Page tree
Skip to end of metadata
Go to start of metadata

This is an illustration of the Nexus Hybrid Access Gateway architecture with port numbers that are used for traffic between the services.

For a list of all port numbers, see Default ports in Hybrid Access Gateway.

HAG architecture overview

Hybrid Access Gateway system components:

  • Access point
    The access point is the gatekeeper for all resource and access requests. It interacts with the policy service to validate queries and authorize access. You can set up several access points, to handle situations with large numbers of access requests (load balancing). The access point functionality can be divided into web access and access via the Access Client.
  • Administration service
    Hybrid Access Gateway is a complete network of services, with the administration service as the natural connecting point, or hub. The administrator manages all administration and configuration of Hybrid Access Gateway on the administration service through the Hybrid Access Gateway administration interface.
  • Policy service
    The policy service makes access decisions, authenticates, audits, and validates certificates as well as digital signatures. The policy service makes the access decisions depending on access policies.
  • Authentication service
    The authentication service handles authentication of users accessing resources. The authentication service supports several authentication methods.
  • Distribution service
    With the Distribution service, soft tokens can be distributed to users in a effective way and when tokens are distributed they can be bound to a user by seed provisioning.
  • Internal database
    Hybrid Access Gateway user accounts and credentials for authorization and authentication are stored in the internal database, a PostgreSQL database bundled with Hybrid Access Gateway. The internal database can be exchanged for an external database (see Hybrid Access Gateway requirements and interoperability for a list of supported databases).

Communicates with Hybrid Access Gateway:

  • User
    A user is a known registered identity that is unique in Hybrid Access Gateway. A user can request access to a resource or get a ticket (SAML) for access to other systems. The user can access resources through the Hybrid Access Gateway application portal.
  • System administrator
    The system administrator communicates with Hybrid Access Gateway through the Hybrid Access Gateway administration interface.
  • Resources
    In Hybrid Access Gateway, you register applications, folders, files, and URLs – everything users need remote access to – as web resources (web enabled applications), tunnel resources (client-server applications that are not web enabled) or customized resources.