One Identity Safeguard for Privileged Sessions (SPS) can be configured to monitor both transparent and non-transparent connections.
In transparent mode, SPS acts as a transparent router between two network segments. For details, see Transparent mode.
You can also use policy-based routing to forward connections within the same network segment to SPS, in which case it acts like a single interface transparent router. For details, see Single-interface transparent mode.
In non-transparent mode, users have to address SPS to initiate connections to protected servers. For details, see Non-transparent mode.
When addressing SPS, you can also use inband destination selection to choose the server to connect to. For details, see Inband destination selection.
One Identity recommends that you design the network topology so that only management and server administration traffic passes SPS. This ensures that the services and applications running on the servers are accessible even in case SPS breaks down, so SPS cannot become a single point of failure.