Understanding SDP

Unlike a traditional VPN or firewall, SDP operates on the principle of zero trust and dynamically controls network access to improve security.

SDP provides the following security features

Zero-trust-based access control
Dark cloud for more secure application server protection
Dynamic tunneling available only to authenticated users

For zero-trust, dark cloud, application servers providing services are subject to a minimal authentication process (separate from user authentication).

Here, the minimal authentication is implemented as a UDP packet containing mutually trusted confidential information (secret key, Machine ID, HOTP) called Single Packet Authorization (SPA).

Components

The components of SDP are Controller, Gateway, and Client.

Controller

The Controller acts as the first point of contact for clients to access internal services and performs roles such as user authentication, gateway management, and more.

A database for storing gateway information and audit records, and IAM (Keycloak) for user authentication are included in the package.

Gateway

Gateways are installed on the actual service delivery devices, such as VPNs, and are responsible for dynamically controlling access to internal services so that only users who are authorized by the Controller can access them.

Client

An application on the user end to use internal services, installed on the user's device to perform authentication and service requests.