Securing ZPE Systems Network
  • 26 Aug 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Securing ZPE Systems Network

  • Dark
    Light
  • PDF

Article summary

This document provides information on how Nodegrid devices and managed devices securely communicate with ZPE Cloud. The following figure depicts a robust framework that showcases safeguarding connections between the devices and ZPE Cloud.


0.1: Network Administrator to ZPE Cloud

Description

Administrators can access Out-Of-Band (OOB) devices through OOB-Cloud by browsing https://zpecloud.com or https://zpecloud.eu depending upon the region.

Encryption

HTTPS

Authentication

Authentication is carried out based on SSO, MFA

Other

ZPE Cloud is hosted on GCP and follows all the security aspects of GCP (Google Cloud Platform). We follow Soc2 Type2 compliance as shared in the detailed compliance documentation.


0.2: ZPE Cloud to Azure AD (SSO Authentication)

Description

Administrators will get authenticated with Azure AD.

Encryption

HTTPS, Certificate

Authentication

SAML 2.0, MFA

Other

A certificate is used to protect the SAML document

0.3: ZPE Cloud to OOB Device (ZPE Nodegrid Device Access ) 

Description

OOB-Cloud is utilized to manage OOB devices by employing the OOB cloud to access the console of network devices via the OOB infrastructure.

The OOB device synchronizes with the OOB cloud via either a Sophos internet or 4G/5G LTE connection.

OOB Device connects to ZPE Cloud - only outbound connects from device to cloud.

Encryption

MQTTS with mTLS with TPM (Trusted Platform Module), HTTPS, WSS

Authentication

mTLS, Device/Cloud based authentication (TPM Pairing)

Other

The device-to-cloud communication detailed documentation is shared with the team

0.4:  ZPE OOB Device to Azure AD 

Description

Administrators can manage devices via the console or management port by accessing OOB devices through OOB-Cloud.

Encryption

HTTPS, Certificate

Authentication

SAML 2.0, MFA

Other

-

0.5: ZPE OOB Device to Network Device 

Description

Administrators have the option to manage devices either through the console or the management port.

Encryption

HTTPS, CONSOLE, HTML5, CSR

Authentication

TLS

Other

The ZPE cloud will allow access to the console and management of the Network device through a secure HTML5 webpage via HTTPS protocol. The Network device will connect to the ZPE devices through both the serial port (console) and the management port.

0.6: Log Data Transmission

Description

The ZPE OOB device sends the log to the Splunk forwarder.

Encryption

SSL/TLS 1.2+ encryption for data in transit

Authentication

TLS

Other

-

0.7: Log Data Transmission

Description

API requests to and from the ZPE OOB Device.

Encryption

HTTPS

Authentication

TLS

Other

-


Was this article helpful?

ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence