Architecture

Twingate provides secure access to private resources for distributed workforces using a Zero Trust Networking model.

What is Zero Trust Networking?

“Zero trust” networking is a network access model that is based on the core principle that the network and the users that want to connect to private Resources on it are assumed to be untrusted (hence “zero trust”). To ensure security, this dictates that every attempt to access a private resource must be checked and verified to ensure that the user is who they claim to be (authentication), and is authorized to access what they are trying to access (authorization).

Hence a Zero Trust Network does not distinguish, from a trust perspective, between a public network like the internet, and a private network like a company network, even if a user is directly connected to that network.

-> Learn more about Twingate’s approach

Twingate vs. VPNs

Are you looking to understand the differences between Twingate and VPNs for securing access to your private applications and resources? The overview documents below provide a detailed breakdown of how Twingate compares to other common technologies for remote access.

-> Twingate vs. VPNs

-> Twingate vs. Mesh VPNs

How Twingate Works

Twingate relies on four components: the Controller, Clients, Connectors and our Relay infrastructure. Together, these components ensure that only authenticated users are able to access the Resources that they have been authorized to access. Visit the following resources to understand more about how Twingate works:

Architecture

We described the thought process and philosophy behind our product’s architecture in our Architecting Network Connectivity for a Zero Trust Future blog post.
Our detailed How Twingate Works describes the Twingate architecture in detail, including how components securely communicate with one another.

Managing Twingate

If you’re looking for guidance on how to deploy, management, and maintain Twingate, links to the primary documentation sections are available below.

-> Connectors

-> Resources

-> Users & Groups

-> Policies

-> Devices

How DNS Works with Twingate

Part of the magic of using Twingate is how we transparently interact with DNS via the Twingate Client. Because this approach is unique to our product, we’ve created a guide to explain how this works and what the beneficial implications are for your users. Learn how users can access private DNS addresses without having access to the private DNS resolver in the document below.

-> Learn How DNS Works with Twingate

Peer-to-Peer Communication

By default Twingate allows Users to establish peer-to-peer connections with protected Resources, without requiring any open inbound port. It is available to all Twingate customers and does not require any additional deployment for existing customers and is completely transparent to end users and administrators.

-> Learn more about Peer-to-peer communication with Twingate

Last updated 2 months ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Understanding Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance