Xiid Docs

Appearance

SealedTunnel Components

INFO

The SealedTunnel documentation for Xiid's V4 platform is currently being written and will be fully released soon. Please contact your Xiid representative if you require support.

Xiid's SealedTunnel™ delivers ultra-secure, fast-to-deploy communication between endpoints with triple-encrypted, quantum-secure tunnels that never require open inbound ports at any time, on any endpoint, even when instantiating a connection.

Each component of the SealedTunnel serves a key role in the Xiid ecosystem. Understanding the function of each of these components individually will help system administrators better manage and interact with their Xiid deployments:

  • Connectors facilitate SealedTunnel connections by bridging two outbound-only halves of communication together without ever having the ability to decrypt or inspect the traffic flowing through it. These can either be self-hosted or managed by Xiid as a SaaS service.
  • STLinks are the agent software that run on or near the ends of SealedTunnel connections.
  • Commanders are used to define and manage STLink configurations (mappings/bindings). Commanders are always deployed by you and live behind a closed firewall/subnet that you control.

Xiid Connectors

TIP

For most deployments, Xiid Connectors are hosted and managed by Xiid as a SaaS service.

Xiid Connectors may also be licensed and self-hosted in fully on-premise, hybrid, or multi-cloud environments that you control.

Connectors are the front-lines of Xiid's technology. Connectors are located where they are reachable by connecting endpoints.

Xiid Connectors never require inbound network access to enterprise networks that you control, and Connectors do not hold the keys to decrypt your data that passes through them, ensuring that even if a Connector were to be comprised, an attacker would still be unable to access private resources.

Traditionally, careful opening of inbound ports was necessary to provide access to corporate resources. This is risky, however, as open inbound ports vastly increase the attack surface of your domain.

Xiid's SealedTunnel delivers the same levels of resource access without ever requiring open inbound ports and isolating tunnels at the process level, rather than at the device or network level as a traditional VPN would.

For the SealedTunnel to function, the STLink software must be installed on or near connecting endpoints.

STLinks can handle any kind of IP-based traffic, including web (HTTP/S), RDP, SSH, and any other kind of TCP or UDP traffic.

Only outbound port 443 is required for SealedTunnel to function.

Xiid Commanders

The Commander software, which is installed on a machine that you control, ideally behind a closed firewall/subnet with no open inbound ports, is used to deploy and configure SealedTunnel connections across STLinks.

The Commander configurations are stored in an encrypted database locally within your environment, ensuring that your sensitive connection information remains safe - even if Xiid is compromised.

Multiple Commander software installations can be deployed across multiple machines for high-availability and coordination across geographic regions and business units.

Commanders support the creation of STLink profiles that can be used to deploy fully-operational STLinks through automated deployment strategies.

Copyright © 2024 Xiid Corporation