Antikor - ZTSA (Zero Trust Service Access)

General Overview

Antikor ZTSA is a browser-based Zero Trust Service Access (ZTSA) platform developed as an alternative to traditional VPNs. It provides high-security and low-risk connections by transmitting only user interactions (screen and mouse movements) without giving users direct access to services.

What is Zero Trust Service Access (ZTSA)?

ZTSA (Zero Trust Service Access) is an access security model based on the “Zero Trust” approach. In this model, no user or device in the network is trusted by default. Each access request is allowed only after authentication and authorization filtering. In short, it follows the principle of “Never trust, always verify.”

Product Architecture

It is offered to the market as a Virtual Appliance (VMWare ESXi / vSphere, Microsoft Hyper-V, Proxmox, KVM-based hypervisors) and is fully compatible with all firewalls. It provides remote access to internal systems with a completely new approach. Unlike traditional VPNs, it does not allow users to connect directly to the server, thus reducing security vulnerabilities to zero.

ztsa2

Antikor ZTSA fully meets the following regulatory requirements:

  • “Keeping connection logs” (ZTSA Access Log)
  • and more importantly, “Creating user activity trace records” (ZTSA Video and Text Session Logs)

As stated in the CBDDO Information and Communication Security Guide:

  • Article B.10.4 – Remote Access section clearly states that authentication and access logs must be kept for remote access:
    “Logs of remote access connections must be kept and monitored.”

  • Article B.3.6 – Trace Records and Event Management section:
    “Access to systems, user activities, and security events must be logged and regularly reviewed.”

As stated in the CBDDO Audit Guide:

  • It is stated that, within the scope of auditing, access controls and records must be audited based on asset groups. Access methods such as SSH/RDP are especially evaluated within the “servers” and “user systems” asset groups.
  • Furthermore, in Annex-F: Control Effectiveness Status, maintaining trace records is listed as an audit subject.

Supported Services

  • Configuration-free, Agentless Web Proxy (http / https)
  • RDP (Remote Desktop Protocol)
    • Secure File Sharing
    • Audio, Clipboard, and Printer Sharing
    • Ability to define Initial Program
  • SSH - Secure Shell
    • Password & Public Key Authentication
  • Screen Sharing with Remote Control Capability
  • VNC (Virtual Network Computing)
  • K8s & Kubernetes Console
  • Telnet
  • Remote Web Browsing (Browse the Internet remotely and securely)
  • Safebrowsing / Web Sandbox (Open the browser in an isolated environment, inspect safely)
  • Screen Sharing (Remote Control Access via Link)
  • Proxy Access via Agent (Windows, Mac OS, Linux Supported)
  • File Browser (Access Files via FTP, SMB Protocols)
  • Wake on LAN Support
  • Join Active Session: Screen Monitoring / Management (Multiple users)

Access Control Features

  • Service, Group, User, and Role-based Access Control
  • Access Expiration Date Control
  • Access Permission for Specific Days
  • Access Permission for Specific Hours
  • Additional Approval (Sponsored) Connection Security
    • The OTP is sent to an authorized user, and the connection is established upon approval

Security Features

  • Encrypted Credential Storage
  • Secure File Exchange
    • ACL-based, Antivirus Scan Support
    • Optional Sandbox API Integration
  • Client - RDP Drive Share Isolation
  • RDP and VNC Session Recording
    • Screen Video Recording
    • Text-based Session Recording for SSH, Telnet, K8s
  • Encrypted Credential Storage
    • Session Start and End Logs

Integration Features

  • SIEM / Syslog Integration
    • CEF, JSON Formats
  • Audit Log Integration
  • External Sandbox Integration
  • External Antivirus Integration

Authentication Methods

  • Local User
  • Single Sign-On
    • SAML 2.0
    • OAuth 2.0
    • OpenID Connect
  • RADIUS - MFA and Challenge Supported
  • LDAP / Active Directory
  • MFA - Multi-Factor Authentication (OTP, TOTP)

Management Interface Features

  • HTML5 Responsive Web Interface
  • Event Notification Infrastructure
    • SMS, E-mail, Browser Notification, Webhook
  • Access Logging
  • User-specific Favorite Services
  • Permission-based Configuration Override
  • Light / Dark Mode Support
  • Grid / List View Support
  • Service Grouping Support
  • Access Request Management Module
  • Quick Search Module
  • Reporting Module
  • Authorization Management

Scalability

Antikor zetAccess is designed to be compatible with modern container orchestration architectures such as Kubernetes and Docker Swarm. Thus, the system can automatically scale horizontally even under heavy user load.

Depending on the resources provided by the infrastructure, the system can manage and connect thousands of users simultaneously without interruption. Since it can integrate with existing virtualization, Kubernetes, or Docker Swarm infrastructures, no additional hardware investment is required.

For High Availability, both authentication services and the services provided to users are managed with load balancing and failover mechanisms. This ensures service continuity.

Key Advantages

  • High Security & Zero Trust Architecture: Users are not given direct access to systems. Only screen images and input interactions are transmitted, minimizing the attack surface.
  • Browser-based Access & Agentless Use: No software or agent installation is required on the user side. Access RDP, SSH, VNC, Telnet, and more instantly with just a web browser.
  • Secure VPN-free Alternative: Antikor ZTSA is a more secure and easier-to-manage alternative to VPNs. Optionally, it can connect via its own Agent.
  • Advanced Authentication & SSO Support: Integrates with existing enterprise user accounts: Secure, one-click login via SAML 2.0, OAuth 2.0, and OpenID Connect.
  • Resource-based Authorization: Each user can only see and access authorized systems. Access control is centrally managed.
  • Logging and Audit Mechanism: All sessions are monitored and auditable. Login/logout, access records, and system behaviors can be analyzed retrospectively.
  • Fast Deployment, Easy Management: Deploy within minutes and manage all access centrally. Provides significant operational convenience for IT teams.
  • Flexible Integration: Easily integrates with different data centers, identity providers, and security solutions. No need to change your existing infrastructure.
  • Ideal for Remote Work: Provides secure, limited, and auditable access for remote employees, ensuring location-independent work.

Example Use Case

Secure, Agentless, and Auditable Access from Outside the Campus

Scenario: In a university or an affiliated hospital, applications such as Web of Science, Scopus, YÖK Thesis, and EBYS are only accessible from within the campus network. However, access needs extend beyond the campus.

For Academics — Secure and Agentless Access

  • Secure remote access to academic resources (TRDizin, Scopus, etc.)
  • Single-click login with corporate SSO
  • No additional password or installation required
  • Reduced IT support and improved user experience

RDP Access for External Companies

  • External support access is provided without VPN
  • Access is granted only to the relevant system
  • Browser-based, secure, and auditable

SSH and Web Access to Network Devices (Switch, AP, Firewall)

  • Access defined only for authorized devices
  • Access to SSH and Web interfaces via browser
  • Logged, secure, and restricted connections
  • No direct connection to devices — attack surface is eliminated