Enclave architecture

The Enclave platform consists of two components: the Enclave management console and agents

1. Enclave management console or the EMC is the control center for the platform. In the EMC, you configure your enclaves (microsegments), manage how agents (machines or users) will authenticate, manage asset intelligence, and more.

2. Agents are the software that runs on your infrastructure. Agents are responsible for creating the overlay network, managing the firewall, passing asset inventory information, and more.

User agents

User agents authenticate with short-lived credentials issued from the EMC or your OIDC provider. A user can use this connection to access the network, do work, and then disconnect from the network. This is a similar process to how you would access infrastructure through a VPN.

Node agents

Node agents authenticate with fixed (optionally auto-rolling) credentials. An example of this is a web server that is always online. A user would need to always be able to access the web server.

Gateway agents

Gateway agents act as ingress/egress points within the Enclave network. They can be used to route traffic to devices that do not have an agent installed on them allowing an agentless deployment model. These can be virtual or physical devices.

Beacon agents

Beacon agents are agents that provide resolution between nodes. They provide peer discovery by translating the overlay IP space to the physical IP space and can act as a relay if a direct connection is not possible. They are required if Enclave networking is used. These can be managed by a client or hosted by SideChannel.