Managed Access Service

Q: What is the difference from a traditional VPN?

A VPN gives users access to the entire network — including systems they don't need. This increases the attack surface if credentials are compromised. Our Zero Trust Gateway establishes a 1:1 connection between user and approved application. There is no network access, only application access.

Q: Which identity providers are supported?

Microsoft Entra ID (formerly Azure AD), Okta, Google Workspace, LDAP and Active Directory via OpenID Connect and SAML 2.0. Your employees sign in with their existing corporate credentials — no additional password needed.

Q: How does the fixed outbound IP work in practice?

When you need to access your clients' or partners' systems that require IP whitelisting, all traffic is routed through our gateway. Your client registers a single IP address — regardless of where your employees are currently working.

Q: Can I give individual users time-limited access?

Yes. You can grant access for specific time periods — e.g. for a maintenance window from Friday 6pm to Saturday 6am. Access is automatically revoked when the period expires. Ideal for external contractors and project staff.

Q: Is the service suitable for regulated industries?

Yes. The Managed Access Service operates in ISO 27001 certified data centers. Audit trails document every access in an audit-proof manner. Optionally with video recording for four-eyes evidence. Suitable for BSI IT-Grundschutz, KRITIS and GDPR requirements.

Q: What technology is behind it?

The service is built on a proven open-source stack: Apache Guacamole as the remote access gateway and Keycloak/Authentik as the identity platform. No proprietary vendor lock-in. You could theoretically run the stack yourself — we handle operations, maintenance and security for you.

Zero Trust Remote Access from Munich: Browser-based access to servers and applications without VPN. Fixed outbound IP, audit trails, 100% open source.

Compare Packages

GDPR

compliant

99.99%

Availability

100%

Open Source

Remote Access

On Request

Browser-based access (RDP, SSH, VNC)

Multi-factor authentication

Central user management

Logging of all connections

Request Consultation

Zero Trust

On Request

Everything from Remote Access

Integration with your identity provider

Fixed outbound IP for whitelisting

Video recording (optional)

Request Consultation

Compliance

On Request

Everything from Zero Trust

Granular role-based access control

Compliance reporting & audit export

Dedicated gateway instance

Request Consultation

Your Advantages at a Glance

VPNs grant too much access. Our Managed Access Service replaces the traditional VPN tunnel with a Zero Trust Gateway: Your employees and contractors access approved systems directly via the browser — individually authenticated, granularly authorized, fully logged.

No VPN client, no software distribution, no agent rollout

Onboard new employees or contractors in minutes instead of days

Fixed outbound IP — your clients whitelist a single address

Time-limited access for maintenance windows and projects

Fully open-source based — no vendor lock-in

Operated in ISO 27001 certified data center Munich

More Services

Access Without Installation

Your employees and contractors open the browser and start working immediately — no VPN client, no software distribution, no admin rights on the device. Supports RDP, SSH, VNC, Telnet and Kubernetes. Works on any device with a modern browser.

Least Privilege Principle

Each user sees only the systems explicitly assigned to them — not the entire network. Access can be time-limited, role-bound or granted for specific maintenance windows. Lateral movement within the network is architecturally prevented.

Complete Traceability

Who accessed which system when, for how long, via which protocol? Every connection is automatically documented. If needed, the gateway records the entire session as video — or you deliberately opt out when data privacy takes priority.

Zero Trust Gateway — Architecture with users, identity provider and protected resources

Typical Use Cases

The Managed Access Service is the right solution wherever access needs to be centrally controlled and documented — without the overhead of traditional VPN infrastructure.

External contractors access your infrastructure — without their own VPN

Your team administers servers at clients with IP whitelisting requirements

Compliance demands complete documentation of privileged access

New hires need immediate access to all relevant systems on day one

INGATE Premium Support

Personal, competent, and available around the clock.

24/7 Emergency Hotline

Free emergency hotline around the clock — reach a technician immediately in case of emergency.

Dedicated Contact Person

A dedicated contact person who knows your infrastructure and provides individual support.

Email & Phone Support

Friendly and competent support with fast response times.

Remote Hands

Qualified technicians on-site — for hands-on work on your hardware.

Hardware Replacement

Defective components are replaced promptly — even at night and on weekends.

SLA & Response Times

Individual Service Level Agreements with guaranteed response and recovery times.

Technical Highlights

State-of-the-art infrastructure in our data centers for your business-critical applications.

Redundant Power Supply

Dual-path A/B power supply down to the rack. Dedicated transformers, UPS, and backup generators.

High-Efficiency Cooling

PUE < 1.20 through free cooling and cold aisle containment. Optimized for high-density up to 20 kW per rack.

Fire Protection

VESDA early detection and damage-free gas extinguishing system.

High-Speed Backbone

Redundant high-performance backbone with multiple 100Gbit/s links. Direct peering at DE-CIX and MuCon-X for lowest latencies.

Physical Security

Security level SK4. Biometric access control and comprehensive video surveillance.

Sustainability

Carbon-neutral operations with 100% green energy. Certified green electricity and waste heat recovery.

Certified Data Centers

Our primary data center EMC Home of Data in Munich holds the following certifications. All additional data centers are at least ISO 27001 certified and powered by 100% renewable energy. Select locations additionally hold SOC 1, SOC 2, and PCI-DSS certifications.

ISO 27001

Information Security

ISO 9001

Quality Management

ISO 50001

Energy Management

DIN EN 50600

DC Availability

CSR 26001

Corporate Responsibility

TÜV Süd

100% Green Energy

Frequently Asked Questions

Answers to the most important questions about Managed Access Service Munich - Zero Trust.

What is the difference from a traditional VPN?

A VPN gives users access to the entire network — including systems they don't need. This increases the attack surface if credentials are compromised. Our Zero Trust Gateway establishes a 1:1 connection between user and approved application. There is no network access, only application access.

Which identity providers are supported?

Microsoft Entra ID (formerly Azure AD), Okta, Google Workspace, LDAP and Active Directory via OpenID Connect and SAML 2.0. Your employees sign in with their existing corporate credentials — no additional password needed.

How does the fixed outbound IP work in practice?

When you need to access your clients' or partners' systems that require IP whitelisting, all traffic is routed through our gateway. Your client registers a single IP address — regardless of where your employees are currently working.

Can I give individual users time-limited access?

Yes. You can grant access for specific time periods — e.g. for a maintenance window from Friday 6pm to Saturday 6am. Access is automatically revoked when the period expires. Ideal for external contractors and project staff.

Is the service suitable for regulated industries?

Yes. The Managed Access Service operates in ISO 27001 certified data centers. Audit trails document every access in an audit-proof manner. Optionally with video recording for four-eyes evidence. Suitable for BSI IT-Grundschutz, KRITIS and GDPR requirements.

What technology is behind it?

The service is built on a proven open-source stack: Apache Guacamole as the remote access gateway and Keycloak/Authentik as the identity platform. No proprietary vendor lock-in. You could theoretically run the stack yourself — we handle operations, maintenance and security for you.

Technology Partners & Memberships