Host Access Model
This article describes the various edge deployments of ZiTi Host Access. In all cases, the Controller and at least 2 Public Edge Routers are to be deployed for redundancy. The Ziti Fabric connections are established between all Edge Routers but not Clients/SDKs. The Public Edge Routers would provide connection between Private Edge Routers and/or Clients/SDKs.
:::info Note
-
Recommended configuration deployment of Public Edge Routers is to have only Ziti Edge enabled and of Private Edge Routers is to have Ziti Edge enabled with Tunnel option being required for cases where the Zero Trust domain ends at the private edge router.
-
Acronyms used in this article:
- ZDE - Ziti Desktop Edge
- ZME - Ziti Mobile Edge
- ZET - Ziti Edge Tunnel
:::
-
Application to Host A Deployment
:::info Details
- Client is SDK integrated
- Application has a client software (ZET) deployed :::
:::tip Advantages
- Application to Host Encryption
- No additional routing needed
- No additional DNS entries needed :::
:::caution Things to consider while deciding
- Software must be deployed to application servers
- SDK and Application source code availability :::
-
Application to Host B Deployment
:::info Details
- Client is SDK integrated
- Application has a client software (ZET) deployed :::
:::tip Advantages
- Application to Host Encryption
- No additional routing needed
- No additional DNS entries needed :::
:::caution Things to consider while deciding
- Software must be deployed to application servers
- SDK and Application source code availability :::
-
Application to Host C Deployment
:::info Details
- Client is SDK integrated
- Application has a client software (ZET) deployed :::
:::tip Advantages
- No need to deploy private edge routers
- Application to host Encryption
- No additional routing needed
- No additional DNS entries needed :::
:::caution Things to consider while deciding
- Fabric is not extended into application network
- SDK and Application source code availability :::
-
Client to Host A Deployment
:::info Details
- Client is ZDE/ZME enabled
- Application host has a client software (ZET) deployed :::
:::tip Advantages
- Client to Host Encryption
- No additional routing needed
- No additional DNS entries needed :::
:::caution Things to consider while deciding
- Software must be deployed to desktops/mobile
- Software must be deployed to application servers :::
-
Client to Host B Deployment
:::info Details
- Client is ZDE/ZME enabled
- Application host has a client software (ZET) deployed :::
:::tip Advantages
- Client to Host Encryption
- No additional routing needed
- No additional DNS entries needed
- No need to deploy private edge routers :::
:::caution Things to consider while deciding
- Software must be deployed to desktops/mobile
- Software must be deployed to application servers
- Fabric is not extended into application server network
:::
-
Client to Router Deployment
:::info Details
- Client is ZDE/ZME enabled
- Router is tunnel enabled :::
:::tip Advantages
- No software must be deployed to application servers
- No additional routing needed
- No additional DNS entries needed :::
:::caution Things to consider while deciding
- Software must be deployed to desktops/mobile
- Less secure, connection from private router to application is not protected :::
-
Router to Host Deployment
:::info Details
- Clients are behind Router
- Application host has a client software (ZET) deployed :::
:::tip Advantages
- No software must be deployed to clients :::
:::caution Things to consider while deciding
- Less secure, connection from clients to router is not protected
- Static/Dynamic Routing or Load Balancer is needed to direct traffic toward Routers
- Clients must be configured use Routers as first DNS entry if using named services :::