- Server Components
- Client Components
- Cloud Managed Components
A generalized diagram that depicts all the Banyan components is shown below. The Banyan components work in concert to deliver a Zero Trust platform across which access control policies can be centrally managed. For specific uses cases and types of connectivity Banyan supports, please refer to Services & Connectivity.
The Banyan Access Tier is an identity-aware proxy that mediates access between entities on the internet and your internal services. Each Banyan Access Tier has a public IP address that is reachable from the internet and accepts inbound connections, typically on ports 443 (web services), 8443 (infrastructure services) and 50482 (service tunnels).
The Banyan Connector is a dial-out connector that establishes a secure tunnel with the Banyan Global Edge Network. The Connector can be deployed in any location that has connectivity to your internal services. Each Banyan Connector only connects outbound and does not need any inbound open ports to operate correctly. Note that when a Banyan Connector is utilized, traffic flows from entities on the internet to the Banyan Access Tier, and then through the Banyan Connector to the internal service.
Your deployment may use either, or both, Server Components. Banyan’s Server Components are typically deployed in the De-Militarized Zone (DMZ) of your datacenters and cloud clusters.
The Banyan App is a cross-platform endpoint client, installed on employee desktop and mobile devices. The App is used to register and authenticate employee devices with the Banyan Cloud Command Center. Note that the Banyan App is optional on MDM-managed devices on which you can install a Device Certificate via your device manager.
The Banyan App is available in two flavors:
- Banyan Desktop App is a desktop application for macOS, Windows, and Linux.
- Banyan Mobile App is a mobile app for iOS and Android platforms, downloadable from Apple iTunes and Google Play Store.
Cloud Managed Components
Cloud Command Center
The Banyan Cloud Command Center is a central management console for IT Administrators and Security teams to manage the Banyan solution. You can interact with the Command Center via the web portal or the RESTful API, to develop and enforce policies, configure alerts for security events and visualize real-time connectivity.
The Command Center includes two subcomponents that we sometimes call out explicitly:
- Banyan Shield is a cluster coordinator, deployed to create logical clusters of Access Tiers. Shield manages a Private PKI (Public Key Infrastructure) to distribute cryptographic identities (X.509 Certificates) to clients and services in your organization.
- Banyan TrustProvider is a federated authentication manager that uses OpenID Connect / OAuth-based workflows to authenticate end users and devices. TrustProvider integrates with your enterprise identity providers and device managers to deliver short-lived cryptographic credentials to authenticated end users on approved devices.
Regardless of deployment model, the Cloud Command Center is delivered as a Software-As-A-Service (SaaS) offering.
Global Edge Network
The Banyan Global Edge Network comprises of Access Tiers hosted and managed by Banyan for your organization. We use Google Cloud Platform (GCP) as our edge infrastructure provider, enabling us to use one of GCP’s 25+ global regions to provide fast and reliable connections to users around the world.
Read more about different types of Services you can secure with Banyan.
Last modified: Jun 16, 2021