Resources
Use these required resources for onboarding using Secure Hybrid Access:
- Sites enable you to
define your virtual or physical network boundaries
- Deploy Service Connector
enables you to add secure application access over encrypted protocols
- Connects to private, cloud-hosted application services and facilitates
secure data exchange between the user and these application services
- Performs data transformation and routing between the user and
application services
- Can be hosted in private data center or public cloud such as AWS, Entra
ID, and GCP
- Deploy RadSec Proxy
ensures RADIUS communications over untrusted networks
These are two required tasks to set up resources for Secure Application Access:
- Service Connector
Location enables you to add and manage network sites by defining your
virtual and physical network boundaries. A site can contain one or more service
connectors. The same site is global and can be used for other places in Universal ZTNA to define boundaries
- Deploy Service Connector
allows you to select an encryption protocol such as IPSec or WireGuard and
deploy a service connector on the customer premises such as private data center
or public cloud (AWS, Entra ID, GCP)) managed by tenant admin.
Use these optional resources for onboarding using Secure Network Access:
- RadSec Proxy
Location: A site can contain none, one, or more RadSec proxies. The
same site is global and can be used for other places in Universal ZTNA
to define boundaries
- Deploy RadSec
Proxy:
- For network devices (switches/AP) that cannot do RadSec, the RadSec
Proxy secures RADIUS traffic into a secure Transport Layer Security
(TLS) tunnel
- The RadSec Proxy
server forwards an auth-request to the Radius server and another
auth-request back to the switch or access point
- The switch or access
point does not support the RADSEC protocol by the secure TLS
tunnel
