What is Software-Defined Perimeter (SDP)?
A Software-Defined Perimeter (SDP) is a security architecture originally developed by the Defense Information Systems Agency (DISA) and later standardized by the Cloud Security Alliance. SDP creates a dynamic, identity-based perimeter around individual resources rather than relying on a fixed network perimeter. SDP architecture has three components: - **SDP Controller**: Authenticates users and authorizes access - **SDP Gateway**: Protects resources and enforces access policies - **SDP Client**: Initiates connections on behalf of authenticated users The key innovation of SDP is the "dark cloud" concept — protected resources are invisible to unauthorized users. The SDP Controller only reveals resource locations to authenticated, authorized users, and connections are established on a per-session basis. SDP was designed to address the limitations of VPNs and traditional perimeter security, which grant broad network access once a user is authenticated. SDP follows the principle of least privilege by granting access only to specific resources for specific sessions. The OpenNHP (Network Hiding Protocol) is the modern evolution of SDP concepts, implementing cryptographic network hiding through the Single Packet Authorization mechanism.
How LayerV Implements This
LayerV is the commercial evolution of Software-Defined Perimeter architecture. It implements the SDP "dark cloud" concept using the OpenNHP protocol — the modern, standardized evolution of SDP. LayerV's architecture maps directly to the SDP model: the LayerV Controller authenticates users, QURLs serve as dynamic per-session access credentials, and protected resources remain in a "dark" state (zero network presence) until explicitly revealed to authenticated users. LayerV advances SDP by adding ephemeral access credentials (QURLs), native IdP integration, and sub-50ms authentication latency.