Introduction to Private Cloud Private Access (PriCPA)

Private Cloud Private Access (PriCPA) is a cloud-native solution for Encrypted WAN communications that covers the scenarios of site-to-site, site-to-cloud and cloud-to-cloud, following the principles of Zero Trust. Legacy security networking solutions cannot be forklifted to the cloud. There are technical, operational and security limitations when using Legacy solutions. Networking engineers designed Legacy networking solutions to communicate branches, central offices and data centres.

Cloud communications arrived with new challenges of networking, security and, mainly, operational agility. Applications are now distributed in multiple VNET/VPCs of different clouds, APIs are required to be accessed from numerous sites, and we still need to communicate with on-prem services. An agile method of any-to-any secure encrypted communications with zero trust is required, and Private Cloud Private Access (PriCPA) is the answer to this challenge.

We provide Cloud Security Connectors for PriCPA with Outbound Firewall (Advanced NAT GW) on Amazon Web Services (*), Microsoft Azure (*) and on-premises virtual platforms: VMware, KVM and Hyper-V.

We will provide it for Gcloud very soon.

(*) Also available in AWS & Azure Government Clouds.

Click on the image to visit the cloud marketplace or virtual platform and contact us.

CSC PriCPA with Outbound FW (Advanced NAT GW) - Key benefits

With Private Cloud Private Access, you can connect all sites securely on a Zero Trust model. The CSC PriCPA secures your Private Traffic between your physical and cloud locations.

The key benefits are:

Savings:

80% savings compared with Cloud VPN Gateways or Service Broker Clouds.
Replaces MPLS, VPN Gateways, NAT Gateways, Outbound Firewalls, Direct Access connections, Virtual WAN, Cloud WAN, Private Link, Express Routing, etc.
Reduced TCO.

Performance and Scalability:

High Performance: 1 Gbps encrypted traffic per CSC.
Multiple sites can be deployed.
Multiple PriCPA clouds can be created.

Flexibility:

Any to Any Communications. (Crypto Key Routing).
All protocols are supported.

Security:

Full hardened device.
All traffic is encrypted using latest state of the art encryption protocols.
Zero Trust.
Outbound Firewall (Advanced NAT Gateway)
Blocks Lateral movement.
Automatic Security Group provisioning (Azure, AWS and Gcloud)

Simplicity:

No Networking knowledge required.
No operational burden for Administrators.
Networking as a code: Single JSON file for policies.
DevOps automated deployment: Azure ARM, Cloudformation, Terraform or similar.
2 Steps configuration: Onboard the Node to PriCPA Cloud and Deploy Policies (Single JSON file).

Visibility:

Traffic Logs and System Logs.
Traffic visibility End to End.
Source IPs preserved.

High Availability:

Automatic Route provisioning ("next-hop" or "target") via Cloud API.
Automatic configuration of "Floating Public IP".
Automatic re routing to Management Networks.
Cluster configuration for Virtual Platforms.
Multiple Uplinks to the Internet supported for OnPrem.

Compatibility:

100% Compatible with CSCs for Zscaler and Netskope.
100% Compatible with devices that supports Wireguard(*) Protocol.

Simple Management:

Local Management: SSH Admin Console with configuration wizards, full status reporting.
Remote Management: No proprietary software required. You can use any change management tool to configure and update the CSC, such as Azure CLI "Run Command", AWS System Manager (SSM agent), Ansible, Rundeck, scripting via SSH or similar.
SNMP v2c and v3 support.
Radius/MFA for SSH Admin Console access.
SIEM/Syslog integration for Traffic and Systems Logs.
TCPDump integrated in the SSH Admin Console.
Linux terminal console allowed (csccli user).

(1) Wireguard is a trademark of Jason Donenfeld.