Publish a Service Tunnel to Users
This guide details how to publish a Service Tunnel via the Banyan Access Tier so an end user can conveniently yet securely set up encrypted network connectivity to network segments
For this quick start guide we have a setup as in the diagram below:
A Banyan Access Tier is installed in the same network segment as the private network to which we need connectivity. This guide uses an Access Tier named
The Banyan User Directory should be configured to integrate with your Identity Provider.
We will now set up a service tunnel to the private network segment in three steps.
Step 1. Create a Policy
1.1 Log in to the Banyan Command Center and navigate to Secure Access > Policies > Create New Policy.
1.2 Create a new Policy using the template TCP Policy.
1.3 Enter a Policy Name (such as,
hosted-service) and a Description.
1.4 Configure the Policy Attributes:
- Only allow access from the following role: ANY (or a role according to your organization’s requirements)
- Only allow users and devices with the following Trust Levels: No Trust Level - ignore TrustScore (or a Trust Level according to your organization’s security requirements)
Step 2. Register a Service Tunnel
2.1 Navigate to Manage Services > Service Tunnels and then click + Register Tunnel.
2.2 Select the template Standard Tunnel.
2.3 Enter the Service Name (such as,
AWS Prod VPC) and Description (such as
Access to AWS Production VPC).
2.4 Select the cluster where the applicable Access Tier is located.
2.5 Attach the policy we had previously created in Step 1.4, and then set enforcement mode to
2.6 Click Register Tunnel.
Step 3. As an End User, launch the Banyan Desktop App and enable the Tunnel
3.1 Launch the Banyan Desktop App, locate the service tunnel (for example,
AWS Prod VPC) from the list of Service Tunnels, and then click Connect.
Behind the scenes, Banyan evaluates your device posture, enforces your security policies, and grants access accordingly.
3.2 Now you can connect to your internal resources.
And, that’s it! You have created a Zero Trust policy for a service tunnel and accessed your internal resources securely.
Last modified: Aug 19, 2021