A generalized diagram that depicts all the Banyan components is shown below. The Banyan components work in concert to deliver a Zero Trust platform across which access control policies can be centrally managed. For specific uses cases and types of connectivity Banyan supports, please refer to Services & Connectivity.
The Banyan Access Tier is an identity-aware proxy that mediates access between entities on the internet and your internal services. Each Banyan Access Tier has a public IP address that is reachable from the internet and accepts inbound connections, typically on ports 443 (web services), 8443 (infrastructure services) and 50482 (service tunnels).
The Banyan Connector is a dial-out connector that establishes a secure tunnel with the Banyan Global Edge Network. The Connector can be deployed in any location that has connectivity to your internal services. Each Banyan Connector only connects outbound and does not need any inbound open ports to operate correctly. Note that when a Banyan Connector is utilized, traffic flows from entities on the internet to the Banyan Access Tier, and then through the Banyan Connector to the internal service.
Your deployment may use either, or both, Server Components. Banyan’s Server Components are typically deployed in the De-Militarized Zone (DMZ) of your datacenters and cloud clusters.
The Banyan App is a cross-platform endpoint client, installed on employee desktop and mobile devices. The App is used to register and authenticate employee devices with the Banyan Cloud Command Center. Note that the Banyan App is optional on MDM-managed devices on which you can install a Device Certificate via your device manager.
The Banyan App is available in two flavors:
The Banyan Cloud Command Center is a central management console for IT Administrators and Security teams to manage the Banyan solution. You can interact with the Command Center via the web portal or the RESTful API, to develop and enforce policies, configure alerts for security events and visualize real-time connectivity.
The Command Center includes two subcomponents that we sometimes call out explicitly:
Regardless of deployment model, the Cloud Command Center is delivered as a Software-As-A-Service (SaaS) offering.
The Banyan Global Edge Network comprises of Access Tiers hosted and managed by Banyan for your organization. We use Google Cloud Platform (GCP) as our edge infrastructure provider, enabling us to use one of GCP’s 25+ global regions to provide fast and reliable connections to users around the world.
Read more about different types of Services you can secure with Banyan.