Guides
Log In
Guides

Overview

Suggest Edits

Cyolo Core Components

Identity and Access Controller (IDAC)

  • Cyolo's core engine, deployed within the customer’s network close to the resources (e.g., servers, applications, databases) that the organization wants to secure and provide access to.
  • Operates as an inverse proxy, dynamically brokering secure connections between users and the resources they are authorized to access. This ensures that sensitive data remains within the trusted network and does not traverse through untrusted environments.
  • The IDAC facilitates interactions with external services (e.g., SMS gateways, GitHub) to enable features such as MFA. Note, however, that these interactions are exclusively handled through the IDAC gateway.

Cyolo Global Gateway

  • Managed by Cyolo and deployed on the public cloud (AWS and Google), across multiple global zones.
  • Serves as a secure entry point for users to access the Cyolo system - removing the need for organizations to maintain their own gateways.

Private Gateway

  • Customer-managed gateway that can be deployed in any location the organization chooses - such as on-premises, in a private cloud, or at an edge location.
  • Acts as a dedicated entry point to the Cyolo system - tailored to meet the organization's specific security, compliance, and infrastructure needs.

Site

  • Logical entity that groups IDACs within the same network - facilitating resource segmentation and enhancing security.
  • Customers can have several sites, allowing for flexible and scalable management of resources across different network boundaries.
  • When publishing applications, administrators select the relevant sites to determine resource accessibility and apply specific policies or configurations, as needed.

Deployment Models

The Cyolo system consists of four flexible deployment models:

  1. Cyolo Gateway - IDACs communicate through the Cyolo Global Gateway (CGG), a managed entry point for users to access the Cyolo system. Users can securely access the system if they can access one of the CGG instances deployed worldwide.
  2. Isolated - IDACs communicate exclusively through Private Gateways (PGs). Users can access the Cyolo system only through one of the PGs controlled and managed by the customer.
  3. Internet - IDACs communicate through PGs that are accessible from the internet. Users can access the Cyolo system if they have internet connectivity.
  4. Hybrid Gateway - IDACs communicate through PGs, but these gateways themselves are connected to the CGG. Users access the Cyolo system by connecting to the CGG, which serves as the upstream entry point for the PGs.

Updated 3 days ago