TAC Gateways and Endpoints
BlackRidge TAC gateways perform TAC identity insertion, identity resolution and policy enforcement. Identity insertion is the process that associates a network connection request with a user or device identity and inserts TAC identity tokens into TCP sessions. Identity resolution is the reverse process by which a TAC gateway or endpoint associates and authenticates a TAC identity token with a user or device identity. Policy enforcement implements the provisioned security policy — forward, redirect, or discard — for the connection request to a protected resource.
Enterprise and Branch Gateways
BlackRidge enterprise gateways are available as 1U rack-mountable appliances in either 1GbE or 10GbE network configurations. Each appliance is configured with either two 1GbE or two 10GbE data ports, along with a 1GbE dedicated management port. Numerous network interface options are available: copper interfaces with RJ-45 or fiber optics with SFP+, SR or LR transceivers, and with optional NIC bypass capability to fail open or closed. The 1GbE gateways support up to 10,000 unique identities and 1,000,000 concurrent network sessions. The 10GbE gateways support up to 40,000 identities and 4,000,000 sessions.
A fanless branch or desktop gateway is available for protecting assets in remote or branch offices, small subnets or single servers. The small form factor branch branch gateway is configured with two 1GbE data ports along with one 1GbE port for management, and it supports up to 1,000 identities and 100,000 concurrent network sessions.
A TAC gateway can work in both identity insertion and identity enforcement modes, and provide identity insertion on behalf of devices and users.
Cloud and Virtual Gateways
BlackRidge gateways are available for several hypervisors and cloud compute environments. Like their physical bretheren, each appliance is configured with two data ports, along with a dedicated management port. All virtual appliances adapt to their environment, automatically sizing based on the provisioned host resources. Supported environments include: VMware ESXi™, Linux Kernel Virtual Machine (KVM), Amazon Web Services (AWS), and z/VM® for the IBM Z®.
A BlackRidge software endpoint is TAC software that runs on a user device. It performs identity insertion into TCP/IP session establishment requests without user interaction and performs mutual authentication of network sessions. BlackRidge software endpoints are available for Windows® 7, Windows 10 and Ubuntu, with additional Linux operating systems and macOS® to be supported