1 Overview
Secure Private Access (SPA) is a cloud-based Software Defined Perimeter (SDP) or Zero Trust Network Access (ZTNA) solution that is delivered through the Intelligent Cybersecurity Mesh™.
SPA provides zero trust, secure remote access to internal applications running in public cloud environments or private data canter’s, reducing risk and simplifying security operations. With SPA, applications are never exposed to the internet, making them inaccessible to unauthorized users.
SPA provides a simple, secure, and effective way to access internal applications. Access is based on policies created by the Workspace admin within the Exium Admin Console.
LGW is a Local Gateway through which private access can be provided to resources (services and servers) securely to the users for whom trust paths are defined.
This document provides you with the step-by-step procedure of how to realize Secure Private Access (SPA) for your workspace by going through a reference use case.
2 Use case
This Use case defines Secure Private Access (SPA) for users of a workspace
For simplicity, following points are considered for use case
- Number of users in workspace are 4, excluding admin of workspace
- Number of user groups are 2: itadmin and development
- Number of LGW’s are 2:
- LGW deployed in SFO datacentre as lgw.dc.sfo with 2 sets of services/services behind it.
- dc.sfo.services with subnet 192.168.10.0/24, hosts different organizational service apps like Jira, Bitbucket etc.
- dc.sfo.servers with subnet 10.10.10.0/24, hosts different organizational production servers
- LGW deployed in NY datacentre as lgw.dc.ny with 1 set of services/services behind it.
- dc.ny.servers with subnet 172.168.10.0/24, hosts different organizational testing/dev servers.
- LGW deployed in SFO datacentre as lgw.dc.sfo with 2 sets of services/services behind it.
- Number of Trust paths are 3:
- Trust path access from dc.sfo.services to user group itadmin, development
- Trust path access from dc.sfo.servers to user groups itadmin
- Trust path access from dc.ny.servers to user group itadmin, development
2.1 Prerequisites
- Workspace creation: Please follow steps mentioned in ”Getting Started with Workspace” Manual.
- Users and User groups creation: Please follow steps mentioned in ”Onboarding Users and groups” Manual.
3 SPA Use case Realisation –Steps
- On Service Portal admin console, click on “Gateways” as shown below
- On Gateway Management page, click on “Upload Gateways” as shown below.
- Please refer following CSV file for CSV format of gateways
- Select the CSV file from file browser of your local file system and click on “Open” as shown below
- You will see successful upload message and newly added gateways in gateways table as shown below.
- On Service Portal admin console, click on “Trust Paths” as shown below
- On Trust paths page (sub tab on User Management page), click on “Add Trust Path” as shown below.
- Proceed to enter all the details like Group Name (mandatory), Network Destination (mandatory), Gateway (mandatory), Allowed User Groups (multiple – user groups which can access these services/servers). Click “Save” once finished
- Repeat the steps 7 and 8 for all 3 Trust Paths, You will see successful addition of trust paths in trust paths table
3.1 SPA Use case Realisation – Step1
On Service Portal admin console, click on “Gateways” as shown below
3.2 SpA Use case Realisation – Step2
On Gateway Management page, click on “Upload Gateways” as shown below
3.3 SPA Use case Realisation – Step3
Please refer following CSV file for CSV format of gateway definition. The values are populated as per use case definition
3.4 SPA Use case Realisation – Step4
Select the CSV file from file browser of your local file system and click on “Open” as shown below
3.5 SPA Use case Realisation – Step5
You will see successful upload message and newly added gateways in gateways table as shown below
3.6 SPA Use case Realisation – Step6
On Service Portal admin console, click on “Trust Paths” as shown below
3.7 SPA Use case Realisation – Step7
On Trust Paths page (sub tab on Gateways page), click on “Add Trust Path” as shown below.
3.8 SPA Use case Realisation – Step8
Proceed to enter all the details like Group Name (mandatory), Network Destination (mandatory), Gateway (mandatory), Allowed User Groups (multiple – user groups which can access these services/servers). Click “Save” once finished.
3.9 SPA Use case Realisation – Step9
Repeat the steps 7 and 8 for all 3 Trust Paths, You will see successful addition of trust paths in trust paths table.
4 Next Steps
For more information, Please refer corresponding manuals.
- Getting started with Workspace
- Onboard Users and Groups
- Manage Policies and Groups
- Mange Gateways and Trust paths
- Manage workspace settings
- Manage Subscriptions
You can also refer other use case manuals
- Secure Internet Access
- Secure Private Access