Architecture Overview

Remok uses a client-server architecture with centralized management and distributed gateways.

Components

Remok consists of four core components that work together to provide secure remote access:

• Management Console — web-based admin interface for configuring applications, managing users, and viewing logs
• Access Gateway — handles VPN connections and traffic forwarding; can be deployed in multiple locations
• Client Application — installed on user devices; establishes encrypted tunnels to the gateway
• Authentication Service — handles user identity verification and policy enforcement

Connection Flow

1. User opens the Remok client and enters their Enterprise Code + credentials
2. The authentication service verifies identity (with optional MFA step)
3. An access token and network policy are issued to the client
4. The client establishes an encrypted DTLS tunnel to the nearest gateway
5. All internal network traffic is routed through the tunnel according to the split-routing policy
6. Every session is logged for audit purposes

Automatic Network Detection

Remok clients intelligently detect the current network environment:

• On corporate LAN — direct access to internal resources; VPN tunnel is bypassed to reduce latency
• On external network — VPN tunnel is automatically established; all internal traffic is encrypted

Deployment Requirements

Hardware Sizing

Software Requirements

• OS: CentOS 7+, Ubuntu 18.04+, Debian 10+
• Docker 20.10+ with Docker Compose
• Network: Public IP or domain accessible to clients

Security Design Principles

• Zero Trust — no user or device is trusted by default; every connection is verified
• Least Privilege — users can only access explicitly authorized resources
• End-to-End Encryption — all traffic is encrypted using DTLS 1.2 with AES-256-GCM
• Complete Audit Trail — every connection, access event, and admin action is logged