As more organizations migrate infrastructure to the cloud and rethink software development and deployment, they are also modernizing their approach to security. One such approach is Zero Trust – instead of relying on traditional network perimeter-based security tools such as VPNs and bastions that connect you directly to a network, access (authentication as well as authorization) is granted based on user and device attributes as well as the sensitivity of specific applications and services within that network.
Zero trust access is particularly well suited to Infrastructure as a Service (IaaS) offerings such as Oracle Cloud because it is designed to securely connect users and workloads in automation-oriented ephemeral environments
Zero Trust Access | Traditional VPNs and Bastions |
Connect user to applications & services | Connect user to networks |
Rules using cryptography tied to user & device attributes | Rules based on IP address |
Automated credential issuance & rotation | Manual interaction |
To get started with Banyan Zero Trust Access, register for a Banyan account. You can use Banyan for free forever using the Banyan Team Edition.
On a Linux VM in your OCI compartment with a public IP address, install the Banyan Access Tier component. This will serve as the gateway to your OCI infrastructure.
# add the Banyan RPM repo |
Other install methods – Docker, DEB, Tarball, Terraform, etc. – are available in our documentation. Once installed and configured, you will see the Access Tier reporting in Banyan’s Cloud Command Center console.
(Note: If you’re using the Banyan Team Edition, you will install an outbound Connector instead of the Access Tier; the Banyan global edge network of managed Access Tiers will serve as the gateway into your OCI infrastructure.)
The next step is to synchronize your OCI resources into Banyan. You can use OCI tags to tell Banyan to discover only specific categories of resources in your environment.
$> banyan cloud-resource sync-oci all {oci-compartment} --tag_name banyan:discovery ------ ---------------- ----------------- ----------- ------------------ ------------ ------- ---------- -------- ------ --> Filtering for new OCI resources: type name public_dns_name public_ip private_dns_name private_ip ports provider region tags --> Syncing into Banyan Cloud Resource inventory: --> Added OCIresource id(name): ocid1.instance.oc1.phx.anyhqljreqfgs5acfank3k2codj2srj4cnns3naalfttpmqjwk24digsi6qq(oke-cqqhk6ivu2q-nvp2thc5biq-svjai5qusbq-2) --> Sync with Oracle Cloud successful. |
You can configure this sync to run at regular intervals so Banyan always has the latest snapshot of your OCI resources. In the Banyan Cloud Command Center console, you will see all your discovered OCI resources. You can now publish the individual resources your users need to access.
To publish an OCI resource as a Banyan service for your end users, simply select the resource, click Publish and follow the steps in the wizard.
Banyan provides native support for all the common services and protocols you can deploy in OCI:
Banyan also provides a WireGuard-powered Service Tunnel for use cases and protocols that cannot be handled by an identity-aware proxy.
Authenticated end users can now access these published services via the Banyan app – a cross-platform endpoint client that runs on Windows, macOS, Linux, iOS, and Android devices. The Banyan app also establishes the device identity and device posture checks needed for zero trust security.
Combining Oracle Cloud Infrastructure, OKE, and Banyan Security you can further organize your published Banyan services into bundles, create security policies to allow only specific sets of users to access certain applications, and more. Best of all, you can use Banyan Zero Trust access on OCI today! Sign up for the free Banyan Team Edition or request an Enterprise Edition trial account.
To learn more, see the following resources:
Get started with Oracle Cloud Infrastructure today with Oracle Cloud Free Tier.
If you want to experience OKE for yourself, sign up for an Oracle Cloud Infrastructure account and start testing today!