Product Overview
A security relay platform that safely connects internal and external networksIt integrates with SHIELDGate and provides a secure access environment without the need for a separate agent.
SHIELD Edge Linkis an on-premises security gateway that connects communications between internal systems and external services more securely and flexibly. It complements the limitations of traditional VPN methods and provides everything from user authentication to access control, remote access, remote browsing isolation (RBI), and domain-based DNS policy management on a single platform based on a zero trust architecture.
**External Request Relay (Inbound)WowInternal Request Relay (Outbound)The configuration is functionally separated and can be operated independently or configured together depending on the customer environment. The product isSingle Image (OVF)**It is provided in the form of __PH_0__, and after installation, you can configure each role through the console.
SHIELD Edge Link Configuration
| Composition | Description |
|---|---|
| Access Control Service | A service that provides user authentication-based access control, JWT token validation, and ZTCAP policy application. |
| Proxy Relay Service | Service that provides internal ↔ external communication relay and URL access control functions |
| Remote Access Feature | A feature that provides remote access to desktop or console (SSH) on internal network PCs or servers through a browser. |
Details of the Relay Proxy Service
Proxy Relay Serviceis divided as follows:
- Inbound: A function that mediates requests for external users to access the internal system.
- Outbound: A feature that only allows access to registered external URLs from the internal network.
- The above features are designed to be selectively activated or used together within a single SHIELD Edge server image.
Advantages of SHIELD Edge Link
Providing a secure communication environment without a VPN
SHIELD Edge Link is designed to securely connect internal systems with external environments without complex VPN configurations. Through user authentication, access control, and relay segment encryption,Without VPNYou can also establish a stable work environment.
Zero Trust-Based Architecture
User authentication through SHIELD ID andZTCAP PolicyIt verifies all requests through access control based on the principle of 'never trust, always verify' and strengthens internal network protection. By designing security with the premise of 'never trust', unnecessary access can be blocked in advance.
Operational Convenience and Scalability
Agentless Structurecan be used only with a browser without user-side installation, andOVF Image-Based InstallationDeployment is easy. Also, IP, DNS, firewall settings, etc. areConsole UIIt can be managed directly through it, making maintenance convenient and flexible for IT operators.
Support for both cloud and on-premises
Legacy SystemandCloud Servicecan be integrated with all, and when accessed externally, it provides an isolated browsing environment (RBIIt blocks the influx of malware through __PH_0__ and provides safe external integration.
Main Features
Access Control Service (IAP)
- User Authentication-Based Access Control
- JWT Token Validation
- Applying ZTCAP Policy
- SHIELD IDUser Authentication Based on Foundation
- External Exposure and Access Control of Internal Work Systems
Proxy Relay Service (In/Outbound)
Inbound
- Securely relay access to internal systems from external sources
- Safely Exposing Internal Work Systems to the Outside
- **RBI(Remote Browser Isolation)**Support for external access screen isolation based on
Outbound
- A structure that allows external access only through URLs registered on the internal network.
- URL Access Control and Policy Management
- Internal IP Protection and Masking
Other Features
- Console UIBasic Network/IP/DNS/Firewall Configuration Management
- operates only with a browser without separate installationAgentless Environment
- Web-based access to internal network assets (PCs, servers, etc.)**Remote Desktop (RDP)andConsole Access (SSH)**Support
Deployment Type
- Provided as an integrated VM image (OVF)
- Selective activation of Inbound / Outbound servers after single installation
- Configuration Management through Console UI (DNS, Firewall, URL Registration, IP Mapping, etc.)