Skip to main content
Every customer appliance establishes an outbound, mutually-authenticated connection to your control plane. The connection carries telemetry, deploy instructions, and operations commands. Your customer (within the form factor’s permitted paths) chooses which network the connection travels over. Three controller-connectivity options: Public internet (default), AWS PrivateLink (aws-only), and Tailscale (tailnet-only). The customer's appliance reaches your Tensor9 Controller via one of these paths. This page is the customer-customizable knob for the appliance-to-control-plane link only. It is internal infrastructure: it carries telemetry and management traffic, not end-user requests. Your customer’s end users never see it. The end-user-facing link is configured separately on Ingress Control.

Controller connectivity options

OptionWhat it doesWhen customers pick itCompliance lever
Public internet (default)The appliance reaches your control plane over public HTTPS. The connection is mutually-TLS authenticated end-to-end.Adoption-friendly default. The customer is comfortable with outbound HTTPS from their environment.None directly. Common starting posture; the customer’s egress proxy and TLS-inspection appliances handle policy.
AWS PrivateLinkThe appliance reaches your control plane over an AWS PrivateLink endpoint. Cross-region attachments supported. Requires both the customer environment and your control plane to be on AWS.The customer wants no public-internet path between their environment and you.Eliminates a common third-party-risk finding: there is no public route by which a compromised credential could reach your surface. The PrivateLink endpoint is documentation-friendly evidence for the customer’s auditor.
TailscaleYou operate a Tailscale tailnet. Both your control plane and the customer’s appliance join it, and the connection travels the tailnet.The customer prefers Tailscale to public-internet egress, or the appliance lives somewhere outbound HTTPS is awkward (heavily-restricted on-prem environments, lab segments, etc.).Eliminates the public path with a control the customer’s security team already understands. Tailnet membership and ACLs become the authorization boundary.

Configuring an option

Controller connectivity is set on the form factor you author. The form factor declares which of the three options it permits; your customer picks from those permitted options at appliance setup time.
  • Public internet is the default and requires no additional configuration beyond outbound HTTPS egress from the appliance’s environment.
  • AWS PrivateLink requires you to expose a Service Endpoint in your control plane’s AWS account and your customer to accept the corresponding Interface Endpoint in their account. Cross-region attachments are supported.
  • Tailscale requires you to operate a tailnet and provision an appliance auth key as part of the appliance setup configuration.

How this fits into the bigger network picture

Tensor9 manages four distinct network links in total: application ingress, operator to control plane, appliance to control plane (this page), and break-glass access. The full architectural view, including the your-side-only links, is on Connectivity. This section’s pages focus only on the two customer-customizable links: this one and Ingress Control.