IDaaS Open Platform

Introduction to CloudBridge Agent

CloudBridge

# Overview

This chapter introduces you to the basic information related to the IDaaS CloudBridge.

# Understanding CloudBridge

Typically, for security reasons, enterprises are unwilling to expose their internal services directly on the public internet. However, enterprise customers' operations in IDaaS require access to these internal services. To solve this problem, we propose the CloudBridge solution. CloudBridge connects the customer's on-premises services with the cloud-based IDaaS, enabling bidirectional communication between the local services and the cloud IDaaS.

The CloudBridge Agent acts as a "bridge," establishing a secure network tunnel between the enterprise's internal services and the IDaaS cloud service. This avoids directly exposing the internal services to the public internet, thereby effectively protecting network entities from threats such as eavesdropping and replay attacks.

To provide a more secure environment for enterprise services and IDaaS cloud services, support is provided to configure the egress IP of the CloudBridge Agent. After configuration, the CloudBridge Agent will be verified when establishing a connection with the IDaaS cloud service. Connections will be rejected if the IP is not the configured one. By configuring the CloudBridge Agent's IP, connections to the IDaaS cloud service are restricted to specific IPs only, ensuring service security.

Currently, IDaaS offers three types of CloudBridge Agents: Authentication Source CloudBridge, Identity Source CloudBridge, and Application Synchronization CloudBridge.

  • The CloudBridge Agent is used to establish a connection channel between Zhuyun IDaaS and the corresponding services within the enterprise.
  • Bidirectional Communication: There is bidirectional communication between the Agent service and Zhuyun IDaaS.
  • Security First: Only Agents registered with Zhuyun IDaaS can be used normally after passing local authentication. TLS is used throughout the data transmission process.
  • Local Storage of Configuration: Connection configuration information is stored locally. For example, AD connection configurations are stored on the enterprise premises, not in Zhuyun IDaaS.
  • High Reliability: High system reliability is ensured through heartbeat and watchdog mechanisms.

# CloudBridge Interaction Model

Identity Source Cloud Bridge