Skip to content

Enclave Documentation


Enclave connects all of your computers, servers, cloud instances and containers across any infrastructure with secure private networks regardless of where they are. Whether you're working in a multi-cloud, remote access or third party integration scenario, Enclave gives you predictable private connectivity that just works.

Getting Started Guide →

What is Enclave?

It's like a VPN, but without the VPN server. Enclave networks are built on strict policy controls where knowledge of participating systems is provided on a need-to-know basis. All network members must successfully authenticate using digital certificates and connections can only be established with supporting policy.

VPN Enclave
Serverless VPN Server
Hub and spoke architecture
Peers connect directly using UDP/TCP hole punching
On-demand connectivity Always on
Tunnel is either on or off
Tunnels are per-peer, and don't need to be always on
Unreachable network Discoverable
VPN servers require open ports
(e.g. udp/500, tcp/443, udp/1194)
Outbound only traffic. No open ports or ingress
traffic, firewalls can be completely closed
Dynamic IP tolerant Site-to-site VPNs require ACLs to isolate
Client-to-site requires advanced IP knowledge to isolate
Works with dynamic IPs
You don't care where the other side is ahead of time
Low-ops Complex deployment
Segmenting is hard, configuration is complex
Low-ops deployment
Works on the network you've already got, no changes
Static IP address ❌ DHCP
Reservations for static IP
Static IP
Private static IP addresses "out of the box"
DNS Run your own DNS server
No native support for DNS
DNS built-in, no servers required
Precision access Allows lateral movement
VPN places hosts directly onto the network
Zero Trust Network Access
Lateral movement prohibited, reduced attack surface

By default all systems are dark to the public Internet, behind closed firewalls with no knowledge of one other and no ability to communicate. Once policy is defined, members are introduced and must mutually authenticate using digital certificates. If successful, access is granted.

If you're new to Enclave, check out our Getting Started Guide to help get you up and running in a few minutes. If you have questions or get stuck, our Slack community has the answers.

If you want to understand how Enclave provides this connectivity, check out our How it works page.

Supported Platforms

We support most major operating systems and CPU architectures.

Platform Architecture Status
Linux x64, arm, arm64 ✅ Supported
Windows x64 ✅ Supported
MacOS x64, arm64 ✅ Supported
iOS x64, arm64 ✅ Supported
Android x64, arm64 ✅ Supported

Other resources

Stay in touch


We're building a community space for Engineers, Developers, Architects, Security Professionals, DevOps Practitioners and Hobbyists using Enclave to ask questions, get help from the team and interact with each other. Come and join us!

Join our Slack Community