud (AWS, Entra ID, GCP) managed by tenant admin.

Use these optional resources for onboarding using Secure Network Access:

RadSec Proxy Location: A site can contain none, one, or more RadSec proxies. The same site is global and can be used for other places in Universal ZTNA to define boundaries
Deploy RadSec Proxy:
- For network devices (switches/AP) that cannot do RadSec, the RadSec Proxy secures RADIUS traffic into a secure Transport Layer Security (TLS) tunnel
- The RadSec Proxy server forwards an auth-request to the RADIUS server and another auth-request back to the switch or access point
- The RadSec Proxy sends a Change of Authorization (CoA) packet when a user selects reauth on the Identities page for users attached to the proxy network devices.
  Note
  Network devices must be enabled to accept CoA packets.

Once the onboarding is complete, you can access additional resources:

RADIUS Server enables authentication for remote access. For more information, see View RADIUS Servers.
enables you to manage Network Devices, SSIDs, and RADIUS Template. For more information, see Manage Network Resources.
enables you to manage Trusted Root, RADIUS server, and intermediate certificates. For more information, see Certificate Management.
enables you to manage DNS servers and policies. For more information, see Manage DNS Servers or Add a DNS Policy.