Glossary
User
A User is an individual profile representing anyone who accesses remote servers and services through TRASAGATE. This can include employees, third-party contractors, DevOps teams, or service accounts.
User Identity Provider (uIDP)
A User Identity Provider (uIDP) is the source TRASAGATE utilizes to import, manage, and authenticate users. TRASAGATE comes with a built-in identity provider (TRASAGATE IDP) and can integrate with other identity providers like G Suite, Okta, LDAP, and FreeIPA.
Service
A Service refers to any network application that operates behind the TRASAGATE proxy. TRASAGATE supports profiles for Web applications, SSH, Remote Desktop Protocol (RDP), and Database services.
Upstream Service
An Upstream Service is an actual service running behind TRASAGATE, such as SSH or RDP services for internal servers or a Web application managing your firewall console.
Service Identity Provider (sIDP)
A Service Identity Provider (sIDP) is the source TRASAGATE uses to import and manage service profiles. Service profiles can be created directly within TRASAGATE or imported from cloud service providers such as AWS, Google Cloud Platform (GCP), or DigitalOcean.
Privilege
A Privilege defines the username or role that users employ to access a service. Privileges typically include roles, permissions, and policies managed by the respective server and service. Examples include:
root: A privilege commonly associated with Linux OS. For example, a user with the email _james@nepsec.com_ might log into a CentOS server using therootprivilege.Administrator: A privilege typically found in Windows systems. For instance, a user with the email _james@nepsec.com_ could access a Windows server using theAdministratorprivilege.
Access Proxy
The Access Proxy is a reverse proxy server that serves two primary functions:
- Managing access to your servers and services.
- Controlling and blocking unauthorized access.
TRASAGATE's Access Proxy currently supports protocols such as HTTPs, SSH, RDP, and Database.
Device Hygiene
Device Hygiene refers to the security status of the devices (workstations and mobile devices) that users employ to access servers and services.
Policy
A Policy is a set of rules and restrictions that direct TRASAGATE to either allow or block access to protected services.
Static Policy
A Static Policy is based on predefined criteria such as time, location, and the security status of device hygiene.
Dynamic Policy
A Dynamic Policy is based on real-time risk scoring provided by TRASAGATE's AI (available in the enterprise edition).
Adhoc Permission
Adhoc Permission enables administrators to grant explicit, on-the-fly permissions for accessing specific services.
Access Map
An Access Map defines how a user can access a service with certain privileges, guided by applicable policies. Before a user can access a service, the TRASAGATE administrator must assign the user to the service with the corresponding privileges and policies.
Vault
A Vault is a secure storage location within TRASAGATE where secrets are stored. TRASAGATE manages two types of secrets:
- Upstream Service Secrets: Passwords and keys for upstream services.
- Integration Keys: Secrets and keys for external services that TRASAGATE connects with during integration.
TsxVault
TsxVault is TRASAGATE's built-in vault used to store both Upstream Service Secrets and Integration Keys. While Integration Keys are always stored in TsxVault, Upstream Service Secrets can also be stored in external secret storage providers such as HashiCorp Vault, AWS KMS, or GCP KMS.
TRASAGATE_HOST
TRASAGATE_HOST refers to the hostname or IP address of the TRASAGATE server.
My Route
My Route includes dashboard pages and non-admin server APIs that are specific to a user's account and profile. Users with the selfUser privilege in TRASAGATE have access only to these pages and APIs.