Communication between Tunneller and Controller

Hi, I have some questions regarding the communication between (Ziti Desktop Edge) Tunneller and Controller.

  1. How does the Tunneller know which IP address to communicate with the Controller? Is it learned when we download the .jwt file for an identity created (by clicking in ADD Identity in the Ziti Desktop Edge app)?
  2. How many Controllers can the Ziti Desktop Edge communicate with? Is there a SW limit or will it be just a HW limitation?
  3. Can the Ziti Desktop Edge communicate simultaneously with more than one Controller?

Thanks,

  1. The controller address is saved into a configuration file when the identity is enrolled.

  2. Interesting question someone else might know.

  3. Yes, today one can load multiple identities and communicate on different networks from one client. In the near future, distributed controllers will allow communication with multiple controllers in the same network as well.

  1. As Mike said - yes and yes. It's embedded within the JWT and stored as an "identity file" after the JWT is consumed during enrollment
  2. No software limit I'm aware of. Each identity/service will add to the overall load of the tunneler but to be fair I've never seen more than like 10 used? I have 5-10 running almost every day. We've seen networks where the user had access to "thousands" (like 200-4000) of individual services.
  3. As Mike said - yes. We built tunnelers from day one to be mutli-network aware simultaneously. You can enable/disable identities as you wish as well