"Attaching" a resource configures it as a connected destination for a specific Gateway.
Overview
In the Cipherscale Zero Trust architecture, Gateways act as the core Data Plane components responsible for securely routing end-to-end encrypted traffic and enforcing access policies. For any destination—whether a Private Resource, a SaaS Application, or an Internet Access Point—to be protected and accessible by users, it must be "attached" or linked to a Gateway.
"Attaching" a resource configures it as a connected destination for a specific Gateway. In practical terms, this means the logical resource is mapped to a physical or virtual Gateway that has been deployed within a network capable of actually reaching that destination. Without an assigned Gateway, traffic cannot be routed through Cipherscale to the resource, and Zero Trust access policies cannot be enforced.
Cipherscale supports a highly flexible, many-to-many relationship between gateways and resources to ensure seamless access and scalability:
-
One Gateway to Many Resources: A single gateway can simultaneously provide access to private resources, SaaS applications, and the internet. You can attach as many resources as you need to a single gateway, provided the gateway is on a network that can reach all of those connected resources.
-
One Resource to Many Gateways: The exact same resource can be configured as a connected resource across multiple gateways. This is highly recommended for mission-critical applications to avoid single points of failure.
When the same resource is linked to multiple gateways, Cipherscale utilizes High Availability (HA) modes to determine how traffic is routed:
-
Automatic High Availability: Cipherscale dynamically selects one or more available gateways that can reach the resource and load-balances the traffic. The platform automatically evaluates the data speed and performance of the available gateways, prioritizing those that offer the best connection for the user and avoiding gateways that provide worse performance.
-
Manual High Availability: Administrators can choose to manually prioritize the list of gateways connected to a resource. In this mode, Cipherscale will always attempt to route traffic through the highest-priority gateway first; if that gateway is unavailable, it will automatically fail over to the next gateway in the priority sequence.
Maximize your efficiency by navigating to the Gateways sections before entering prompts. You’ll gain instant visibility into the Detail Panes to verify Copilot’s actions and receive tailored Prompt Catalysts to help guide your next steps.
The Intent: What the AI Needs
-
Resource name – which resource to assign the gateway to
-
Gateway name – which gateway to link
-
Load balancing mode (Optional) – AUTOMATIC or MANUAL (defaults to AUTOMATIC if not specified)
Note
To make the resource fully functional, you'll also need an access policy that defines who can access the resource and under what conditions. Mission: Crafting Access Policies
Interaction Flow
Below is an interaction using the Copilot's intent bar to link two resources to the same gateway.
|
Step |
Participant |
Action/Content |
|---|---|---|
|
1. The Prompt |
Admin |
"link file_server and Salesforce to gateway us-east-gw" |
|
2. The Draft |
AI Copilot |
"I'll look up the details for the gateway, resources, and their current assignments simultaneously! Got all the details. Now I'll assign us-east-gw to both file_server and Salesforce in parallel! Assign gateway 'us-east-gw' to 'Salesforce' This will assign the us-east-gw gateway to the Salesforce resource for traffic routing and access control. {Resource:{original:"None",delta:"Salesforce"},Gateways:{original:"None",delta:"us-east-gw"},Load Balancing Mode:{original:"None",delta:"AUTOMATIC"}}
Confirm or Cancel?" |
|
3. Validation |
Admin |
“Confirm” |
|
4. The Draft |
AI Copilot |
"✅ Action confirmed, proceeding with execution of operation. Assign gateway 'us-east-gw' to 'file_server' This will connect the gateway to the resource, enabling traffic routing through the specified gateway with automatic load balancing. {Resource:{original:"file_server",delta:"file_server"},Gateways:{original:"None",delta:"us-east-gw"},Load Balancing Mode:{original:"None",delta:"AUTOMATIC"}}
Confirm or Cancel?" |
|
5. Validation |
Admin |
"Confirm." |
|
6. Result |
AI Copilot |
✅ Action confirmed, proceeding with execution of operation Both resources have been successfully linked to us-east-gw! Here's a summary: |
Assigning Gateways
-
"Assign gateway us-east-gw to resource HR Portal"
-
"Link gateways us-east-gw and eu-west-gw to resourcefile_server"
-
"Connect us-east-gw to all my PRIVATE resources"
Load Balancing
-
"Set load balancing to MANUAL for resource HR Portal"
-
"Change the load balancing mode to AUTOMATIC for Salesforce"
-
"Update file_server to use manual load balancing and assign gateways gw-1 and gw-2"
Unassigning Gateways
-
"Unassign gateway us-east-gw from resource file_server"
-
"Remove eu-west-gw from Salesforce"
-
"Detach all gateways from resource HR Portal"
Replacing / Swapping Gateways
-
"Replace us-east-gw with us-west-gw on resource file_server"
-
"Swap the gateway on Salesforce from gw-old to gw-new"
Viewing Assignments
-
"Show me all gateways assigned to resource HR Portal"
-
"Which resources are connected to gateway us-east-gw?"
-
"List all resources and their assigned gateways"
-
"Show me resources that have no gateways assigned"
Bulk / Multi-Resource Operations
-
"Assign us-east-gw to resources file_server, Salesforce, and HR Portal"
-
"Unassign eu-west-gw from all resources it's connected to"
-
"Move all resources from gw-old to gw-new"
Refer to System State & Verification
Refer to Troubleshooting
Comments
0 comments
Article is closed for comments.