SealedTunnel Components
Each component of SealedTunnel serves a key role in enabling Xiid's Zero Knowledge Networking tunnelling solution. Understanding the function of each of these components individually will help system administrators better manage and interact with the Xiid ecosystem.
STCollector
TIP
STCollectors are available as either a SaaS offering from Xiid or licensable for on-prem or private cloud deployments.
STCollectors are a type of specialized Request Collector for SealedTunnel.
The STCollector collects packets of triple-encrypted SealedTunnel data and bridges virtual connections between STLinks.
STCollectors do not include the SHyPs that the Request Collector uses due to the unstructured nature of SealedTunnel data.
Agent Configuration Portal
TIP
Xiid IM licenses are not required to run the Agent Configuration Portal, which is necessary to manage SealedTunnel deployments. IM functionality is not available without an IM license.
The Agent Configuration Portal is a web portal used to configure various aspects of your Xiid IM and SealedTunnel deployments, including configuring Virtual Users.
STLink
WARNING
You cannot reuse the same Entrypoint Activation Codes or Exitpoint Activation Codes across multiple machines.
The STLink is analogous to an Agent in Xiid IM and enables communication via the SealedTunnel.
An STLink is installed on (or near) both machines that wish to communicate over the tunnel.
Generally speaking, the client connecting to a resource is considered an Entrypoint and is configured using an Entrypoint Activation Code. The server hosting the resource is considered an Exitpoint and is configured using an Exitpoint Activation Code.
The STLink receives Mapping Configurations that contain the loopback address and Port Bindings.
Entrypoints
In the most simplistic terms, an Entrypoint is a client-side list of connections to different remote resources.
An Entrypoint defines the loopback addresses and ports associated with a client machine.
Entrypoint Mapping Configurations are configured in the Agent Configuration Portal and map to an Exitpoint's loopback address and port in the form of a Binding.
One Entrypoint can map to any number of Exitpoints.
Exitpoints
Generally, Exitpoints are the server-side remote resources clients would wish to access.
Exitpoint Mapping Configurations are configured in the Agent Configuration Portal.
For instance, you can map RDP access to 127.0.0.1:3389 (loopback address 127.0.0.1 on port 3389).
If you are hosting a web server, such as a Wiki Server, on a remote machine, you can configure 127.0.0.1:443 (loopback address 127.0.0.1 on port 443, the standard HTTPS port) on the Exitpoint and traffic will be routed over the loopback address to the Wiki Server.
Mapping Configuration
A Mapping Configuration is a mapping of a loopback address and port on an Entrypoint or an Exitpoint.
For instance, for an RDP connection, you could configure the address 127.0.0.1 and port 39 (127.0.0.1:39) on the client-side and a mapping to 127.0.0.1 on port 3389 (127.0.0.1:3389) on the server side.
These Entrypoints and Exitpoints are then linked through a Binding.
The client would connect to 127.0.0.1:39 locally to access port 3389 (127.0.0.1:3389) on the remote machine.
Bindings
Bindings link an Entrypoint's Mapping Configuration(s) to a specific Exitpoint's Mapping Configuration(s).
A Binding defines what Mapping Configuration a client would connect to on their device and which Exitpoint Mapping Configuration the traffic would be routed to on the endpoint.