Identity-Aware Access
vs. Network Extension
Siemens Smart Server requires the Siemens Smart Client app. Agilicus is native clientless (any browser).
Discover why Layer 7 precision beats Layer 3 connectivity for modern security.
The Fundamental Difference
The choice between Agilicus and Siemens is a choice between Application Access and Network Connectivity.
Agilicus AnyX (Layer 7)
Understands Application layer like HTTP, VNC, SSH. Can block password stuffing, restrict specific URLs, and protect individual files. Users never touch the network.
Siemens (Layer 3)
Connects devices via an outbound VPN tunnel. Good for basic machine connectivity, but creates lateral movement risks and broad network exposure. Requires additional tools for application-level security.
Security Model Comparison
Agilicus User
HTTPS Only
→
App
Only
Siemens User
Full Network Pipe
→
Network
Adjacency
*With Siemens, if a user device is compromised, the attacker has network-level visibility (ping, scan) of the target. With Agilicus, they see nothing but the specific web app authorised.
Why Modern Teams Choose Agilicus
Compare capabilities side-by-side.
Feature
Agilicus AnyX
Siemens
Hardware Dependency
Does it require new physical hardware?
Software Only
Installs on existing IPCs and PLCs.
Hardware Required
Requires the Smart Client / SCALANCE gateway box on-site.
Network Layer Security
What level of access is granted?
Layer 7 (Zero Trust)
Precise, identity-aware microsegmentation.
Layer 3 (Network)
Broad access to the entire machine subnet.
Authentication
How do users log in?
Single Sign-On
Bring your own identity (Entra ID, Google).
Cloud Accounts
Requires creating and managing Siemens credentials.
Audit & Visibility
What level of activity is logged?
File-Level Precision
Who did what, down to the exact file or command.
Session Level
Only logs who connected to the Siemens cloud.
Granular Authorisation
How specific can access rules be?
Read-Only / Roles
Limit actions (e.g., read-only VNC).
Protocol Access
VPN access typically gives full protocol control.
Overlapping IPs
Can users access multiple sites with identical IP ranges simultaneously?
Yes
Seamless multi-site access without conflicts.
No
Layer 3 routing conflicts prevent simultaneous access.
Client Access
How do users access the system?
Clientless
Native browser access for VNC, RDP, and HTTP.
App-Based
Requires Siemens Smart Client (VNC viewer) application.
Architecture
How is the connection brokered?
Identity Proxy
Layer 7 Identity-Aware Proxy (IAP) with Zero Trust.
Network Overlay
SINEC Secure Connect hardware-centric network overlay.
Network Bypass
Does it bypass your existing perimeter security?
No (Outbound Only)
Works with existing next-gen firewalls via TLS.
Yes (Hardware Gateway)
Creates a bypass that may undermine existing firewalls.
SIEM Integration
Can it send logs to your security tools?
Native Integration
Works with Microsoft Sentinel, Graylog, Splunk.
Limited
Harder to integrate with enterprise SOC workflows.
Data Pricing
Is there a cost per byte of data?
Unlimited Data
Predictable pricing with no data caps.
Predictable
Flat fee per gateway device.
Clientless Universal Access
Stop managing VPN clients. Agilicus AnyX works on any device with a browser—desktop, tablet, or phone.
- Ideal for contractors & BYOD
- No MDM required
- Zero friction onboarding
Granular Authorisation
Don’t just grant network access. Control exactly what users can do inside the application.
- Restrict specific URLs
- Control file share access
- Stop password stuffing attacks
Network Simplification
Solve the hardest networking problems without re-architecting your infrastructure.
- Outbound-only (Starlink/CGNAT)
- Overlapping IP support
- Multi-IdP Single Sign-On
Ready to move beyond the VPN?
Experience the security of an Identity-Aware Proxy, Zero Trust, Zero Compromises. No Clients to manage, no lateral movement to fear.