Redirection Workflow in Client Proxy and GRM
The Global Routing Manager (GRM) intelligently routes traffic to the closest Point of Presence (PoP). SCP and GRM use the following redirection workflow.
- SCP issues a DNS query for c0123456789.wgcs.skyhigh.cloud to the DNS server configured on the endpoint.
- The user's DNS server queries Skyhigh Security's NS servers (anycast GRM).
- GRM sees the IP address of the user's DNS server.
- GRM applies the policy set in the back end.
- GRM calculates the best response based on back end policy and the user's DNS info (IP address and eDNS, if it exists).
- GRM provides the response to the endpoint.
- SCP connects to the provided IP address and starts the authorization process with SWG.
- SWG provides the endpoint with the IP address that is seen on SWG as the client public IP (endpoint egress IP).
- SCP hex encodes the egress IP address provided by SWG, places the proxy server address in the form of c123456789.<client public IP>wgcs.skyhigh.cloud on the top of the redirection list (POP enhancement feature).
- SCP sends a DNS query for c0123456789.<client public IP>wgcs.skyhigh.cloud to GRM.
- GRM reads the IP4 header and runs the policy set in the back end again.
- GRM provides the best response to the endpoint.
- SCP connects to the IP address provided in Step 12.
- eDNS. An extension for DNS servers that allows sending additional data, such as “requesting this domain for this client public IP”.
- POP enhancement feature. Geographical data is used in the proxy domain name so that GRM can provide a POP IP nearer to the endpoint.