BastionXP is a Public Key Infrastructure (PKI) / Certificate Authority (CA) that creates, signs and distributes SSH, SSL/TLS X.509 certificates to servers and end users upon successful SSO login and 2FA authentication via OAuth providers such as GitHub, G-Suite, Microsoft Office 365, Okta and more.

BastionXP automates certificate management at scale, while simplifying your end-user workflow without compromising security.

BastionXP also has a built-in SSH proxy server that can be configured to function as an SSH bastion host. BastionXP works seamlessly with OpenSSH server and client software.

BastionXP offers Zero Trust Network Access(ZTNA) Security. All servers and end-users are required to authenticate with the BastionXP Authentication Server using an SSO and 2FA login, before access to the network can be granted.

BastionXP issues short-lived SSH, TLS/SSL X.509 certificates to end-users so that no user would have an indefinite access to any network resource. Moreover, these certificates, issued to a specific user based on Role Based Access Control(RBAC) can be used to access only a specific server(s) in the network. BastionXP provides you fine-grained control over who can access what resources in a network and for how long.

All network access events are logged and available for download, so that the logs can be analyzed using a log analyzer for anamoly detection.

BastionXP solution is available in three different formats:

Twingate is a secure remote access solution for an organization’s private applications, data, and environments, whether they are on-premise or in the cloud. Built to make the lives of DevOps teams, IT/infrastructure teams, and end users easier, it replaces outdated business VPNs which were not built to handle a world in which "work from anywhere" and cloud-based assets are increasingly the norm.