HyperCX Access Models
Categories:
This section explains the common cloud access models (Public, Private, Hybrid) and how HyperCX supports them. It also defines the access modes for Private Cloud deployments, based on how the cloud frontend (Sunstone) and the API endpoints are exposed.
Cloud Computing access models
Public Cloud
Public Cloud: Is a cloud service shared across multiple customers (multi-tenant), where each organization operates inside its own isolated tenant/project. Access to the cloud frontend and APIs is typically available over the Internet.
Private Cloud
Private Cloud: Is dedicated to a single organization (single-tenant). The underlying infrastructure and control plane are not shared with other organizations. A private cloud can still be accessed in different ways-directly over the Internet, through a restricted network, or in a fully isolated environment. The variants in HyperCX are: Internet-Exposed, VPN-Gated, Isolated.
Hybrid Cloud
Hybrid Cloud: It combines two or more cloud environments (commonly private + public) with integration that enables workload portability, shared identity, networking, governance, or orchestration across them.
HyperCX supported access models
HyperCX supports:
- Public Cloud
- Private Cloud (with multiple access modes)
Private Cloud access modes in HyperCX
In HyperCX, Private Cloud always means: one organization has a dedicated cloud environment.
What changes between modes is how users reach Sunstone and the API.
Private Cloud: Internet-Exposed
Definition: The HyperCX frontend (Sunstone) and API endpoints are reachable directly from the Internet (typically over HTTPS).
Key characteristics:
- Users can access the cloud from anywhere without requiring a VPN.
- Security relies on strong identity and perimeter protections (e.g., MFA/SSO, WAF, IP allowlists, rate limiting, hardened TLS).
- Best for organizations needing simple access for distributed teams and external integrations.
Typical use case: Remote teams, multi-site operations, fast onboarding, public-facing automation tools that must reach the API.
Private Cloud: VPN-Gated
Definition: Sunstone and the API are not accessible from the public Internet. Users must first connect to a Cloud Access VPN (client VPN from the cloud infrastructure VPN, known as HyperCX GATE) to reach the management network where Sunstone/API are hosted.
Key characteristics:
- The VPN is the only routable path to the cloud frontend and API.
- Reduces exposure of the management plane by removing public reachability.
- Access control is enforced at both network level (VPN) and identity level (users/roles).
Typical use case: Enterprises that require restricted access to management systems, but still need remote administration.
Private Cloud: Isolated
Definition: The private cloud is hosted in an isolated network environment where Sunstone/API are only reachable from inside that isolated segment. There is no direct Internet access path to the management plane.
Key characteristics:
- Designed for high-security requirements and strict separation.
- Access typically requires a controlled internal jump host/bastion, dedicated admin network, or physical presence (depending on the organization’s policies).
- The term “Isolated” is used when there is zero external connectivity to HyperCX frontend for users. Virtalus cloud engineers still need remote access to the cloud infrastructure.
Typical use case: Regulated or sensitive workloads, environments requiring strict network segregation, compliance-driven isolation policies.