Maxim Lanies and CloudBridge Relay: The Next-Gen Corporate Tunnel

Maksim Lanies

Maxim Lanies - Founder of 2GC and CloudBridge Relay

Maxim Lanies is an information security expert, founder and CEO of the 2GC platform, and the creator of CloudBridge Relay technology. With over 10 years in cybersecurity, he has developed Russian solutions for secure corporate access.

  • Mission: To create a domestic alternative to foreign VPNs and proxies, making corporate access simple and secure.
  • Expertise: Zero Trust, corporate networks, automation, scalable solutions.
  • Contacts:
    LinkedIn | GitHub | m.lanies@2gc.ru

CloudBridge Relay: How We Built the Next-Gen Corporate Tunnel

I have long dreamed of making corporate access to internal resources as simple and reliable as mobile communication. Over the years working with VPNs and corporate proxies, I have seen how much pain and compromise they bring: complex setup, unstable connections, outdated protocols, and constant trade-offs between security and convenience.
At some point, I asked myself: why not build a corporate access architecture based on the cellular network principle? This is how the idea of CloudBridge Relay was born.

Architecture: Corporate Network as Cellular

Instead of a single VPN server or static proxy, we created a distributed network of relay nodes. Each relay is like a cell tower that client devices automatically connect to. No matter where the employee is - at home, on a business trip, in the office, or at a production site - they always connect to the nearest relay, and the system itself chooses the optimal route for their traffic.

The core is automatic protocol selection:

  • QUIC (UDP, RFC 9000) - prioritized, fast, with 0-RTT support and multiplexing.
  • HTTP/2 - fallback if UDP is unavailable.
  • HTTP/1.1 - last-resort compatibility.
This ensures minimal latency, high performance, and resilience to network-level failures.

Security: Zero Trust and Modern Authentication

From the very beginning, we built CloudBridge Relay on Zero Trust principles:
  • Never trust by default
  • Always verify every connection
  • Minimal access rights
  • Continuous monitoring

For authentication, we use JWT (JSON Web Token) - a modern, open standard that allows secure transmission of user information and access rights. Each client receives a token signed with a private key and presents it when connecting to a relay.

Why is this important?

- The token cannot be forged without the private key - The token can encode roles, rights, and expiration - Token verification is instant, without database queries

For token validation, we use JWKS (JSON Web Key Set) - a special endpoint where public keys for signature verification are stored. Relay servers periodically update keys, allowing quick revocation or replacement without system restart.

In large deployments, we integrate with Keycloak - this provides SSO, MFA, LDAP, and other corporate standards support.

Personal Account and Role Model: Control and Convenience for Business

A key part of CloudBridge Relay is the personal account - not just an interface for connection, but a full-fledged corporate access management center. Through the account, administrators can:
  • Manage users and devices
  • Assign roles and access rights
  • View connection and security event history
  • Configure access policies for different departments and projects

The system is based on a flexible role model. Each user receives one or more roles (e.g., “Employee”, “Administrator”, “Guest”), and access rights to resources and actions are determined by the role, not the individual. This allows:

  • Easy system scaling as the company grows
  • Quickly assign or revoke access when positions change or employees leave
  • Guarantee the principle of least privilege: everyone sees and does only what they are allowed

The role model is integrated with JWT-based authentication: information about user roles and rights is included directly in the token, ensuring instant verification and no delays in resource access.

Why is this important?

- Centralized access control reduces internal threat risks - Audit and security compliance is simplified - Users get only the features they need, and the interface remains simple and clear

AI and Automation: A Network That Learns

One of the most interesting challenges is to make the network not just secure, but smart. We have implemented machine learning for traffic analysis, anomaly detection, and routing optimization.
  • The system analyzes user and device behavior
  • Predicts peak loads
  • Automatically balances traffic between relay nodes
  • In case of suspicious activity, can automatically restrict or block the connection

Monitoring and Transparency

The entire system is built around the principle of transparency.

  • Prometheus collects metrics from each node
  • Grafana visualizes the network state in real time
  • Telegram bot notifies administrators of important events

Why does this work better than classic VPNs?

- No single point of failure - No outdated protocols and ciphers - No complex manual configuration - Scales horizontally - you can add a new relay anywhere in the world in minutes - Security and authentication meet modern standards (Zero Trust, JWT, JWKS, SSO)
Where security, performance, and ease of connection matter - use CloudBridge technology.