Securely access your internal infrastructure with Cipherscale. Learn to onboard private applications, verify reachability, and troubleshoot using AI-driven prompts.
Overview
A Private Resource is any internal service—such as a Jira server, a development database, or an SSH terminal—that sits behind your Cipherscale Gateway. Unlike traditional VPNs that grant access to an entire network, Cipherscale uses Micro-segmentation. You define specific targets and then use them in access policies to ensure that authorized users have least-privilege access.
Maximize your efficiency by navigating to Private Access before entering prompts. You’ll gain instant visibility into the Detail Panes to verify Copilot’s actions and receive tailored Prompt Catalysts to help guide your next steps.
The Intent: What the AI Needs
-
Name (required): A descriptive label for the resource (max 40 characters). Example:
HR PortalNote
No special characters like
.or@. -
Address (required): The IP address or domain of the internal resource. IP format: e.g.,
10.0.0.5,172.25.0.12,192.168.1.100. Must be a private IP (RFC 1918 ranges:10.x.x.x,172.16–31.x.x, or192.168.x.x). CIDR format can be used (e.g.,10.0.0.0/24). Domain names can be internal host names (e.g.,db-server) or Fully Qualified Domain Names (FQDNs) (e.g.,database.internal.company.com) -
Protocols (required): The protocols used to access the resource. Common options:
SSH,HTTPS,HTTP,RDP,ICMP. Custom protocols (e.g.,TCP 9000,UDP 5000–5100). For no restrictions, specifyALL PORTS -
Description (optional): A short description of the resource (max 120 characters). Example:
Primary HR application server
Note
To make the resource fully functional, you'll also need:
A gateway assigned — routes traffic to the resource through Cipherscale. Mission: Assigning Resources to Gateways
An access policy — defines who can access the resource and under what conditions. Mission: Crafting Access Policies
Interaction Flow
|
Step |
Participant |
Action/Content |
|---|---|---|
|
1. The Prompt |
Admin |
"I want to onboard a private resource." |
|
2. The Draft |
AI Copilot |
"I'd be happy to help you set up a private resource! To get started, I'll need a few details: Name — What would you like to call this resource? (max 40 characters) Address — What is the IP address, CIDR range, or internal domain/hostname of the resource? Protocols — Which protocols should be allowed? (e.g., SSH, HTTPS, RDP, ALL PORTS, or a custom TCP/UDP port) Description (optional) — Any description for this resource?" |
|
3. The Prompt |
Admin |
"Name 'file server' using domain of file.internal.local. Allow all protocols." |
|
4. The Draft |
AI Copilot |
"Let me check the existing resources and infrastructure before creating. No existing resource matches your request, so I'll go ahead and create it. Creating the File Server resource now. Create File Server resource Creating a new PRIVATE resource to provide access to the file server at file.internal.local with all ports available. {Resource Name:"File Server",Resource Type:"PRIVATE",Address:"file.internal.local",Protocols:"ALL PORTS",Description:"File server resource"}
Confirm or Cancel?" |
|
5. Validation |
Admin |
"Confirm." |
|
6. Result |
AI Copilot |
✅ Action confirmed, proceeding with execution of operation TheFile Serverresource has been created successfully! Here's a summary:
⚠️Important: The resourceFile Serverhas been created, but it won't be functional until:
|
|
7. Follow Up |
AI Copilot |
Would you like me to:
|
Example Listing and Viewing Intents:
-
"Show me all private resources"
-
"Show full details of the 'File Server' resource"
-
"Show statistics for all private resources"(total, online, offline, without gateway, without policy)
-
"Which gateways are connected to the 'File Server' resource?"
-
"List all protocols available for private resources"
-
"Show all policies for private resources"
Example Creation Intents
-
"Create a private resource named 'DB Server' at 10.0.0.5 with SSH and HTTPS"
-
"Create a private resource named 'App Cluster' at 192.168.1.0/24 with ALL PORTS"
-
"Add a second address 10.0.0.6 to the 'File Server' resource with HTTPS"
-
"Create a custom protocol TCP 9000 for use with private resources"
-
"Create a policy to allow the Engineering group to access the 'DB Server' resource"
Example Updating Intents
-
"Rename the 'File Server' resource to 'Corporate File Server'"
-
"Update the description of the 'DB Server' resource"
-
"Change the protocol on 'File Server' from ALL PORTS to SSH and HTTPS only"
-
"Update the address on 'File Server' from file.internal.local to files.corp.local"
Example Gateway Management Intents
-
"Assign SmallGatewayQA to the 'File Server' resource"
-
"Assign gateways SmallGatewayQA and GTW1_SS_QA-Canada to the 'DB Server' resource"
-
"Remove SmallGatewayQA from the 'File Server' resource"
-
"Set load balancing to automatic for the 'DB Server' resource"
-
"Assign SmallGatewayQA to all private resources that don't have a gateway"
Example Policy Management Intents
-
"Create a policy to allow all users to access the 'File Server' resource"
-
"Create a policy to allow the HR group to access 'File Server' during business hours only"
-
"Update the 'Access to File Server' policy to also include the Finance group"
-
"Change the admission rule on the 'Access to DB Server' policy to require macOS 15+"
-
"Delete the 'Access to File Server' policy"
-
"Move the 'Access to File Server' policy to priority 1"
Example Deletion Intent
-
"Delete the 'CIDR Test Resource'"
Navigate to Private Access using the Navigation Menu and use the Details Ribbon to verify the Copilot actions or view the current system state.
The Private Resources Data Grid: Click Private Resources on the Details Ribbon to view the data grid that displays the list of Private Resources with their Name and Status, Description, Address and Protocol, Gateway, and Access Policy. The copy icon appears when hovering over a Private Resource's name, making it easy to copy and paste it into the Intent Bar for use with a prompt. Search allows quick filtering of the rows to show the matching private resources.
A Specific Private Resource's Data Grid: To view details for a specific resource, click that resource's name. You will see details such as the Status, Addresses and Protocols. Data Grids for the associated Gateways and Access Policies are also displayed. The Load Balancing mode is also displayed in the Gateways section. To go back to the Private Resources Data Grid, click Private Resources from the breadcrumb.
Private Resource Status
The status of private resources is visually represented by the following colors:
-
Orange: No Gateway Selected.
-
Red: Offline.
-
Green: Online
Verify the Resource Status:
Check the visual status of the private resource in the administration portal's Private Resources tab. Green means it is online, Red means it is offline, and Orange indicates that no gateway has been selected for it yet.
Ensure Gateway Routing and Reachability:
Private access relies on a Gateway deployed within your private network. If a resource is unreachable, verify that the Gateway assigned to it is placed in a network that can actually route traffic to that specific private application or service.
Audit Assigned Policies and Gateways:
If a user cannot connect, you can easily verify the resource's configuration by navigating to Private Access > Private Resources and clicking on the resource's row. This will display the Gateways and Access Policies sections currently associated with it. Remember that access is denied by default unless an explicitly configured Access Policy grants it, and that policy will only grant access if its linked Admission Rules are successfully met.
Leverage AI Root Cause Analysis (RCA):
You can use the AI-native conversational interface to diagnose access issues instantly. By asking a plain-English query like, "Why can't User A access the Production Database?", the AI will correlate access policies, admission rules, gateway reachability, and real-time logs to surface the exact point of failure
Comments
0 comments
Article is closed for comments.