Architecture
Last updated
Last updated
Lumeus is a multi-tenant, SaaS-based platform that require no agents to be installed on endpoints or applications.
The core capabilities provided by Lumeus are:
SLA Anomaly Detection + Correlation
Adaptive Log Management
Managed Data Plane
Segmentation
Policy-as-Code
PAM-Lite
Auto Network Topology
Session Logging
Device Fingerprinting
The graphic below outlines how Lumeus interacts with existing network infrastructure:
Cloud Gateways: Lumeus Cloud Gateways provide reliable and secure Zero Trust Access (ZTA) for infrastructure and applications running in private networks. These are managed and hosted in the Lumeus Cloud and backed by the leading public cloud providers. Some of the main functions provided by Cloud Gateways include DNS, WAF etc.
On-Prem Gateways: Lumeus On-Prem Gateways run in the customer's private networks and can be deployed in a virtual or containerized form factor. The Gateway establishes a secure TLS tunnel to Lumeus Cloud Gateways to provide Zero Trust Access for private applications. It also establishes a secure control channel to the Lumeus Management Portal and a policy controller to provide Zero Trust Segmentation.
Lumeus SaaS management portal provides a unified console to manage and monitor all infrastructure resources. The portal is the main brain behind the solution and hosts all policy repository, analytics and access. The portal is deployed in Lumeus Cloud and provides the UI and API interface to the users.
SaaS portal provides core functions like AI Networking, Policy Orchestration and external Integrations.
Lumeus Cloud gateways provide a reliable and secure Zero Trust Network Access (ZTNA) for infrastructure and applications running in customers private network. Cloud Gateways integrate with enterprise Identity Providers (IDP) to enforce authentication and RBAC for remote users access.
Cloud Gateways are completely managed and deployed in Lumeus Cloud, which is backed by public cloud providers like AWS, Azure and GCP. Customers can pick the Cloud Gateway closest to their application during onboarding.
Cloud Gateways also provide network and security functions like DNS and WAF.
On-prem Gateways run in the customer private environment. These provide 2 main functions
Application Ingress: Zero Trust Network Access for remote users to private applications and infrastructure resources. For this create a secure TLS tunnel to the Cloud Gateways
Policy controller to manage segmentation policies on the local firewalls and appliances. The policies are pulled/pushed from Lumeus Management Portal. The policies are resolved and programmed on local firewalls based on the discovered endpoints and devices.
On-prem Gateways can be deployed in a virtual or containerized form factor.
In the subsequent sections, we will discuss some of the core functions,
AI Networking
SLA Anomaly Detection and Correlation
Adaptive Log Management
Managed Data Plane
Policy
Policy as code
Segmentation
PAM-Lite
Stitching
Auto Topology
Session Logging
Device Fingerprinting