Resources
These are the required resources if you are onboarding using Secure Hybrid
Access:
- Sites enable you to
define your virtual or physical network boundaries
- Deploy Service Connector
enables you to add secure application access over encrypted protocols
- Connects to private,
cloud-hosted application services and facilitates secure data exchange
between the user and these application services
- Performs data
transformation and routing between the user and application services
- Can be hosted in private
datacenter or public cloud such as AWS, Azure, and GCP
- Deploy RadSec Proxy
ensures RADIUS communications over untrusted networks
These are two required tasks to set up resources for Secure Application Access:
- Service Connector
Location enables you to add and manage network sites by defining your
virtual and physical network boundaries. A site can contain one or more service
connectors. The same site is global and can be used for other places in Universal ZTNA to define boundaries
- Deploy Service Connector
allows you to select an encryption protocol such as IPSec or WireGuard and
deploy a service connector on the customer premises such as private data center
or public cloud (AWS, Azure, GCP)) managed by tenant admin.
These resources are optional if you are onboarding using Secure Network Access:
- RadSec Proxy
Location: A site can contain none, one, or more RadSec proxies. The
same site is global and can be used for other places in UZTNA to define
boundaries
- Deploy RadSec Proxy:
- For network devices
(switches/AP) that cannot do RadSec, the RadSec Proxy secures RADIUS
traffic into a secure Transport Layer Security (TLS) tunnel
- The RadSec Proxy server forwards an auth-request to the Radius
server and another auth-request back to the switch or access point
- The switch or access point does not support the RADSEC protocol by
the secure TLS tunnel