Identity Aware Proxy vs. Jump Box Architect
BeyondTrust Privileged Remote Access Provides users with access to shared resources utilizing a Jump box / gateway Architecture . Agilicus eliminates the need for the intermediate “hop” and connects the user to resources directly.
Discover why an identity aware proxy beats a jump box / gateway architecture for secure remote access.
The Fundamental Difference
The choice between Agilicus and BeyondTrust Privileged Remote Access is a choice between a complete identity aware proxy Zero Trust Platform and a platform connecting users to a “jump box” to access shared resources.
Agilicus
Agilicus uses an identity-aware proxy. There is no “middle-man” and the connection is made outbound from the resource, keeping the resource and network invisible to the public internet.
BeyondTrust Privileged Remote Access
BeyondTrust Privileged Remote Access generally relies on a “jump box” or “hardened appliance” (virtual or physical) that sits in the DMZ. It brokers connections by “proxying” protocols like RDP and SSH.
Identity Model Comparison
Agilicus
Identity Aware Proxy
→
Direct connection between user and resource
BeyondTrust Privileged Remote Access
Jump Box Architecture
→
Jump connection(s) between user and resource
BeyondTrust Privileged Remote Access jump box model requires an appliance or gateway with a public IP address that sits in your DMZ, for users to connect, often requiring inbound rules (Port 443) from the internet. This creates a visible target for attackers and requires you to manage complex firewall rules to allow traffic in.
Agilicus AnyX is an Identity-Aware Proxy which uses an outbound-only connection, where a lightweight connector operates through an outbound only connection to the Agilicus cloud. This makes your internal resources invisible to the public internet, eliminates the need for any inbound firewall ports, and ensures that a user’s identity is authenticated and authorized before reaching the shared resource.
Agilicus AnyX is a complete Zero Trust Network Access platform, comprising authentication, authorization, audit, access. One of AnyX’ core features is the ability to remotely use a remote graphical environment, via both Remote Desktop Protocol, and VNC. These are available via a browser, or via a native client, and incorporate Agilicus’ trademark simple, seamless, single-sign-on via your existing identity providers, for your staff, your partners, with optional multi-factor authentication.
Why Modern Teams Choose Agilicus
Compare capabilities side-by-side.
Feature
Agilicus AnyX
BeyondTrust Privileged Remote Access
Architectural Approach
Cloud-Native Zero Trust: Identity-aware proxy; resources are invisible to the internet.
Gateway-Based: Relies on jump boxes or hardened appliances (virtual/physical) in the DMZ.
Network Model
Proxy Based
Direct connection of user to resource
Operates with outbound-only connection, eliminating the need for publicly accessible IP address
Gateway / Broker
Jumpbox connection from user to resource
Must have publicly accessible IP to connect. Exposing resources to the public internet.
Lateral Movement
User is connected only to the specific application, not the network, eliminating the risk of lateral movement
Once a user hits the gateway, they are effectively “inside” the DMZ/Network.
IP Exposure
Hidden
No public IP or DNS entry is needed for your internal resources.
Exposed
The BeyondTrust Appliance must have a publicly accessible IP/URL
User Experience
Seamless
Users use native browsers or desktop tools (RDP/SSH) to connect directly to the resource.
Clunky
Often feels like “Remote Desktop inside a browser” or requires a specific console.
Deployment
Lightweight Agilicus connector. No firewall rules or network changes needed.
Often requires complex appliance setup, firewall configurations, and “Jump Box” architecture.
Clientless Universal Access
Access all resources from any device with a web browser.
- Equal security across all devices accessing resources
- Enable BYOD while maintaining security
- Easy Access to all authorized resources in one tile-based web launcher
Granular Authorization
Granular authorization and permission levels on a per resource level.
- Enforce read vs write permission levels per user
- Enable specific users to perform specific tasks on a resource
- Native resource request workflow for task based permissions
Per-Resource Authentication
User authentication at a per resource level to enable granular authorization.
- Enables granular audit logs for what user on what device
- Eliminate shared passwords and team level access
- Provision / Decommission resources on a per user basis
Ready to move beyond legacy remote desktop?
Experience the security of a complete Zero Trust platform. No Clients to manage, no shared passwords to fear.