Components

The following section describes the major components of CoIP Platform.

zCenter Orchestrator

The zCenter orchestrator is the heart of the CoIP Access Platform.  The zCenter virtual appliance provides centralized policy enforcement and control through a web-based UI or through API.  zCenter supports multitenancy, allowing customers to provide service for multiple projects or business units from a single zCenter.

All configuration and security of your deployment, including onboarding users and devices, configuring an identity provider, configuring security policies, and viewing security logs and history. is done through the zCenter GUI or through APIs.

zCenter is responsible for authenticating endpoints and registering them to become part of the CoIP network.  It is also where licenses and API keys are managed, logging is configured, and serves as a distribution point for endpoint agents (zLink).

This infrastructure component is a software solution that can be deployed on physical and virtual servers in an on-prem or cloud environment.

The zCenter controller can be deployed in a high-availability configuration (HA), and supports disaster recovery with the assistance of the ZOL service controller.

zCenter is primarily used for control, which is generally less sensitive to latency.  As a result, the placement of the zCenter is not critical, although it is still recommended to deploy zCenters on a regional basis to minimize impact to user experience.

ZNS Network Switch

The ZNS network switch provides secure WAN connectivity allowing remote users and applications to connect to applications in a different network domain. Deployed as a virtual appliance, it supports between 1 and 20Gbps of switching capacity.

Multiple ZNS virtual switches can be grouped together into a cluster to support arbitrarily large switching capacity; the zCenter controller will load balance CoIP traffic among the configured ZNS switches in a cluster.  Clustering also provides redundancy in the event of a single ZNS switch failure.

ZNS clusters may be deployed strategically to optimize application traffic routing. A typical best practice is to select ZNS data services in the region physically closest to the application that is being accessed.

The zCenter controller integrates a small ZNS virtual switch, capable of up to 500Mbps switching throughput, to support demo and test environments without requiring customers to configure a ZNS virtual switch cluster.

zLink Agent

The zLink agent is the primary mechanism for onboarding servers and applications to CoIP Platform, and is installed to servers that need to be accessed and secured. The zLink agent can be downloaded for a variety of architectures and updated remotely through the zCenter portal, including EOL operating systems such as RedHat 5.x and Windows XP.

Gateway Proxy

The Gateway Proxy allows you to onboard services or devices that cannot be supported using an agent. It is delivered as a Linux virtual appliance to be installed in your network, next to the services or devices that need to be accessed.

A Gateway Proxy can be thought of as an on-ramp or off-ramp for CoIP Access ZTNA. It can provide filtering for access going to/from the physical network, but it does not provide Application Chamber functionality.

Micro-Segmentation Gatekeeper

The Micro-Segmentation Gatekeeper (MSG) is a hardware appliance that deploys inline with critical assets and workloads to 

Architecture

The basic high level architecture of CoIP Platform shown in one possible deployment context is shown in the figures below.

The control plane connections for the deployment connect directly to the zCenter orchestrator, while the data plane connections route through the ZNS.  The ZNS need not be in the same network as the zCenter.