# Agilicus vs BeyondTrust Privileged Remote Access # Identity Aware Proxy vs. Jump Box Architect BeyondTrust Privileged Remote Access Provides users with access to shared resources utilizing a Jump box / gateway Architecture . Agilicus eliminates the need for the intermediate "hop" and connects the user to resources directly. Discover why an identity aware proxy beats a jump box / gateway architecture for secure remote access. [TRY NOW](/l/no-cost-trial/) [BOOK A MEETING](https://www.agilicus.com/book-calendar-meeting/) ## The Fundamental Difference The choice between Agilicus and BeyondTrust Privileged Remote Access is a choice between a complete identity aware proxy Zero Trust Platform and a platform connecting users to a "jump box" to access shared resources. ![icon-authentication](https://www.agilicus.com/www/d82985c0-authentication.svg) ### Agilicus Agilicus uses an identity-aware proxy. There is no "middle-man" and the connection is made outbound from the resource, keeping the resource and network invisible to the public internet. ![icon-server](https://www.agilicus.com/www/fc8d0a94-icon-server.svg.svg) ### BeyondTrust Privileged Remote Access BeyondTrust Privileged Remote Access generally relies on a "jump box" or "hardened appliance" (virtual or physical) that sits in the DMZ. It brokers connections by "proxying" protocols like RDP and SSH. #### Identity Model Comparison **Agilicus** Identity Aware Proxy → Direct connection between user and resource **BeyondTrust Privileged Remote Access** Jump Box Architecture → Jump connection(s) between user and resource BeyondTrust Privileged Remote Access **jump box model** requires an appliance or gateway with a public IP address that sits in your DMZ, for users to connect, often requiring inbound rules (Port 443) from the internet. This creates a visible target for attackers and requires you to manage complex firewall rules to allow traffic in. **Agilicus AnyX is an Identity-Aware Proxy** which uses an outbound-only connection, where a lightweight connector operates through an outbound only connection to the Agilicus cloud. This makes your internal resources invisible to the public internet, eliminates the need for any inbound firewall ports, and ensures that a user’s identity is authenticated and authorized before reaching the shared resource. Agilicus AnyX is a complete Zero Trust Network Access platform, comprising authentication, authorization, audit, access. One of AnyX’ core features is the ability to remotely use a remote graphical environment, via both Remote Desktop Protocol, and VNC. These are available via a browser, or via a native client, and incorporate Agilicus’ trademark simple, seamless, single-sign-on via your existing identity providers, for your staff, your partners, with optional multi-factor authentication. ## Why Modern Teams Choose Agilicus Compare capabilities side-by-side. Feature **Agilicus AnyX** **BeyondTrust Privileged Remote Access** #### ****Architectural Approach**** **Cloud-Native Zero Trust:** Identity-aware proxy; resources are invisible to the internet. **Gateway-Based:** Relies on jump boxes or hardened appliances (virtual/physical) in the DMZ. #### ****Network Model**** **Proxy Based** Direct connection of user to resource Operates with outbound-only connection, eliminating the need for publicly accessible IP address Gateway / Broker Jumpbox connection from user to resource Must have publicly accessible IP to connect. Exposing resources to the public internet. #### ****Lateral Movement**** User is connected only to the specific application, not the network, eliminating the risk of lateral movement Once a user hits the gateway, they are effectively "inside" the DMZ/Network. #### ****IP Exposure**** **Hidden** No public IP or DNS entry is needed for your internal resources. **Exposed** The BeyondTrust Appliance must have a **publicly accessible IP/URL** #### ****User Experience**** **Seamless** Users use native browsers or desktop tools (RDP/SSH) to connect directly to the resource. **Clunky** Often feels like "Remote Desktop inside a browser" or requires a specific console. #### ****Deployment**** Lightweight Agilicus connector. No firewall rules or network changes needed. Often requires complex appliance setup, firewall configurations, and "Jump Box" architecture. ![icon-world](https://www.agilicus.com/www/9b679333-icon-world.svg.svg) #### **Clientless Universal Access** Access all resources from any device with a web browser. - Equal security across all devices accessing resources - Enable BYOD while maintaining security - Easy Access to all authorized resources in one tile-based web launcher ![icon-padlock](https://www.agilicus.com/www/c1324345-icon-padlock.svg.svg) #### ****Granular Authorization**** Granular authorization and permission levels on a per resource level. - Enforce read vs write permission levels per user - Enable specific users to perform specific tasks on a resource - Native resource request workflow for task based permissions ![icon-global-network](https://www.agilicus.com/www/965b276e-icon-global-network.svg.svg) #### ****Per-Resource Authentication**** User authentication at a per resource level to enable granular authorization. - Enables granular audit logs for what user on what device - Eliminate shared passwords and team level access - Provision / Decommission resources on a per user basis ## **Ready to move beyond legacy remote desktop?** Experience the security of a complete Zero Trust platform. No Clients to manage, no shared passwords to fear. [CONTACT US](/contact-us/) [BOOK A MEETING](https://www.agilicus.com/book-calendar-meeting/)