Introduction

For SealedTunnel to connect two endpoints (processes), an agent software must run on or near the endpoints.

This agent is called the STLink.

STLinks handle connections on the local machine, managing the ephemeral encryption/decryption keys required for each connection as well as pulling/forwarding payload data to/from the Xiid Connectors. Each STLink has its own unique identifier and cryptographic keys used to exchange data on its host machine.

One STLink installation will handle many connections (SealedTunnels) and only needs to be installed once per endpoint or gateway you wish to connect.

How STLink Works

The STLinks use outbound-only connections to Xiid Connectors to push and pull encrypted data from the Connectors' queues, facilitating data exchange between other STLinks.

The STLinks constantly poll the Connectors' queues for new payloads tagged with their unique ID that are encrypted with cryptographic keys that only it can decrypt. This rapid polling mechanism eliminates the need for endpoints to have open inbound ports or ever accept inbound traffic, ensuring the security of the host machine while maintaining lightning-fast connectivity.

STLinks are deployed through the Commander Portal using Commander Profiles. The STLink, upon activation, will have Routes assigned to it.

Binding Routes tell the STLink which Bindings to create, and Mapping Routes tell the STLink which Mappings to create.