Illumio Edge Architecture Overview

Virtual Enforcement Node

Illumio Edge’s Virtual Enforcement Node (VEN) is a lightweight agent that runs on your organization’s end-user laptops. But it’s not your average agent. It uses virtually no CPU, won’t bring down network performance, and has proven its resiliency in the data center.

The VEN is completely invisible to the user but gives you visibility of every flow in and out of their machines. It collects that context and telemetry and sends it to the Policy Compute Engine.

CrowdStrike customers will be able to use the Falcon agent with Illumio Edge as of July 2020. Read more about it here.

Cloud-Delivered Policy Compute Engine

Illumio Edge's Policy Compute Engine (PCE) uses endpoint visibility and telemetry as the basis for building the perfect allowlist policy. Once created, the PCE sends these policies back to the endpoint VEN that programs the Windows-based firewall with the right policy. The policy only allows specific, allowlisted inbound connections, dramatically reducing the risk of malware and ransomware spreading from machine to machine.

As a cloud offering, the PCE is hosted and managed by Illumio, with its intelligence and policy orchestration occurring in the cloud. This means there’s no management or operational expenses for your team.