Banyan Security Enables Zero Trust Developer Access on Oracle Cloud

January 6, 2022 | 5 minute read
Robert Ronan
Principal Product Manager
Text Size 100%:

What is zero trust access?

 

As more organizations migrate infrastructure to the cloud and rethink software development and deployment, they are also modernizing their approach to security. One such approach is Zero Trust – instead of relying on traditional network perimeter-based security tools such as VPNs and bastions that connect you directly to a network, access (authentication as well as authorization) is granted based on user and device attributes as well as the sensitivity of specific applications and services within that network.

 

Zero trust access is particularly well suited to Infrastructure as a Service (IaaS) offerings such as Oracle Cloud because it is designed to securely connect users and workloads in automation-oriented ephemeral environments

Zero Trust Access Traditional VPNs and Bastions
Connect user to applications & services Connect user to networks
Rules using cryptography tied to user & device attributes Rules based on IP address
Automated credential issuance & rotation Manual interaction

 

Install Access Tier

To get started with Banyan Zero Trust Access, register for a Banyan account. You can use Banyan for free forever using the Banyan Team Edition.

On a Linux VM in your OCI compartment with a public IP address, install the Banyan Access Tier component. This will serve as the gateway to your OCI infrastructure.

# add the Banyan RPM repo
$> yum-config-manager --add-repo https://www.banyanops.com/onramp/repo/
$> rpm --import https://www.banyanops.com/onramp/repo/RPM-GPG-KEY-banyan
# install it
$> yum install banyan-netagent

 

Other install methods – Docker, DEB, Tarball, Terraform, etc. – are available in our documentation. Once installed and configured, you will see the Access Tier reporting in Banyan’s Cloud Command Center console.

 

(Note: If you’re using the Banyan Team Edition, you will install an outbound Connector instead of the Access Tier; the Banyan global edge network of managed Access Tiers will serve as the gateway into your OCI infrastructure.)

 

Auto-discover OCI resources

The next step is to synchronize your OCI resources into Banyan. You can use OCI tags to tell Banyan to discover only specific categories of resources in your environment.

$> banyan cloud-resource sync-oci all {oci-compartment} --tag_name banyan:discovery
--> Getting list of OCI VM resources:
type    name              public_dns_name    public_ip    private_dns_name    private_ip    ports    provider    region      tags

------  ----------------  -----------------  -----------  ------------------  ------------  -------  ----------  --------  ------
vm      oke-cqqhk6ivu2q-                                                      10.1.85.35    []       oci         phx            2
vm      oke-cko3n7f326q-                                                      10.0.93.236   []       oci         phx            2
vm      oke-cko3n7f326q-                                                      10.0.80.84    []       oci         phx            2

--> Filtering for new OCI resources:

type    name              public_dns_name    public_ip    private_dns_name    private_ip    ports    provider    region      tags
------  ----------------  -----------------  -----------  ------------------  ------------  -------  ----------  --------  ------
vm      oke-cqqhk6ivu2q-                                                      10.1.85.35    []       oci         phx            2

--> Syncing into Banyan Cloud Resource inventory:

--> Added OCIresource id(name): ocid1.instance.oc1.phx.anyhqljreqfgs5acfank3k2codj2srj4cnns3naalfttpmqjwk24digsi6qq(oke-cqqhk6ivu2q-nvp2thc5biq-svjai5qusbq-2)

--> Sync with Oracle Cloud successful.

 

You can configure this sync to run at regular intervals so Banyan always has the latest snapshot of your OCI resources. In the Banyan Cloud Command Center console, you will see all your discovered OCI resources. You can now publish the individual resources your users need to access.

 

 

Publish a Service Catalog for your users

To publish an OCI resource as a Banyan service for your end users, simply select the resource, click Publish and follow the steps in the wizard.

Banyan provides native support for all the common services and protocols you can deploy in OCI:

  • Web Applications (HTTPS)
  • Linux Servers (SSH)
  • Windows Servers (RDP)
  • Kubernetes Clusters (K8s API)
  • Databases (TCP)

 

 

Banyan also provides a WireGuard-powered Service Tunnel for use cases and protocols that cannot be handled by an identity-aware proxy.

Authenticated end users can now access these published services via the Banyan app – a cross-platform endpoint client that runs on Windows, macOS, Linux, iOS, and Android devices. The Banyan app also establishes the device identity and device posture checks needed for zero trust security.

Want to learn more?

Combining Oracle Cloud Infrastructure, OKE, and Banyan Security you can further organize your published Banyan services into bundles, create security policies to allow only specific sets of users to access certain applications, and more. Best of all, you can use Banyan Zero Trust access on OCI today! Sign up for the free Banyan Team Edition or request an Enterprise Edition trial account.

 

To learn more, see the following resources:

 

 

Robert Ronan

Principal Product Manager


Previous Post

GitOps with Verrazzano and Rancher Fleet

Bryan Tidd | 4 min read

Next Post

Easy Oracle Database Migration with SQLcl

Guest Author | 14 min read
Resources for
Why Oracle
Learn
What's New
Contact Us