BlackRidge TAC gateways perform TAC identity insertion, identity resolution and policy enforcement. Identity insertion is the process that associates a network connection request with a user or device identity and inserts TAC identity tokens into TCP sessions. Identity resolution is the reverse process by which a TAC gateway or endpoint associates and authenticates a TAC identity token with a user or device identity. Policy enforcement implements the provisioned security policy — forward, redirect, or discard — for the connection request to a protected resource.
Enterprise and Branch Gateways
BlackRidge gateways performs TAC identity insertion, TAC identity resolution and policy enforcement. The TAC gateway can operate as a Layer 2 transparent bridge or in Layer 3 NAT mode, so it can be deployed logically or physically in the data path between systems requesting access to resources, and the resources or systems to protect or segment.
The BlackRidge Enterprise Gateway is a rack-mounted hardware appliance with 1GbE or 10GbE data ports and a 1GbE management port. In addition, the data path ports may have built-in LAN bypass capability. The BlackRidge Branch Gateway is a fanless desktop appliance with 1GbE data ports and a 1GbE management port.
A TAC gateway can work in both identity insertion and identity enforcement modes, and provide identity insertion on behalf of devices and users.
Virtual and Cloud Gateways
BlackRidge virtual and cloud gateways are a full implementation of the TAC gateway in a virtual appliance, with functionality that is identical to that of a physical gateway appliance. Currently the virtual gateway runs on VMware ESXi, AWS, and on IBM z/VM, with other virtual environments and public clouds to be supported in the near future.