The 40Cloud solution makes your public cloud private by building a new virtual private network over your Cloud deployment. This private network uses private and consistent IP addressing and encrypted communication, and is therefore unreachable from any other network. 40Cloud enables you to define and enforce the access rights to your Virtual Private Cloud network by using authentication, authorization and firewall technologies.
Using 40Cloud, the Gateways are the only entry-points to your cloud network. All employees or contractors (remote users) accessing your cloud servers will have their identity authenticated at the Gateways. The Gateways are also the enforcement point of your Access Control Policies. Remote users connect to the Gateways using standard IPsec VPN technology. The Gateways are self installed, typically one Gateway per data-center or isolated cloud network (an isolated cloud network is a private IP subnet with a layer 2 separation construct, e.g VLAN).
Thin Agents (optional)
A single software agent, installed on every cloud server, is in charge of enforcing the configured security policies on the virtual server itself. The Agent facilitates the construction of secured and encrypted communication links (based on IPSec VPN) with the other servers in its data-center and with the Gateways. The Agent also configures the Server’s firewall according to the configured security policy. The agent does not interfere with the actual data flow (i.e. is not in the data path).
Web Admin Console
The web Admin Console allows you to monitor and configure User information, Roles and Access Policies, as well as bringing up new servers. Monitoring network connectivity status, system events and alarms is also possible using the Web Admin Console intuitive UI. The web Admin console will be normally used by your system administrators or DevOps.