About Portnox Cloud

In this topic, you will learn about the basic concepts behind Portnox™ Cloud and its architecture.

What is Portnox Cloud?

Portnox Cloud is a zero-trust, cloud-based network access control solution that offers continuous monitoring and management of devices connecting to your networks. It provides visibility, risk management, and authentication for endpoints in any location, including IoT, bring-your-own-device (BYOD), and managed devices across various types of networks. The cloud delivery ensures that the solution is always up to date with the latest features and capabilities. Access to the network can be granted based on user/device identity and/or risk profile.

Portnox Cloud is easy to set up and can be configured in even only a few minutes for the first devices.

How does Portnox Cloud work?

In a standard network, devices usually connect to the company network using one of the following methods:

  • For a wired device, you simply connect the Ethernet cable to the switch.

  • For a wireless device, you select the network (SSID) and enter a password common for all devices.

This is not a secure approach. It may let an intruder access your network easily, using any Ethernet cable or by obtaining a password that many other people use. Instead, you can use Portnox Cloud for a zero-trust approach:

  1. When you connect the Ethernet cable to the secured network switch, your device has no access to the network at all. When you try to connect your device to the secured Wi-Fi using a common password, it refuses the connection.

  2. To connect to the network, you must authenticate. To do that, you either enter your corporate email and a password, connect to your company identity service (for example, Azure/Entra ID or Google Workspace), or use a secure user/device certificate generated for your device.

  3. The network switch or Wi-Fi access point contacts the cloud RADIUS server automatically, checks the user credentials based on your company directory, and receives a reply that says if it should allow your device to access the network or not. Additionally, the cloud RADIUS server indicates the network to connect to, for example, a department network, an Internet-access-only network, or a quarantine network.

Note that devices such as IoT, which are unmanned, can simply be recognized by their MAC addresses instead. Portnox Cloud also works with VPN networks. You can also create guest accounts and control guest user access.

How does Portnox Cloud monitor risk?

With the addition of Portnox AgentP, Portnox Cloud can do even more: monitor the risk of your device and manage network access on the basis of that risk. It can even remediate certain risk conditions.

  • You can create risk profiles for different devices. For example, you can decide that a mobile phone that has an outdated operating system and applications from unknown sources is too risky to connect to your network. Or you can decide that a laptop with no disk encryption needs to be connected to a limited network with Internet access only and no access to company resources.

  • You can configure Portnox AgentP, for example, to discover that your device has an outdated antivirus or operating system, and automatically start an update. You can also configure it to automatically uninstall a suspicious application. This way, AgentP can remediate the device to lower its risk profile, and then let it access the network without your intervention.

Portnox Cloud architecture