Skip to main content

PRA Core Components

Application Gateway​

  • Safous PRA's core engine, deployed within the customer’s network close to the resources (e.g., servers, applications, databases) that the organization wants to secure and provide access to.
  • Operates as an inverse proxy, dynamically brokering secure connections between users and the resources they are authorized to access. This ensures that sensitive data remains within the trusted network and does not traverse through untrusted environments.
  • The Application Gateway facilitates interactions with external services (e.g., SMS gateways, GitHub) to enable features such as MFA. Note, however, that these interactions are exclusively handled through the POPs.

Safous Global POP​

  • Managed by Safous and deployed on the public cloud providers, across multiple global zones.
  • Serves as a secure entry point for users to access the PRA system - removing the need for organizations to maintain their own gateways.

Private POP​

  • Customer-managed POP that can be deployed in any location the organization chooses - such as on-premises, in a private cloud, or at an edge location.
  • Acts as a dedicated entry point to the PRA system - tailored to meet the organization's specific security, compliance, and infrastructure needs.

Site​

  • Logical entity that groups Application Gateways within the same network - facilitating resource segmentation and enhancing security.
  • Customers can have several sites, allowing for flexible and scalable management of resources across different network boundaries.
  • When publishing applications, administrators select the relevant sites to determine resource accessibility and apply specific policies or configurations, as needed.
Last updated on