FAQ for macmon SDP
Before contacting our technical or product support, please go through our FAQ—answers to the frequently asked questions.
If you are unable to find an answer to your question, we will be happy to help you. You can contact us by calling +49 30 2325777-0 or by sending an e-mail or by using our contact form.
You can find additional technical information in the macmon service portal under KnowledgeBase.
What are resources and how are they defined?
Resources can be anything. Protection is provided either by connecting to the resources through a gateway (local or also in the cloud) or by high-level single sign-on authentication via SAML or OpenID. Individual applications can be assigned to users and devices within the policies, as well as e.g. network areas, individual IPs, specific protocols / ports, etc.
What is the difference in the login between SDP and VPN?
The login process for SDP and VPN does not differ fundamentally for the user. There is an agent to which the user must authenticate. However, the macmon SDP agent not only checks the user identity, but also the identity and security status of the endpoint. This information is then transmitted to the controller and checked. Complementing this, the GUI of the SDP agent offers more convenience than a VPN solution with the display of available resources in the form of applications and links.
Why is SDP more performant than VPN?
Beneath IPSec, we offer WireGuard as the latest VPN technology and combine this with a self-developed control of who and what is allowed to use the tunnel. This allows us to operate with considerably less "legacy". Furthermore, we can significantly shorten the path, especially for connecting resources in private clouds, and eliminate the connection detour via the local infrastructure. So the advantage here is primarily the more direct connection without any possible bottlenecks due to limited local bandwidths.
What are the advantages of the individual connections compared to a classic tunnel connection?
Reducing the connection options to exactly those resources that each individual user needs for his or her work also reduces the attack surface for an attacker. If, for example, someone " hijacks" a laptop and the access data of an employee and thus establishes a connection to the company, this attacker cannot immediately access the entire network. The protection is further increased by the extended reduction to certain ports. An attacker could for example only connect to the CRM via the website (https), but not additionally check the underlying server for security gaps with a PortScan in order to take it over and thus gain further access to the network. Viruses, worms and Trojans also like to distribute themselves independently in a network. However, if the other clients and also the servers are not accessible at all, but only the websites of the respective applications, malware cannot spread so easily. This measure falls under the term microsegmentation.
Isn't the functionality of macmon SDP too complicated and thus vulnerable to errors?
macmon secure is a trusted manufacturer for network security. As with our NAC solution, we have focused on simple handling and use. Especially by offering it as a cloud service, administrators are relieved of a lot of effort and commissioning is easier and faster than with any classic VPN solution.
Can macmon SDP be operated with different operating systems?
The macmon SDP agent is a "cross-platform solution" and can be operated on endpoints with the operating systems Windows, mac OS, Linux, Android and iOS. Basically, the agent works "transparently", communicates with the cloud controller and provides the secure connection channels after successful authentication.
Is one login enough for everything (local, public, private)?
One login is enough to connect to all tunnels - i.e., to local resources and to resources in private clouds. Resources in public clouds require the use of single sign-on technology, which currently requires a separate (one time) login in the browser.
How long will the implementation of macmon SDP take?
There are several different strategies for implementation in order to benefit from the added values as quickly as possible. For example, in the first step, the existing VPN solution can simply be replaced - this usually only requires a few rules, distributing the agents and implementing the gateway. Since parallel operation with a classic VPN is also no problem, migration can be very smooth. Overall, a migration can be completed in just a few hours, plus agent distribution. Based on this, resources can then be added step by step.
How does macmon SDP operate in a distributed IT infrastructure with many sites and respectively distributed resources?
This is one of the biggest advantages of the cloud-based SDP solution. For example, it is possible to start with one gateway if the resources are already available internally. Additional gateways can then be added per site with IT resources in operation to increase availability and reduce traffic. Cloud-based resources and applications are directly accessible via macmon's own cloud gateways, so that no effort is required on the part of the customer here.
Does a full Public Key Infrastructure (PKI) need to be set up and rolled out for SDP?
The agents already have build-in authentication, which precisely checks the identity of the endpoint. Transparent encrypted communication based on shared secrets that change for each connection is used for the connections to the gateways - a separate PKI is therefore not required.
Is the SDP controller also multi-tenant in the cloud?
Yes, our approach is multi-client capable. So you can operate clients or customers without them having mutual insight into their data, user management, etc.
Where are the policies set?
Policies are set individually in the SDP controller at the user and device level.
Can the local macmon SDP gateway also be installed on physical hardware?
The gateway is offered as an OVF (Open Virtualization Format) virtual appliance. However, a Debian package is also available, which can be installed on dedicated hardware with a pre-installed Debian Linux. The configuration steps are then of course a bit more, because we can't do them in advance, as we do with the virtual appliance. However, we can of course provide support during implementation.
Is the traffic via Cloud SDP Gateway unlimited?
Is macmon SDP a separate product (even without NAC)?
Both products can be used and operated completely independently of each other. In the future, there will be various integrations, but no further details can be communicated yet.
Does macmon SDP exist in the MSP model?
macmon SDP is available in the MSP model. In fact, macmon SDP was planned primarily as a service, where we as the vendor provide the infrastructure, but Managed Service Providers provide the services such as maintenance and administration. The extensive multi-client capability allows granular control of who gets access and can provide the corresponding configurations - and thus also the MSP.
Where can I purchase macmon SDP?
macmon SDP is only distributed indirectly worldwide. This means that the solution is not purchased directly from macmon secure GmbH, but via one of our partners, who also provide support in testing, licensing and implementation. For partners, the purchase is made through our distribution.
How can I test macmon?
You have several options to get more detailed information about macmon. Here you can start a test request. Our employees will get back to you as soon as possible with a demo version without obligation.
Where can I read more about macmon SDP?
For more information about macmon SDP and how it works, we recommend our product pages or our datasheet.