Zero-Trust Overlay Network
Agent based architecture. Devices talk directly to one another coordinated by centralised policy-based management.
Direct connections between cooperating systems are established using outbound-only traffic and a combination of device and user identity, UDP & TCP hole punching and NAT traversal techniques together create fast, end-to-end encrypted tunnels between connected systems from behind closed firewalls.
Some NAT configurations prevent the direct connection establishment, in such cases traffic relays are used to ensure a connection can be made.