Where will be the Controller installed?

The controller will be installed on the cloud environment and it will be managed by InstaSafe team. It will be on highly scalable infrastructure powered by micro services.

Where will be Gateway Installed? System requirements for Gateway installation

The gateways will be installed at the same network as the customer applications. There should be seamless reachability between the gateway and the applications.The gateway can be installed over a baremetal OS or a Virtual Machine. The Gateway machine will be owned and managed by the customer The gateway machine should have 4 cores and 8GB RAM at the minimum. Both Ubuntu 18.04 and ubuntu 20.04 are supported.

What are the types of Gateways?

- Network gateway: Supports the Data traffic at the IP Layer. The gateway can seamless connect desktop agent based applications and satisfy the network access requirements.
-TCP Gateway: Allows web level access to the web applications. The gateway can power the controlled access to the applications where the user can be restricted from operations such as copy/paste, sharing and recording of the screen . The gateway can share the applications over the agent itself.
-Web Gateway: The web gateway helps to share the web applications over to the users on a clientless access.The users can access the applications over the browser. The user will be taken the web based portal after MFA .

Do I need Gateway for accessing Public SaaS Application?

Not necessary. Direct access can be enabled for each of the users. The user credential data ( SAML Assertion) will be shared with the application server ( SAML SP) by the ZTA Controller. The gateway can help to whitelist the access for a particular domain where we can lock down the access to the ZTA agent. This configuration ensures that the users have to go through Zero Trust validations before accessing the public SaaS application over the organization's domain

How many Gateways do I need to Install?

The number of gateways depends on the number of networks. Each of the applications at the networks should be reachable to a gateway over a private network. We may need to have same number of gateways as the network to configure it this way. More number of gateways may be needed for a network if different types of access( IP level, web level or client less access) are planned. We can configure the failover and load balancing by having more number of gateways sharing the same application access.

I already have Application Firewall Installed. How can we install the Gateway?

The gateway can be right behind the perimeter firewall present at the network.