Bad Actors Can’t Attack What They Can’t Find

Intrinsic protection for your private networks and applications using multi-tenancy, cloaking, and network segmentation.

You Don’t Have to Sacrifice Safety For the Benefits of the Cloud.

Cloud services deliver unmatched scalability and save both time and money. But exposing your cloud assets to the public internet comes with security concerns (e.g., DDoS) that require hardening. An Cloud Connexa wide-area private network (WPC) is a better way to secure network connectivity and keep applications and services private.


A multi-pronged approach to protecting your network and enabling reliable connectivity

Our multi-tenant cloud-delivered service creates a dedicated worldwide private overlay network, with built-in security features, exclusively for your use.

  • No VPN Servers

    Block attacks on a specific customer or network by refusing inbound connections and using our multi-tenant service to reduce your attack surface.

  • Transfer DoS Risk

    Cloud Connexa, offered as a service, uses 30+ worldwide Points of Presence (PoP) for all incoming connections to protect your company from DoS and DDoS attacks.

  • Automatic Microsegmentation

    Cloud Connexa automatically microsegments to prevent lateral movement and restrict routes to authorized microsegments based on a connected entity’s authorized IP services.

  • Network Cloaking

    Domain-based routing, an OpenVPN exclusive, cloaks your private network IP address ranges from discovery by using domain names for routing.


ZTNA or Zero Trust Network Access is a network security model that operates on 3 core principles:

  • Always verify – Do not assume an entities identity
  • Least privilege – Give access to only the resources the user, device, or application should have
  • Assume breach – A proactive approach to network security that includes reducing the attack surface and isolating potential threats

Cloud Connexa allows Owners and Administrators to:

  • Use SSO Authentication with LDAP, and SAML to connect to their WPC.
  • Limit access to only specific resources by configuring access controls to select User Groups, Networks, or Hosts with Access Groups.
  • Provide access to applications using domain names instead of the network to reduce your attack surface — eliminating lateral movement to other network resources from potential threats.

Network lateral movement is a technique used by cybercriminals to move through a compromised network to search for additional vulnerabilities and data.

In network security, Micro-Segmentation is the practice of separating network subnets. This provides a reduced attack surface for potential threats and allows administrators to isolate and contain potential breaches.

Tenant means a customer. A service or equipment is called multi-tenant when the same equipment can serve multiple customers by logically separating them instead of using multiple instances of the same equipment and dedicating each instance to one customer. The servers in a Cloud Connexa PoP are shared by multiple customers/tenants and isolated by virtualization.

Domain-based routing is an OpenVPN feature that allows network administrators the ability to route traffic to different connected networks using FQDN (Fully Qualified Domain Names) assigned to applications hosted in those networks instead of using the network’s IP address subnet. To learn more about domain-based routing, read Cloud Connexa Launches Domain Routing Feature.

Cyber Shield content filtering is a feature of Domain Filtering that analyzes the domain names in DNS queries received from WPC clients only when domain filter monitoring is turned on. When Monitoring is active, Cyber Shield checks which content category each domain name being queried belongs in. If a domain name is matched to any of the 43 Cyber Shield Domain Filtering Categories that is configured to be blocked, the domain name is not resolved as expected and a “This site can’t be reached” page is displayed. Content can be blocked by chosing any of those categories or by using 1 of 3 domain filtering preset modes:

  • Basic
  • Safe Browsing
  • High Productivity

Cloaking hides the private IP address ranges of your network from discovery. Even after connection to Cloud Connexa, the IP address ranges of connected private networks are not pushed to the connected device as routes when exclusively using Application Domain Name routing.

Multi-tenancy allows high scalability, reduced setup time, and better cost-effectiveness than single-tenant solutions.

Cloud Connexa DIVE is an additional security control to enforce Least Privilege, by allowing Owners and Administrators to restrict user access to only trusted devices. This is accomplished by establishing a 1:1 relationship with a user’s connection Profile and the device’s UUID - restricting profile re-use from an unregistered Device.

If you have not already done so:

  1. Create your Wide-area Private Cloud based on your use case:
    1. Remote Access
    2. Site-to-Site
    3. Restricted Internet Access
  2. Define your trusted Applications and IP Services
  3. Define trusted Users and Devices. To learn how to activate Device Enforcement, read our User Guide - Device Identity Verification & Enforcement (DIVE).
  4. Define Access Policies
  5. Shield against cyber threats

Yes, your users must have the OpenVPN client running the minimum client version for their Operating System to enable Device Enforcement.


Minimum Client Version

Windows OpenVPN Connect 3.3.7
Mac OS OpenVPN Connect 3.4.2
Linux OpenVPN3 v19_beta
Android OpenVPN Connect 3.3.2
iOS OpenVPN Connect 3.3.3

The following are the minimum client versions to enable Device Enforcement for users within their respective WPC:


Minimum Client Version

Windows OpenVPN Connect 3.3.7
Mac OS OpenVPN Connect 3.4.2
Linux OpenVPN3 v19_beta
Android OpenVPN Connect 3.3.2
iOS OpenVPN Connect 3.3.3

Get Started for Free

Cloud Connexa comes with three free connections, no credit card required.