SHIELD Edge Link Function Specification
SHIELD Edge Link is
- Access Control Service (IAP)
- Proxy Relay Service (In/Outbound)- The basic Proxy performs both Inbound and Outbound roles.
- Remote Access to Desktop/Console
It consists of a total of 3 main services, each responsible for functions such as user authentication and access control, internal↔external communication relay, and remote access.
Access Control Service (IAP)
This is a service that provides user authentication-based access control, JWT token validation, and ZTCAP policy application. It verifies external user requests through user authentication and conditional policy validation, allowing safe access to internal systems.
| number | Major Category | Subcategory | Subcategory | Description | Note | Document Link |
|---|---|---|---|---|---|---|
| 1 | User Authentication Management | IAP Certification | Performing Basic Authentication Process | When external users connect, perform user account authentication through IAP (SSO, OAuth, etc.). | ||
| 2 | Conditional Policy | Conditional User Authentication Policy | Strengthening user authentication based on context through the application of conditional policies such as access location, time, and session management. | |||
| 3 | Internal Access Target Management | Registration of Internal Work System | Enter connection target information | - Enter the customer business system address (internal network URL/IP) - Specify Subdomain (External Access Address) - Select Connection Relay Server (Edge Server) - Write a description (note) | ||
| 4 | Modify Connection Target | Change of access information for the existing registered internal system Modify Internal Address, Subdomain, and Connection Server | ||||
| 5 | Delete Connection Target | Delete Access Information for Decommissioned Systems | ||||
| 6 | Connection List Management | View Connection List | View All Registration Records | External access address, internal actual address, connection relay server, status display | ||
| 7 | Filter/Search | Conditional Search | System name, subdomain, can be queried by status | |||
| 8 | Status Check | Check Relay Server (Edge) Status | - Active: The authentication information connected to the server is valid and accessible. - Inactive: Authentication information has expired or been invalidated, making access impossible. It is not a value set directly by the administrator, but rather a status that the system automatically reflects. | |||
| 9 | Live Status Check | Check server connectivity in real-time when the Live button is clicked. | ||||
| 10 | Access History Management | Log Management | User Access History Management | Record and manage internal system access history Statistics inquiry (by user/by URL), check block history available |
Proxy Relay Service (In/Outbound)
The basic Proxy is a relay proxy service that performs both Inbound and Outbound roles.
| number | Major Category | Subcategory | Subcategory | Description | Note | Document Link |
|---|---|---|---|---|---|---|
| 1 | Connection Relay | External → Internal Relay | Connection Request Relay | Safely relay external user access requests to internal systems | ||
| 2 | Internal to External Relay | Connection Request Relay | Safely relay external access requests from internal users to external systems | |||
| 3 | Register/Delete Relay Server IP | Registering or Deleting Public IP for External Access | ||||
| 4 | Access Control | URL Access Control | Allow/Deny URL Settings | Registering and Managing Allowed External Access URLs | ||
| 5 | ACL Rule Management | Setting and Managing Access Allow/Deny Rules | ||||
| 6 | Access Logging | Log Management | Access Log Record | Internal ↔ External Access History Recording and Management | ||
| 7 | Log Inquiry | Access Log View and Search |
Desktop / Remote Console Access (Coming Soon)
SHIELD Edge Link is a built-in service that provides remote access features such as SSH and RDP through a browser-based interface.
| number | Major Category | Subcategory | Subcategory | Detailed Description | Note | Document Link |
|---|---|---|---|---|---|---|
| 1 | Remote Access | Accessing Company PC | Remote Desktop Access | Provides a connection feature that allows remote control of the company PC screen through a web browser. | ||
| 2 | Accessing the Internal Server | Remote Console Access | Providing a console access environment to input commands to the internal server through a web browser |