The topology of business networks has changed - no longer is everything in one place. Enterprises migrating to the Cloud are increasingly forced to adopt the use of hybrid networks; but this does not need to end up as a cloud-connected compromise. The best possible user experience results from optimizing each of the three connectivity elements involved: the user/device, the connection, and the destination.
Client Multi-tunnel network adapter
Connectivity starts with the Client, which uses a multi-tunnel virtual network adapter that creates simultaneous secure encrypted (FIPS compliant) tunnels directly from the Client to multiple Sites/Gateways.
Background Connectivity
The Appgate SDP system was designed to provide connectivity as a background service much like some IPSec VPNs. Enabling Autostart and Keep me signed-in will allow the Client to connect automatically in the background every time the user boots their device. The user will only have to interact with the system when access controls demand it.
Headless Clients run without a UI in the background. They enable un-attended systems such as servers or container instances to connect to the Appgate SDP system.
Always-on Clients are similar to the full Client, however they allow the user's device to connect to the network even when the user is not signed in. The always-on Client combines the full Client with the headless Client.
Direct routed
Appgate SDP Clients establish a secure, tunneled connection to an available Gateway on each Site based on preset weighting. The multi-tunnel network driver is assigned an IP address from the IP pool, so the tunneled Client-to-Gateway connections will appear like any other network-connected device.
This distributed topology radiating out from the user, allows them direct access to on-premises, data center and Cloud environments, from wherever they are located. It eliminates security issues with cloud routing, bottlenecks at network gateways and latency caused by back-haul connections.
Sites and Gateways
An Appgate SDP Collective can be configured to protect any number of Sites. Sites are independent destinations that comprise protected networks or resources.
Gateway and Site configurations include advanced networking options which allow the system to be deployed into many network environments. These environments often require the tunneled traffic to be handled to meet specific requirements such as when performing VPN replacement. These options also allow more general network compatibility, such as ensuring tunneled traffic is always routed correctly.