How is instance access controlled?

アプリケーション トンネル

Every tunnel is protected with a unique security key that is generated when the tunnel is created. You must add this key to your Data Center instance (which is part of the configuration), otherwise the traffic won’t be able to reach it.

アプリケーション リンク

Once your instances are linked through application links and start using the tunnel, the communication is using OAuth. This is controlled by application links, in this setup they just pass all communication through the tunnel instead of directly. For more info, see OAuth security for application links.