Customer and Digibee responsibilities for ZTNA
This documentation describes the respective responsibilities of the customer and Digibee for the installation, implementation and operation of the ZTNA connection on the Digibee Integration Platform.
Responsibilities
Task | Digibee's responsibility | Customer Responsibility |
Edge Router Registration (2 ER's, client and Digibee) | ✔ |
|
Edge router installation (Digibee side) | ✔ |
|
Edge router installation (client side) |
| ✔ |
Grant access to Edge Router (client side) for each service, endpoint, server, etc. which will be accessed by the DGB platform through the ZTNA tunnel |
| ✔ |
Using the Chat feature on realm, creating a ticket that provides the endpoint that will be accessed (the resource must be accessible on the Edge Router client side). The ticket must include a table with the endpoint real (FQDN and Port). |
| ✔ |
Manually patching security vulnerabilities using the “apt” command or a tool/solution like Automox, Ivanti or Ansible can be done during any client patch routine window. Digibee will correct your side monthly or if a zero-day is identified sooner. | ✔ | ✔ |
Black Carbon and other security tools can be used on the image, but exceptions must be made for the 3 binaries: ziti, ziti-router and ziti-edge-tunnel |
| ✔ |
Creates SERVICES related to each relationship table entry sent by the customer | ✔ |
|
Defines APPWANs to ensure that the Edge Router on the DGB side can route traffic to the customer's SERVICES. | ✔ |
|
To install the Edge Router (client side) follow the instructions in this link
Look at the relationship table example below supposing we need to expose two resources from customer side:
1 database server: my_super_critical_database.thebestcustomer.me (FQDN), PORT 3306
1 SFTP server: my_best_sftp_server.thebestcustomer.me (FQDN). DOOR 22
Real Endpoint (DNS that can be resolved on the client side) | True Door | Result after route creation (used in pipelines) | Brings |
my_super_critical_database.thebestcustomer.me | 3306 | my_super_critical_database.thebestcustomer.me | 3306 |
my_best_sftp_server.thebestcustomer.me | 22 | my_best_sftp_server.thebestcustomer.me | 22 |
The columns on the right are result of the implementation of ZTN, those routes will be accessed from the realm pipelines.
Last updated