Enable application discovery for CT Connectors

CT Connectors that are newly deployed and registered with an Xshied instance are not fully functional in the Xaccess private network. To make them actively route user traffic to the protected enterprise applications, you must enable Application Discovery on the Connectors. 

Application Discovery

Application Discovery for a Connector involves specifying the subnets and domains where the applications are hosted. This helps you use the Policy recommendations to the relevant Workload groups and Domain groups to build Xaccess policies for secure user access to the applications. CT Brokers route user traffic to the appropriate Connector by using the subnets and domains specified for the Connectors. 

• For instances that use hybrid Connector deployment (on-premises and AWS or Azure), you must specify the subnets and domains by the applications where the Connectors are hosted. This may need you to specify different sets of subnets and domains for the Connectors. 

• For instances that use on-premises only or cloud-only deployment where all Connectors enable access to a common set of applications, the subnets and domains are common for all the Connectors.

  You can also route user traffic through specific Connectors by spreading out the application subnets and domains across the Connectors.  

Add subnets and domains

Decide upon the subnets and domains that you want to add for a Connector.

1. Go to Xaccess > Connectors.

2. Click a Connector.

3. Click Edit in the fly panel.

4. Add the subnets and domains in the IP addresses & Subnets and the Domains text boxes. 

5. Click Save.

Enable connectivity to protected applications

In addition to specifying the application subnets and domains, you may also need to use platform-native capabilities to enable connectivity between the Connectors' network segments and the application subnets and domains. For example, through VPC peering for Connectors deployed on AWS.