Component Architecture

Explore the Component Architecture of MicroZAccess

COSGrid MicroZAccess is a flexible multi-tenant and multi-use-cases software-defined Micro-segmentation platform that mitigates risks, enhances productivity and simplifies management.

MicroZAccess consists of three main components that work together to provide its functionality:

MicroZAccess App /Client

Installed on user devices and plays a crucial role in the authentication and security posture of the device.

It handles :

  1. User Authentication: The MicroZAccess App handles user authentication, verifying the user's identity through a multifactor authentication process. It ensures that only authorized users can access the network.

  2. Device Signature Verification: The app verifies the digital signature of the user's device to ensure its authenticity and integrity. This helps prevent unauthorized devices from gaining access to the network.

  3. Device Security Posture: The MicroZAccess App assesses the security posture of the user's device, checking for any vulnerabilities or compliance issues. It ensures that devices meet the necessary security requirements before granting access to the network.

  4. Micro-Tunnel Origination: The app facilitates the origination of micro-tunnels, which are secure communication channels between endpoints. It establishes these micro-tunnels to enable direct and encrypted communication, ensuring the confidentiality and integrity of data in transit.

  5. Personalized Enforcement Point (PEP) with Identity-Aware Host Firewall: The MicroZAccess App incorporates a Personalized Enforcement Point, which acts as a security gateway on the user's device. It enforces security policies and applies access controls based on the user's identity and other contextual information. The identity-aware host firewall further enhances the security by monitoring and filtering network traffic based on user identity and security policies.

MicroZAccess TURN Mediator:

Acts as an intermediary component that can be deployed either in the cloud or on-premises.

It performs:

  1. Policy Administration and Enforcement: The MicroZAccess TURN Mediator performs policy administration and enforcement, acting as the policy enforcement point (PEP). It ensures that access policies are applied consistently and enforces the defined security controls.

  2. Micro-Tunnel Management: The TURN Mediator facilitates the establishment and management of micro-tunnels between endpoints. It creates and maintains these secure communication channels, allowing endpoints to securely exchange data.

  3. Forwarding Relay: The TURN Mediator can act as a forwarding relay when needed, routing network traffic efficiently between endpoints. This improves communication performance and ensures optimal connectivity.

MicroZAccess Orchestrator:

Serves as the central controller for devices, users, and applications within the MicroZAccess infrastructure.

It encompasses various functionalities such as:

  1. Policy Engine and Data Access Policy Management: The MicroZAccess Orchestrator serves as the central controller for devices, users, and applications. It houses the policy engine, which enables the creation and management of access policies and data access policies. It ensures that the right level of access is granted based on user identity, device posture, groups, and other contextual information.

  2. PKI and Identity Provider Integration: The Orchestrator integrates with Public Key Infrastructure (PKI) and identity providers to enhance the authentication and authorization process. It leverages digital certificates and identity information from trusted sources to establish the identity of users and devices.

  3. Continuous Diagnostics and Monitoring: The Orchestrator enables continuous diagnostics and monitoring of the network. It monitors network activity, user behavior, and device health to identify any potential security threats or anomalies. This proactive approach allows for timely detection and response to security incidents.

  4. Threat Intelligence: The Orchestrator leverages threat intelligence to enhance the security posture of the network. It incorporates information about known threats and vulnerabilities to apply proactive security measures and protect against emerging risks.

  5. Real-Time Status, Network Activity Visibility, and Logs: The Orchestrator provides real-time status updates, offering visibility into network activity and the current state of devices and users. It also generates comprehensive logs for analysis and auditing purposes, ensuring accountability and compliance.

Last updated