App-trusted access can enable the creation of a new security boundary with identity at its core. For each access request, it can provide the organization apps with service-level dynamic, self-adaptive, fine-grained authentication enabling unified app management, rapid adoption of SaaS for intranet apps, and remote access services for organization apps.
Replacing Internal VPN
To enable fast SaaS access to intranet apps and make up for traditional VPNs’ lack of security, stability, and flexibility, Baishan provides more remote access services and Connector components with more robust authentication and fine-grained access control capabilities. These components enable fast SaaS access to intranet apps and make up for traditional VPNs’ lack of security.
Reducing Firewall Management Costs
Traditional firewalls based on manually configured IP and VLAN access policies can incur heavy workloads and are prone to errors. Access, combined with Connector components, rejects all inbound links by default, allowing outbound links only. There is no need to continually maintain firewall rules. In addition, the cost of firewall management is reduced.
Central Control of Assets
Once app assets are converged, working portals are unified, and the app assets are hidden. Infiltration through external scans can be avoided, and reactive repair efforts will become a thing of the past. Consistent access control for all applications will provide a better user experience.
Unified Portal and Improved Single Sign-on Efficiency
Integration of JWT, OIDC, OAUTH2.0, SAML2.0, and other single sign-on protocols enable app SSO integration to provide unified-portal one-click login without repeatedly enter account passwords.
Reducing the Complexity of Building IT Security
Based on the idea of zero trust, Baishan has upgraded the traditional network boundary-based model to a new security boundary with identity as its core. Once organizational security access policies are upgraded, all user access can be easily managed, which helps enable digital transformation.
Self-managed apps enable fine-grained permission configuration at the URL level using CNAME/NS.
Three types of remote protocol enable app access: RDP, VNC, SSH.
SaaS app access is enabled using multiple built-in types of SaaS app templates and supporting OIDC, SAML, CAS, LDAP, and other SaaS app access protocols.
Combinations of policy customizations to enable the configuration of access rights for related apps.
Direct sign-in is possible when there is only one authentication method.
Access rules can be assigned to groups of users. Different rule configurations can be created by combining groups.
Login portals can be unified to configure access permissions for single sign-on domain names.
Use of OTP dynamic passwords, DingTalk, WeCom, OAuth2, SAML 2.0, OIDC, and other third-party authentication sources is supported.
All operational logs, application login logs, access logs, and other platform information is recorded to comply with audit requirements.
Telecommuting Needs Under the New Normal
— Ensuring a consistent office experience
With zero-trust architecture, telecommuters trying to access their organizations’ apps are required to go through trusted-app access authentication to obtain a list of apps based on employee roles and permissions. This eliminates the need to continually enter account passwords and ensures a consistent system access experience.
Baishan’s global edge cloud network ensures that all users always have access to the nearest application servers, providing telecommuters with the same fast and secure access experience as in-office workers.
Improving the Security and Access Efficiency of External Access Portal in the Private Room
— Upgraded security management capabilities reduce the risk of intrusion
IDC portal protection is transferred from the server to the cloud. The security gateway provided in the cloud is used as a full-network access point. Further, it establishes a one-way outbound link via the Connector component deployed in the intranet environment. By hiding the front-end assets, all inbound links are blocked from external access to the portal, ensuring the security of the Private service.
The Connector component intelligently selects the location closest to the user's network room to reduce the latency of user network access and enhance the remote access experience.