Comparison of Network Connection Methods
There are two ways for traffic from remote users to reach private destinations:
- Resource Connectors (Deployed in Connector Groups)
- Network Tunnels (Deployed in Network Tunnel Groups)
Both can be configured and used for a single resource, for supported scenarios. For more information about traffic handling in this situation, see Manage Network Connections.
Resource Connectors (Deployed in Connector Groups)
Characteristics of resource connectors:
- Send traffic to private resources only.
- Support only Zero Trust Access connections (client-based and browser-based).
- Supported environments: AWS and VMware.
- Require only outbound connections from your network.
- Can connect user traffic to resources in data centers that have overlapping IP address ranges (when a single IP address can be in multiple locations), if the resource is defined and accessed using an FQDN.
- If an application is hosted from multiple locations, resource connectors automatically send traffic to the application location nearest to the end-user's location, for an optimal user experience.
- Easily scalable by deploying more connectors in a group.
- Additional network routing configuration is not required. Existing routing is normally sufficient.
- Expose only specified private resources, not your entire network, to Secure Access.
- Connectors proxy traffic, so Secure Access is segmented from your network.
- Self-maintaining lifecycle; software upgrades are managed for you by Secure Access
(Except platform operating system upgrades currently.) - For more information, see Manage Resource Connectors and Resource Connector Groups and subtopics.
Network Tunnels (Deployed in Network Tunnel Groups)
Characteristics of network tunnel groups:
- Can route internet-bound traffic as well as traffic to private resources.
- Support VPN, branch-to-branch, and Zero Trust Access (client-based and browser-based) connections.
- Require networking devices on your network that can initiate IPSec tunnels. See Device Compatibility and Network Tunnels.
- Network routing configuration is required.
- Extend your network to the Secure Access cloud.
- Many supported virtual and hardware platforms, simplifying connections to your existing environment.
You may be able to use existing infrastructure, without deploying additional devices. - For more information, see Manage Network Tunnel Groups and subtopics.
Manage Network Connections > Comparison of Network Connection Methods > Manage Network Tunnel Groups
Updated 4 months ago