Welcome¶
Enclave is a Zero Trust Network Access (ZTNA) platform that replaces traditional VPNs. It connects users, devices and workloads across your customer sites without open firewall ports, on-site hardware, or changes to existing infrastructure.
Why Enclave?¶
Traditional VPNs require servers, open ports, and careful network configuration at every customer site. That means site visits, firewall changes, and ongoing maintenance - multiplied across your entire customer base.
Enclave works differently. Systems connect directly to each other using encrypted peer-to-peer tunnels, established over the network your customers already have. There is no central server to deploy or maintain, no ports to open, and no infrastructure to change. You define who can talk to whom through policy, and Enclave handles the rest.
What is Enclave?¶
The core technology difference that sets Enclave apart is that it's a mesh network where devices talk directly to one another; different from the client-server model of VPN servers where machines talk to each other through the VPN server or concentrator.
Enclave moves connectivity to a mesh network and builds centralised management around it, which means the network now follows the shape of the business, which is a big distinction because the old model creates lots of management overhead, whereas the new model removes it.
Every connection is mutually authenticated, end-to-end encrypted, and established on a strictly need-to-know basis. Systems are invisible to each other until policy explicitly permits communication - there is no lateral movement and no exposed attack surface.
| VPN | Enclave | |
|---|---|---|
| Deployment | ❌ VPN server required Hardware or software at every site |
✅ No infrastructure Works over the network you've already got |
| Firewall changes | ❌ Open ports required (e.g. udp/500, tcp/443, udp/1194) |
✅ No open ports Outbound only. Firewalls stay closed |
| Multi-site management | ❌ Per-site configuration Each site needs its own VPN setup and maintenance |
✅ Managed centrally Policy-driven, no per-site configuration |
| Security | ❌ Allows lateral movement VPN places hosts directly onto the network |
✅ Zero Trust No lateral movement, reduced attack surface |
| Connectivity | ❌ Always on, hub and spoke All traffic routes through a central server |
✅ Direct, on-demand Peer-to-peer tunnels between systems, no backhauling |
| IP management | ❌ DHCP and reservations Static IPs require manual configuration |
✅ Static IPs built-in Private, static IP addresses out of the box |
| DNS | ❌ Bring your own DNS No native support |
✅ DNS built-in No nameservers required |
| Dynamic environments | ❌ Site-to-site requires ACLs Complex isolation for dynamic IPs |
✅ Works with dynamic IPs No need to know where the other side is ahead of time |
Get Started¶
New to Enclave? The Getting Started Guide walks you through your first deployment. To understand how Enclave establishes and secures connections, see How it works. If you're interested in offering Enclave to your customers, see the Partner Programme and Onboarding pages.
Supported Platforms¶
Enclave runs on most major operating systems and CPU architectures.
| Platform | Architecture | Status |
|---|---|---|
| Linux | x64, arm, arm64 | ✅ Supported |
| Windows | x64, arm64, x86 | ✅ Supported |
| macOS | x64, arm64 | ✅ Supported |
| iOS | x64, arm64 | ✅ Supported |
| Android | x64, arm64 | ✅ Supported |