0:00 So what are we doing for what are some of the innovations which we have done for the secure web gateway. 0:06 So we added something called as client less ZTNA. 0:10 So most corporations would have some kind of a partner, they would have partners and they would have contractors and they want to give these partners and contractors access to either some other private apps or some other SAS apps. 0:25 And these contractors or partners, they do not have their, their, their endpoints are completely BYOD. 0:33 They don't have a SASE client and they don't have any worse or specific sort or any sort corresponding to like say Acme corporation for which they are working for which they are providing some contract services. 0:43 So how do we provide this? 0:45 So we provide them access to Acme corporations, private apps, SAS apps. 0:51 And also if, for example, if this contractor or this partner is providing IT services to Acme corporation, we also provide this partner the capability to do RDP, VNC, SSH just from a browser. 1:07 The user does not have a SASE client. 1:09 The user does not have any kind of certificates installed on the on the on the on the laptops and they still able to do everything. 1:18 So I'll just go over a few things on this front. 1:23 So here is a contractor or a partner and he is working for Acme Corporation and he is trying to access. 1:31 So he basically the user. 1:33 So in this particular case the user goes to Acmed or myapps.versenow.net. 1:39 So this is the one FQDN which he remembers and to which he needs to type similar to what we do today like google.com or cnn.com or ESPN.com. 1:49 So he he may be at a hotel kiosk. 1:51 He's not even using his own laptop. 1:54 He's using some kind of a PC which is then the hotel lobby. 2:01 And he is he wants to go access applications which are part of Acme. 2:06 He can still do it and he can do it private apps as well as SAS app. 2:09 So when he does that, what happens is that the user is redirected for authentication to ENTRA or Azure AD if that is what they are using. 2:21 And once the user is successfully authenticated, the user is redirected back to the application reverse proxy. 2:33 And at that time the application reverse proxy which is which is which is what is the part of the Versa Cloud Gateways. 2:41 It looks up policies based on user group. 2:46 This partner belongs to which group? 2:48 What is it supposed to what applications is supposed to have access to? 2:54 And, and based on all of that, it'll show him a portal such as such as this one. 3:00 It'll say that this particular contractor or partner which doesn't have any SASE client, any certificate, he that person wants access to Acme corporations Office 365 instance or Salesforce or box or a private app or, or the user wants to VNC or SSHM and help somebody out. 3:20 OK. 3:21 And he's all he's doing all of this from hotel, hotel lobby. 3:25 And So what happens is that once he he's shown this portal, he clicks on them. 3:32 So he clicks on one of the apps like this one. 3:34 He clicks on this app here. 3:36 And when he clicks what happens that the browser based on the JavaScript which is installed will reach out to this particular FQDN which is my private app.acme.versanow.net. 3:48 And when the when that happens like now the traffic goes to the Versa reverse proxy and and then the Versa reverse proxy will definitely decrypt the traffic. 4:02 It'll it'll it'll decrypt the traffic and it'll go through all the DLP off file filtering and other security services based on the user and the group. 4:12 And then if everything is looking kosher, then the traffic will be re encrypted and sent towards the private app which is this one and this private app again, you know, this can be anything. 4:26 It can be as I said, it can be a web app or it can be even a VNC server or it can be accessage server or he wants to RDP into somebody's machine and that is all possible. 4:39 And so now what happens is that when the response comes back from the private app, so this is again encrypted. 4:45 So we do need to decrypt it here. 4:48 So we need to decrypt the traffic and then again we have to apply the user and group specific policies relating to DLPAV and file filtering and any other thing which they have configured. 5:01 And then if there are URL's which are part of the page which is getting downloaded then we need to modify the URL and now re encrypt the traffic and send this towards the contractor or the partner. 5:15 So this is what we do for private apps and we do the same thing for something like box. 5:21 So if the user again, if any clicks to box like such as this, what happens is that the JavaScript will again reach out to Acme dot, it'll reach out to Acme app dot box that works on our.net, which is not shown here. 5:40 And and then once it comes to the application reverse proxy, we would do the decryption and again apply user group specific policy for CASB, DLPAV, whatever the user wants now whatever the admin is configured. 5:56 And then we would re encrypt the traffic and send towards box. 5:59 When the response comes back from box again, we have to decrypt the traffic again, decrypt the traffic again, go through the entire policy enforcement, rewrite URL's because we always want the user to be brought back to the application reverse proxy. 6:16 So we do have to rewrite the URL and then send the traffic towards the partner. 6:21 So this is this is how we provide access to both private apps as well as SAS apps for for a partner or contractor who has no SASE client and no certificates installed. 6:34 So this is what like this is the other one was like the PowerPoint, but this is what the like the screenshot of a portal looks like for for a prospective customer who is who is who is who is trying to access certain apps. 6:52 So this is a portal which he sees like this particular user has access to box sales force, internal wiki, private apps and the user can also SSHRDP and VNC. 7:03 So this is one more thing like again the user goes to the browser and then he when once he clicks on this, he can SSH to any machine in the intranet and that between the VCG and the SSH server that can be NSD band network And so all of that happens automatically or or it can go to RDP server or a VNC server. 7:28 And then if at all the user again, I do want to in in emphasize that the user has no SASE client, no certificate. 7:36 But if he basically, if he tries to do something which is not authorized to do, like for example, download some file which has some sensitive content, he tries to upload a file, then we would we would always be able to send him a notification. 7:51 So this is again, something which is unique towards versus any other SSE vendor, program vendors. 7:58 So we will be always be able to notify the user and keep him informed what happened, why he's not able to access a certain resource or FQDN.