
How Appgate SDP Works
Appgate’s Software-Defined Perimeter architecture exceeds the NIST Zero Trust Architecture Specifications by delivering a truly superior Zero Trust access solution.
Watch How Appgate SDP Works
A Step-by-Step Walkthrough
Explore the workflow and core appliances of Appgate SDP
Verify
Identity
Before any connection is made, the device and user must authenticate to the Controller, which evaluates a multi-dimensional identity profile.
User and Device Context:
- User Roles & Projects
- Time and Date
- Location
- Device Security Posture
- Customizable Conditional Requirements

Grant
Entitlements
Based on the context and permissions associated with user or device, the Controller returns a cryptographically signed token back to the Client, which contains the authorized set of network resources.
Entitlements Adjust Based On Conditions and Risk
- Trusted access
- Limited access
- No access

Permit
Access
The Client uploads the Entitlement, which the Gateway uses to discover applications matching the user’s identity. When the user attempts to access a resource, the network driver forwards the token to the appropriate cloaked Gateway.
The Gateway:
- Permits access
- Denies access
- Requires an additional action from the user, such as a one-time password
Once granted, all access to the resource travels from the Client across a secure, encrypted network tunnel to the Gateway, then through a micro-firewall to the only the approved resource.

Monitor for
Changes
Appgate SDP continuously monitors for changes to the user and device context. If context changes, the users' network and application entitlements dynamically adjust in real time based on policies.
Privileges Adjust Immediately:
- Require additional authentication from the user
- Restrict access to critical systems
- Revoke access until resolution

Critical Features

Cloaked from Prying Eyes
Single Packet Authorization (SPA) makes your infrastructure invisible to minimize your attack surface. Unlike pinholes and open ports, with SPA you can’t attack what you can’t see.

Concurrent Access
Users gain seamless access to all entitled resources across heterogeneous environments without VPN switching. Avoid costly backhaul and latency with 1Gbps throughput that utilizes internet connectivity for high availability.

Dynamic Policy Resolution
Using plain language tagging and environmental meta-data, user policies remain in-sync with infrastructure regardless of underlying addresses or dynamic scaling.

Programmable & Adaptable
As an open platform, Appgate SDP includes a bi-directional API interface that integrates into the fabric of your organization, including: Identity and Access Management, Directory Services, ITSM, SIEM and Business Support Systems.
Ready to Go Deeper?
Related Materials

Appgate SDP Overview
A detailed description of the features, functionality and core components of Appgate’s Software-Defined Perimeter
Read Data Sheet

Join Our Next Live Demo
Every Wednesday at 11am EST you can join a live session with an Appgate SDP engineer. See how the software works, solves for common use cases and get answers to your questions live.
Register Now

SDP Reference Architecture
Illustrates and documents how Appgate’s Software-Defined Perimeter works within different network architectures
Read Whitepaper
Talk to a Secure Access Expert
Our team is available to help answer questions about remote access or Zero Trust, demo Appgate SDP solution and discuss pricing. How can we help you deliver secure access with confidence?