Global Edge Network Architecture

This article describes how Banyan hosts and manages Access Tiers for your organization in a global deployment model

This article describes features - Banyan Connector, Banyan Global Edge Network - that are currently in early preview. Contact your account team to enable these features for your organization and for further assistance.

Overview

The Banyan Global Edge Network comprises of Banyan Access Tiers hosted and managed by Banyan for your organization. A high-level architecture diagram is shown below.

The diagram highlights the following concepts:

  1. Banyan Access Tiers are deployed at locations around the world at our edge infrastructure provider; the specific number of locations vary based on your organization’s deployment strategy and SLA.

  2. A Banyan Connector is deployed in the customer network, and dials out to establish a secure encrypted tunnel with one or more Access Tiers in the Banyan Global Edge Network.

  3. Banyan allocates a unique Org Domain - of the form {orgname}.banyanops.com - for every organization that is provisioned in the Global Edge Network. The Org Domain resolves via Public DNS (which is configured using geo-proximity routing) to your organization’s Access Tiers managed in the Global Edge Network.

  4. Admins publish Banyan services for their end users; service domain names will resolve to the network IP address of the nearest Banyan Access Tier.

  5. A user or program running on a device will make a request to a service by using its fully qualified domain name, e.g., wiki.exampleorg.banyanops.com.

  6. The Access Tiers in the Global Edge Network can address the upstream (aka backend) service instance by IP address or by name, via the encrypted tunnel that has been set up with the Connector.

  7. The Access Tiers in the Global Edge Network are connected to Banyan’s Cloud Command Center to receive the security policy it needs to enforce and to report on access events.



Last modified: Aug 05, 2021