Kaazing Enterprise Shield

Kaazing Enterprise Shield (KES) protects your trusted network by initiating the connection from the internal trusted network towards the DMZ. Until now, allowing access to a trusted network while still maintaining security behind the firewall presented significant challenges because of the necessity to open ports to accept incoming connections.

For most administrators, opening a port to the outside world is a necessary but undesirable solution because it instantly increases vulnerability to outside hacks and attacks. Companies are reluctant to open up ports in firewalls because each open port is another potential attack vector for malicious users.

Figure 1: A Kaazing WebSocket Gateway Topology with Ports Open to the Trusted Network Using a Message Broker

KES allows you to close all inbound ports in your firewall, while still allowing external clients to initiate connections, thus closing the entry points available to untrusted users and eliminating attack surface vulnerability. Implementation is as simple as configuring a KES in the DMZ, which receives a reverse connection from a Kaazing WebSocket Gateway (KWG) within the trusted network.

Figure 2: Closed Inbound Ports in an Enterprise Shield™ Topology Using a Message Broker

Now a client can talk to a message broker or an application through a firewall and the architecture remains valid, without requiring changes. In fact, the client nor any of the backend services are aware of the secure WebSocket connection between them, with the combination of KES and KWG providing the completely transparent transport between the client and all of its required services inside the organization.