SDP Architecture
There are two components to a software-defined perimeter architecture:
- SDP Host
- SDP Controller
SDP Host
An SDP Host is a server that controls the flow of data between devices and apps. SDP Hosts are divided into two categories :
- An Initiating Host connects with an SDP controller, providing information about devices attempting to join the network, requesting a list of Accepting Hosts and establishing a TLS connection with those hosts.
- An Accepting Host link authorized devices to apps that have been requested. Only an SDP controller and the Initiating Hosts are connected to this sort of host.
SDP Controller
An identification system is used by an SDP controller to identify devices (public key infrastructure, fingerprints, geolocation, OpenID, Kerberos, Active Directory, etc.). It also grants Accepting Hosts access and enforces access regulations.
SDP hosts can communicate with each other as determined by an SDP controller. An SDP host can either initiate or accept a connection. To identify which hosts they can connect to, and initiate SDP host connects with an SDP controller. Only approved messages and connections from an SDP controller are accepted by an accepting SDP host.
Gateways are used in some SDP topologies to function as the accepting host between the two connected devices/users. All communications and users/devices are kept safe through encrypted connections – commonly a virtual private network (VPN) tunnel – between controllers, hosts, and gateways.
Software-Defined Perimeter(SDP)
Software-defined Perimeter (SDP) is a network infrastructure that protects cloud-based and on-premise data centers using remote capabilities. The purpose of an SDP strategy is to employ software rather than hardware as the foundation for the network perimeter. The SDP was created by the Cloud Security Alliance in 2013 as a solution for secure networks that minimized the danger of data breaches.
Secure access to network-based services, applications, and systems in public and private clouds, as well as on-premises, is provided by SDP as it cloaks systems within the perimeter so others can’t see them, the SDP technique is frequently referred to as creating a “black cloud.”