I am not that familiar with what a terminator is… I understand the text below… but raises more questions than provide answers
ie what is the difference between a router and a terminator?
Termination - Ziti only provides access to a network service, it does not provide the service itself. The service must be able to get network traffic to whatever application or application cluster is actually providing the service, whether that provider has Ziti embedded or has no knowledge of Ziti
Someone else might have a complete answer, but I can provide how I think about it.
Terminators are configuration that informs the overlay where data can exit the overlay. This location is essential because it defines what Ziti Identity or Router is expected to be the last piece of software to handle the traffic and deal with end-to-end encryption.
Terminators are both statically configured and dynamically created at run time. Static configuration is for routers, which are expected to exist as part of the overlay itself.
Dynamic terminators are created indirectly by identities that connect via Edge Routers when issuing bind requests. They are ephemeral and only exist as long as the Ziti Identity that “bound the service” remains connected. The ability to successfully issue bind requests for a service by a Ziti Identity is controlled by policies.
thanks for the note… I was watching the video attached and I think that this relates to the zitified ssh and scp apps.
refer to 27:35… where it makes reference to an identity terminator… I believe is the name of the end point that you want to ssh to… for example
Yes. those two in particular make use of “addressable terminators”. Addressable terminators are the ability to relatively dial an identity directly not “just a service”. And yes when doing a zssh/zscp the ‘at’ (
@zsshServer ) is the name of the identity. Under the hood the code is specifically dialing that identity
For a deeper dive into terminators, check out this video: Apr 8th - Configuring HA Services - YouTube
There will be a follow up where we dive deeper into how to configure HA and health checks.