Application Access Model
This article describes the various edge deployments of ZiTi App Access. In all cases, the Controller and at least 2 Public Edge Routers are to be deployed for redundancy. The Ziti Fabric connections are established between all Edge Routers but not Clients/SDKs. The Public Edge Routers would provide connection between Private Edge Routers and/or Clients/SDKs.
Recommended configuration deployment of Public Edge Routers is to have only Ziti Edge enabled and of Private Edge Routers is to have Ziti Edge enabled with Tunnel option being required for cases where the Zero Trust domain ends at the private edge router.
Acronyms used in this article:
- ZDE - Ziti Desktop Edge
- ZME - Ziti Mobile Edge
- ZET - Ziti Edge Tunnel
Application to Application A Deployment
Details- Client is SDK integrated.
- Application is SDK integrated.
Advantages- Application to Application Encryption
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- SDK and Application source code availability
Application to Application B Deployment
Details- Client is SDK integrated
- Application is SDK integrated
Advantages- Application to Application Encryption
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- SDK and Application source code availability
Application to Application C Deployment
Details- Client is SDK integrated
- Application is SDK integrated.
Advantages- No need to deploy private edge routers
- Application to Application Encryption
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- Fabric is not extended into application network
- SDK and Application source code availability
Application to Host A Deployment
Details- Client is SDK integrated
- Application has a client software (ZET) deployed
Advantages- Application to Host Encryption
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- Software must be deployed to application servers
- SDK and Application source code availability
Application to Host B Deployment
Details- Client is SDK integrated
- Application has a client software (ZET) deployed
Advantages- Application to Host Encryption
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- Software must be deployed to application servers
- SDK and Application source code availability
Application to Host C Deployment
Details- Client is SDK integrated
- Application has a client software (ZET) deployed
Advantages- No need to deploy private edge routers
- Application to host Encryption
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- Fabric is not extended into application network
- SDK and Application source code availability
Application to Router A Deployment
Details- Client is SDK integrated
- Application is behind private router
Advantages- No software must be deployed to application servers
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- Less secure, connection from private router to application is not protected
- SDK and Application source code availability
Application to Router B Deployment
Details- Client is SDK integrated.
- Application is behind private router
Advantages- No software must be deployed to application servers
- No additional routing needed
- No additional DNS entries needed
Things to consider while deciding- Less secure, connection from private router to application is not protected
- SDK and Application source code availability