Skip to content

Cordaware bestzero®

The Zero Trust Network Access solution – connecting people and their applications everywhere!

Cordaware bestzero® – Explained in under 90 seconds!

Remote work without VPN!

Cordaware bestzero® is a VPA (Virtual Private Applications) platform based on the ZTAA (Zero Trust Application Access) principle. Here, dedicated connections are realized at the application level, while VPN access usually requires the entire network to be enabled or segmented in advance.
With Cordaware bestzero®, internal applications and resources can be easily and securely made available for remote work, without having to access complex VPN solutions, etc.

Global workforce

The modern working environment is increasingly evolving from rigid office workplaces to mobile and hybrid models. The number of connections, devices and forms of collaboration are constantly increasing. In addition to the classic user, there are now other user categories such as service providers, partners, suppliers, freelancers and customers, who also need to access applications in the company permanently or temporarily. This is where Cordaware bestzero® comes into play when it comes to providing applications quickly, securely and reliably without effort.

How Cordaware bestzero® works

With the Appsbox of Cordaware bestzero®, you can make applications from various sources quickly and securely available on the users’ devices. It does not matter whether the corresponding applications are located in the internal company network or are obtained from a cloud.

Applications are deployed or removed from the Appsbox as needed based on permissions

In contrast to conventional VPN solutions, which are costly to set up and manage, the Cordaware Appsbox offers a smart, fast and secure way to implement remote work and e.g. connect your BYOD (Bring your own device) to the business network.


With flexible 2FA options, the user registers with the Appsbox, for access to the applications available to them.


The connection of the applications takes place in the corporate network via the Hive.


The connections of the Hive are then established to the bestproxy. Appsbox access permissions to individual applications are configured via an LDAP connection.


The client can now access the existing connections, which are stored in the bestproxy.


Based on the previously defined permissions, the connection paths are released for the Appsbox. In this way, people are connected with applications and not with networks.

Timed and 2FA conditional app access

Access to applications can be restricted via a wide range of time management options. This ensures that users only have access to applications during certain working hours or service providers outside of operating hours.

Cordaware bestzero® offers a multi-level authentication method. After initial 2-factor authentication of the user via the appsbox, the admin can additionally secure each individual application out of the box with another 2FA. The token can be sent by e-mail, SMS or post.

Deploy RDP securely with Cordaware bestzero®!

Especially with RDP connections, the greatest risk is that an incoming port must be opened in the firewall for each access to a remote desktop. The resulting risks for cyber attacks through port scans, for example, are highly questionable.

Cordaware bestzero® provides a remedy for this with the Appsbox, as the provisioning is realized exclusively via individual outgoing connections.

In addition, the Appsbox can secure your RDP connections out of the box with a multi-level 2-factor authentication.

General problems with remote desktop connections:

  • Remote desktop connections do not comply with the BSI security recommendations because the connection must always be established from the network segment with the higher protection requirement to the network segment with the lower protection requirement!
    With a remote desktop connection, on the other hand, an incoming connection is always established.
  • One incoming open port is required per access. In addition, the application can be closed through the open port.
  • Direct remote desktop connections are only secured via user name and password. If the password is hacked, the attacker is directly in the corporate network.

Secure your remote desktop connection with Cordaware bestzero®!

  • With bestzero® you realize a BSI compliant remote desktop connection, because no incoming connection is needed at all.
  • No matter how many remote desktops you deploy, only single outbound connections are needed. If you have a large number of RDP connections, you can share them using a dynamic hive.
With Cordaware bestzero® RDP connections can be secured out of the box using 2FA!

With remote desktop connections, one incoming port into the network must always be opened per session!

With bestzero® you only need single outgoing connections from the internal network. By closing the incoming connections, the protection of the internal network against hacker attacks is realized. It is no longer possible to penetrate the company network via a remote desktop connection by password decryption, for example.

The dynamic hive feature enables the creation of templates as the basis of dynamic addressing of distributed apps


The initial situation in our example is that we have 20 technicians who need to access 100 computers via RDP connection simultaneously and at any time. Where previously you had to configure each of the 100 RDP connections individually per computer, Cordaware bestzero® provides a remedy with the dynamic hive. With only one single configuration, a multitude of RDP connections can be made available dynamically.

Application examples for Cordaware bestzero®

Cordaware bestzero® makes it child’s play to establish remote access through dedicated application-level connections.
  • Temporary provision of internal applications for the global workforce (e.g. home office, service providers, suppliers, partners, students, etc.).
  • Easy and secure application access via the public W-LAN in your favorite café.
  • Straightforward management regarding resource access for BYOD scenarios.
  • Access to internal resources from your home office – work as you would in a familiar environment.
  • and much more…

The advantages of bestzero® at a glance

Applications and remote desktops for home office use, for example, can be added and removed instantly at the touch of a button, so to speak.

Unlike Remote Desktop, where anyone can log in knowing the username, Appsbox can only be accessed after a prior invitation.

High flexibility – resources can be easily obtained from multiple sources (programs/remote desktops from the corporate network and/or cloud applications).

Zero firewall configuration concept – you do not need to open any incoming firewall ports in your company, as is the case with other solutions, for example.

Only single encrypted outgoing connections are required.

Out of the box 2-factor authentication for your applications

Automated onboarding/offboarding through LDAP integration (no release caches for ex-employees).

With the use of Cordaware bestzero®, you do not need any additional external hardware or costly resources.
With bestzero® the release of many different protocols (e.g. HTTP, HTTPS, UDP, RDP, etc.) is possible.
With bestzero®, your employees work as they would in a familiar environment, so there is no need for training.
bestzero® is compatible with Windows 10, Windows 11, macOS, Linux and Android.

Targeted release of applications and/or remote desktops via LDAP connection

Access to applications can be restricted via a diverse time management system.

With just a single configuration, a large number of applications can be made available dynamically.

Cost savings

What cost savings result from the use of Cordaware bestzero®?

The deployment of applications via Cordaware bestzero® is far less complex and requires less know-how than VPN technologies.

Specific potentials for cost savings include:

  • The costs for VPN hardware and VPN software can be significantly reduced or eliminated altogether.
  • The administration of VPN is often very cumbersome and requires high personnel efforts. By using bestzero®, these efforts can be minimized and existing resources can be used more profitably.
  • A similar picture emerges in the area of firewall administration. Since open ports no longer have to be managed, a considerable administrative effort is eliminated, which again significantly reduces the operating costs of IT security.

The use of Cordaware bestzero® not only modernizes the network architecture, but also offers considerable potential for cost savings!

License model

Licenses are billed according to the concurrent-user licensing model. This means that you can install the Appsbox on as many devices as you like and only pay for the desired maximum number of simultaneous accesses.

Get a first price overview here:

Video information

Cordaware bestzero® test

You can test bestzero® easily, free of charge and without obligation!

*The minimum term is one year. You will be notified of the renewal option before the minimum term expires.