Customer and Digibee responsibilities for ZTNA

Task

Digibee's responsibility

Customer Responsibility

Edge Router Registration (2 ER's, client and Digibee)

✔

Edge router installation (Digibee side)

✔

Edge router installation (client side)

✔

Grant access to Edge Router (client side) for each service, endpoint, server, etc. which will be accessed by the DGB platform through the ZTNA tunnel

✔

Using the Chat feature on realm, creating a ticket that provides the endpoint that will be accessed (the resource must be accessible on the Edge Router client side). The ticket must include a table with the endpoint real (FQDN and Port).

✔

Manually patching security vulnerabilities using the “apt” command or a tool/solution like Automox, Ivanti or Ansible can be done during any client patch routine window. Digibee will correct your side monthly or if a zero-day is identified sooner.

✔

✔

Black Carbon and other security tools can be used on the image, but exceptions must be made for the 3 binaries: ziti, ziti-router and ziti-edge-tunnel

✔

Creates SERVICES related to each relationship table entry sent by the customer

✔

Defines APPWANs to ensure that the Edge Router on the DGB side can route traffic to the customer's SERVICES.

✔

Real Endpoint (DNS that can be resolved on the client side)

True Door

Result after route creation (used in pipelines)

Brings

my_super_critical_database.thebestcustomer.me

3306

my_super_critical_database.thebestcustomer.me

3306

my_best_sftp_server.thebestcustomer.me

22

my_best_sftp_server.thebestcustomer.me

22