Plan & Design Your Implementation
Designing the architecture for AppGate SDP involves visualizing how this solution will seamlessly integrate into your existing network. It's about determining the components required for a functional and secure deployment. You need clear objectives. So, you'll need to define what you aim to achieve with the implementation and specify where the solution will be deployed in your network.
AppGate Requires at least four elements.
Controller: manages and orchestrates access policies for secure, identity-based network connections.
Gateway: This acts as the access point, controlling and securing connections between users/devices and resources, ensuring zero-trust network Access.
Client: Facilitates secure connections, implements policies for user access, and ensures encrypted, authenticated pathways to network resources.
IdP: authenticates and verifies user identities, enabling access control and secure connections based on validated user information.
Collaborate with your key stakeholders to establish specific technical objectives for the implementation.
Here are a few examples of questions to discuss:
How will the technical components of AppGate SDP be placed within your network infrastructure?
Do you have a good understanding of your current network environment?
What are the technical considerations for failover, high availability, and redundancy?
Type of HA: Regional, Same DC, ISP
What specific technical policies or rules should be implemented to ensure secure access?
Define technical use cases and scenarios where AppGate SDP will be applied to enhance access control, secure remote work, or streamline third-party access.
Are there technical challenges or unique access requirements that should be addressed?
Document and analyze the technical policies, including multi-factor authentication, encryption protocols, and identity provider integrations.
How will data be technically routed and controlled within the network using AppGate SDP?
What are the technical mechanisms in place to ensure secure communication between clients and gateways?
TCP SPA
UDP-TCP SPA (Recommended)
As part of the planning, create a technical timeline that includes milestones, testing phases, and implementation schedules, including client rollout plans for the AppGate SDP deployment.
Implementation Readiness
AppGate SDP appliance IP Pool
Identity Provider (IdP)
Network Communication
Client Requirements
Example Diagram
AppGate SDP appliance
Hardware Information related to our physical appliances can be found in our Admin Guide
Virtual Machine Information for supported Hypervisor versions can be found on our website.
Cloud Instance
AWS
Azure
GCP
IP Pool
IP Pools are used to allocate an internal IP address to the Client once the user has been successfully authenticated. This IP address is assigned to the virtual tunnel interface for Client-to-Gateway communication
Information on IP Sizing is available in our Admin Guide.
Identity Provider (IdP)
AppGate SDP supports various types of Identity Providers (IdPs) to authenticate and verify user identities before granting access to resources. These IdPs encompass:>
LDAP/AD: Integrates with Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate users against directory services.
Requires:
- User in AD with view privileges into the AD User directory.
- The user Distinguish Name (LDAP format location)
SAML-based IdPs: Supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication, allowing users to access multiple services with a single set of credentials.
Requires:
- SAML Data or XML Metadata File.
- Identifier
OAuth and OpenID Connect (OIDC): Utilizes OAuth and OpenID Connect protocols, enabling secure authorization and authentication for web and mobile applications.
Requires: depends on the OIDC Provider
Radius Servers: Integrates with Remote Authentication Dial-In User Service (RADIUS) servers, commonly used for network access and authentication.
Requires:
- Radius Server IP/Hostname
- Shared Secret
LDAP/AD Certificate: Validates and manages digital certificates used for authentication and secure communication between users and resources.
Requires:
- User in AD with view privileges into the AD User directory.
- The user Distinguish Name (LDAP format location)
- CA Certificates
AppGate SDP's flexibility in supporting various IdPs allows organizations to leverage their preferred authentication mechanisms while ensuring secure, identity-centric access control to network resources.
Network Communication
To configure the solution, it is necessary to establish some communication rules.
The interface schematic is explained in detail in our admin guide here.
Client Requirements
Information for supported OS versions can be found on our website.
Example Diagram
