High-Performance Connectivity, Reduced Network Complexity


Simplify your networks – less reliance on network segmentation, IP whitelisting, perimeter firewalls, DNS changes, client-based legacy VPNs, etc.

Simplifying your network means not having to rely on various network devices to act as Policy Enforcement Points (PEPs).

Home page icon

Policy Enforcement is built into the Banyan components. This means that a flat network can be used with an Access Tier/Connector deployed. While the backend network is visible to Banyan, based on configured subnets, the backend resources are not visible or accessible to end users unless they are authenticated and authorized.

Home page icon

To further simplify the deployment for your IT team and end users, the same authentication and access methods are used independent of user location (remote or on-premises). This simplifies end user training, ensuring a consistent user experience regardless of location. This may also eliminate the need for an on-premises Network Access Control (NAC) solution.

Home page icon

Legacy VPN clients have limited functionality and require end users to make many decisions before becoming productive. With the Banyan app, not only are authentication and authorization simplified, but access is also made much easier as well.

Flexible edge architecture enables organizations to easily deploy on-premises and/or in the cloud in minutes, even in complex regulatory environments

Banyan’s Flexible Edge provides two deployment methods, the Global Edge and the Private Edge

The Private Edge uses Access Tiers to allow an organization to have complete control of end-to-end traffic by deploying the data plane in your own data center or CSP.


This method requires an external IP address, inbound ports to open, and DNS updates

The Global Edge uses cloud-based data planes deployed by Banyan and simply requires the deployment of a lightweight connector.


This method can be deployed in minutes as no changes to edge devices is needed


The connector can run on all flavors of Linux which means it can really run anywhere including all CSPs, hypervisors, Raspberry Pis, and Windows Subsystem for Linux (WSL)


Service tunnels use a modern, performant WireGuard foundation with Zero Trust enhancements

Service Tunnels are a good solution for thick, non-proxied apps and local drive-mapping needs. The Banyan app already has the necessary Service Tunnel client capabilities built in, and the WireGuard server functionality is woven into the Banyan Controller, Access Tier, and Connector. Nothing extra needs to be done for end user deployment.

Configuration is handled via Banyan’s Cloud Command Center, with Service Tunnels being authorized for specific users and groups. Authorization can also be based on device identity and trust levels.

Service Tunnel granularity is based on CIDRs (subnets) or specific IP address, protocols, and ports.

A single Service Tunnel can be used to connect to all backend resources of an organization when the backends do not have overlapping subnets. With overlapping subnets, different connections will be presented to the end user in the Banyan app and they will connect to the site which has the resource they require.

More Details on How to Configure and Troubleshoot ⇢