Enclave Documentation¶
Welcome¶
Enclave connects all of your computers, servers, cloud instances and containers across any infrastructure with secure private networks regardless of where they are. Whether you're working in a multi-cloud, remote access or third party integration scenario, Enclave gives you predictable private connectivity that just works.
What is Enclave?¶
It's like a VPN, but without the VPN server. Enclave networks are built on strict policy controls where knowledge of participating systems is provided on a need-to-know basis. All network members must successfully authenticate using digital certificates and connections can only be established with supporting policy.
| VPN | Enclave | |
|---|---|---|
| Serverless | ❌ VPN Server Hub and spoke architecture |
✅ Serverless Peers connect directly using UDP/TCP hole punching |
| On-demand connectivity | ❌ Always on Tunnel is either on or off |
✅ On-demand Tunnels are per-peer, and don't need to be always on |
| Unreachable network | ❌ Discoverable VPN servers require open ports (e.g. udp/500, tcp/443, udp/1194) |
✅ Unreachable Outbound only traffic. No open ports or ingress traffic, firewalls can be completely closed |
| Dynamic IP tolerant | ❌ Site-to-site VPNs require ACLs to isolate Client-to-site requires advanced IP knowledge to isolate |
✅ Works with dynamic IPs You don't care where the other side is ahead of time |
| Low-ops | ❌ Complex deployment Segmenting is hard, configuration is complex |
✅ Low-ops deployment Works on the network you've already got, no changes |
| Static IP address | ❌ DHCP Reservations for static IP |
✅ Static IP Private static IP addresses "out of the box" |
| DNS | ❌ Run your own DNS server No native support for DNS |
✅ DNS DNS built-in, no servers required |
| Precision access | ❌ Allows lateral movement VPN places hosts directly onto the network |
✅ Zero Trust Network Access Lateral movement prohibited, reduced attack surface |
By default all systems are dark to the public Internet, behind closed firewalls with no knowledge of one other and no ability to communicate. Once policy is defined, members are introduced and must mutually authenticate using digital certificates. If successful, access is granted.
If you're new to Enclave, check out our Getting Started Guide to help get you up and running in a few minutes. If you have questions or get stuck, our Slack community has the answers.
If you want to understand how Enclave provides this connectivity, check out our How it works page.
Supported Platforms¶
We support most major operating systems and CPU architectures.
| Platform | Architecture | Status |
|---|---|---|
| Linux | x64, arm, arm64 | ✅ Supported |
| Windows | x64 | ✅ Supported |
| MacOS | x64, arm64 | ✅ Supported |
| iOS | x64, arm64 | ✅ Supported |
| Android | x64, arm64 | ✅ Supported |
Other resources¶
- Enclave developer community forum: https://community.enclave.io/
- Enclave platform status: https://status.enclave.io/
Stay in touch¶
Slack¶
We're building a community space for Engineers, Developers, Architects, Security Professionals, DevOps Practitioners and Hobbyists using Enclave to ask questions, get help from the team and interact with each other. Come and join us!