title: Antikor Multi Zone SSO SSLVPN Gateway
—
Antikor Multi-Zone SSO SSLVPN Gateway System
General Overview
The Antikor Multi-Zone SSO SSLVPN Gateway System is a solution that allows organizations to collect information or provide services over the internet through secure connections instead of directly exposing public systems.
With this system, external users (e.g., customers, partners, or contractors) can securely and authorizedly access specific digital systems of the organization. Services that would be risky to expose directly to the internet are delivered securely through an encrypted tunnel.
The system also supports Single Sign-On (SSO), allowing users to access different systems without having to log in multiple times. This improves both user experience and security.
The “Multi-Zone” architecture enables the system to be divided into segments tailored to different security levels and user groups. This provides organizations with flexibility and scalability—meaning the system can grow easily to serve more users as needs increase.
In summary, the Antikor Multi-Zone SSO SSLVPN Gateway System is a platform that combines security, flexibility, and ease of use to enable organizations to securely expose their digital services to the external world.
Authentication via SAML, OpenID Connect, or OAuth 2.0 is supported thanks to SSO capability. In environments without an Identity Provider (IdP), local user, LDAP, and RADIUS-based authentication methods are also supported.
Dynamic Authorization
Thanks to Dynamic Authorization capability, when users log in, the system fetches access permissions live through an external API based on the IP addresses received from your organization’s authorization services. In short, it dynamically retrieves which user can access which IPs and updates its configuration without causing any service interruption.
Agent Application
The SSL VPN agent, which users install on their devices, is supported on Windows, Linux, macOS, Android, and iOS platforms. The Agent Version Management feature enables automatic upgrades to new versions if one is published on the update server. The agent does not require administrative privileges to establish a VPN connection.
Users can be grouped into zones (Multi-Zone) and access authorization can be defined accordingly.
Integration Capability
The system is open to additional integrations. For instance, it can notify an internal server during login or logout processes.
Scalability
Designed for modern container orchestration frameworks such as Kubernetes and Docker Swarm, the system supports horizontal auto-scaling under high load.
It can manage up to 1,000,000 concurrent VPN connections depending on the underlying server infrastructure.
Since it utilizes the organization’s existing virtualization, Kubernetes, or Docker Swarm infrastructure, no hardware investment is required.
For high availability, both authentication and SSL VPN services are managed via Load Balancing and Failover mechanisms.
Security Features
- Thanks to SSO support, users can securely log in without their passwords or personal data ever reaching the system.
- All access is encrypted via TLS 1.3.
- Data transferred by users is encrypted using AES, AES-GCM, or AES-CCM algorithms with low latency.
- The VPN layer supports both TCP and UDP encapsulation, ensuring full compatibility with all firewalls.
- All system components are monitored, and alerts are sent via email in case of excessive resource usage, reboot, or inaccessibility.
- VPN access is completely disabled for users who have not logged in, and automatic countermeasures are taken against cyberattacks like port scanning.
- SNMP v2/v3 support is available for integration with your organization’s monitoring systems.
System Advantages
- Uses the organization’s existing identity provider with SSO.
- Allows integration of additional security policies like MFA and device verification.
- Provides centralized logging and access control.
- Major advantage: external entities can be included without asset registration (as required by some regulations).
- No hardware installation or device provisioning is required; users can install the agent and connect from anywhere.
- Internet access outside of granted permissions is routed through users’ own internet connections, preventing unnecessary traffic to the organization.
- The agent does not require admin privileges for VPN connection.
- High-availability architecture ensures automatic failover without service interruption.
- Optimized for high user count with minimal Disk I/O usage.
- Offers advanced troubleshooting tools (e.g., authorized IP control, speed test, error report submission).
Example Use Case
Public Institution Access
Public institutions can securely collect information and provide services from/to private sector entities without exposing their systems directly to the internet.
Example: Turkish Ministry of Health
The Turkish Ministry of Health uses the Antikor Multi-Zone SSO SSLVPN Gateway System to provide secure access to ministry servers for family physicians and healthcare personnel. The system supports up to 60,000 simultaneous users.
A key benefit is that each physician and their team can only access the ministry servers installed by their contracted Family Medicine Information System (AHBS) vendor.
