Easy, Secure Access for a Hybrid- and Multi-Cloud World
Simplify cloud access
Scale from 1 to 100s of VPCs – even across multiple providers
Banyan does not charge you to deploy the Flexible Edge, whether deployed at one site/VPC or at 100.
Deploy the Banyan Connector anywhere and manage them all from a single portal.
Connectors can be deployed to ESXi servers, Docker infrastructure, or Cloud Service Provider (CSP) environments and all will behave the same, ensuring consistency and easy policy management.
Legacy Network-Centric SSE
Full tunnel • Always-on packet inspection •
Poor performance & UX
Banyan Device-Centric SSE
Intelligent routing • Always on, not always inline •
Great performance & UX
Shrink your footprint and management overhead, consolidating all your bastions, VPNs, and proxies
With the Banyan solution, a simple on-premises (or cloud-based) Connector replaces all your bastions, VPNs, and proxies.
You can deploy several Connectors globally and manage them centrally from the Banyan Cloud Command Center, our SaaS-based admin portal. This helps ensure consistent policies, giving you a single pane of glass view of all users, devices, resources, and activities.
Banyan runs in parallel with your bastions, VPNs, and proxies to make migrations easy.
Apply policies based on user and device attributes
Create a single authentication and authorization policy regardless of user or resource location.
Apply additional authentication types and device posture assessment to SaaS applications that don’t natively support them.
More info on security and access policies ⇢
More info on securing SaaS applications ⇢
Service accounts for programmatic access
Each service account can be set up with different privilege levels from full Owner to ReadOnly. Also specify privileges for Admin, ServiceAuthor, PolicyAuthor, and EventWriter levels.
Easily revoke access by deleting or disabling a service account.
Automatically catalog your resources
Automatically discover resources running in infrastructure as a Service (IaaS) such as AWS and Azure, and securely publish them as Banyan Services
Moving from a Layer 3 tunnel to a resource/application-based policy can mean not knowing what is available for your end users. With Discover and Publish functionality, Banyan can automatically discover available resources.
Resources can be explicitly flagged to be discovered or ignored.
This functionality is available for both cloud and on-premises resources.
For more info on Discover and Publish ⇢
Inventory and organize resources via tags
With full visibility into your resources, make decisions that enable productivity and improve security.
For resources that shouldn’t be accessible, simply ignore and do not create an access policy. These resources will not be available through Banyan.
For resources that should be accessible to certain users on specific devices, right-click on the discovered resources and quickly go through the Publish workflow.
Publish a tailored Service Catalog to user groups
Users know what they have access to through their personalized Service Catalog.
Create end-user Service Bundles that display as groups of services belonging to the same project or category.
The Banyan app’s Service Catalog and Service Bundles show users a list of the resources they are authorized to use. They may also make them a favorite for even easier access.
More info on Service Bundles ⇢
Easily onboard and offboard users
Easily integrate Banyan with your Identity Provider (IdP) of choice. When users and groups are added/removed there, Banyan will automatically onboard/offboard the users.
Integrations can be done using SAML and OIDC.
More information on IdP integrations ⇢
With Team Edition, users and groups can be configured locally.
High-performance connectivity with dead-simple deployment
Cloud-native solution delivers IaaS auto-scaling
Deploy to your CSP and scale up or down automatically
Public cloud infrastructure-as-a-service (IaaS) providers, such as Amazon AWS, Microsoft Azure, Google GCP, and Oracle OCI are supported
Scale out to multiple regions or different CSPs
Scale out for high availability or for higher traffic environments
High-performance WireGuard foundation with zero trust protections
Service Tunnels are a good solution for non-proxied thick apps and local drive-mapping needs. The Banyan app already has the necessary Service Tunnel client capabilities built in, and the WireGuard server functionality is woven into the Banyan Controller, Access Tier, and Connector. Nothing extra needs to be done to deploy to your end users.
Configuration is handled via the Banyan Cloud Command Center, with Service Tunnels being authorized for specific users and groups. Authorization can also be based on device identity and Trust Levels.
Service Tunnel granularity is based on CIDRs (subnets) or specific IP address, protocols, and ports.
A single Service Tunnel can be used to connect to all backend resources of an organization when the backends do not have overlapping subnets. With overlapping subnets, different connections will be presented to the end user in the Banyan app, connecting them to the site which has the resource they require.
More details on how to configure and troubleshoot ⇢
Easy transition from legacy VPN to zero trust tunnel to zero trust proxy
Banyan is designed to run in parallel with your bastions, VPNs, and proxies to help with migrations.
Zero Trust security as code
Automate provisioning with Docker, CloudFormation, and Terraform module
Deploying the Flexible Edge can be done through many methods from Tarball installers to using Terraform.
More info on using automation to deploy ⇢
Step-by-step instructions are available for using AWS CloudFormation.
Terraform can be used for AWS and GCP automated deployments.
The Terraform module to install an Access Tier in AWS is available via the Terraform Registry.
If you need to review or customize the module, you can grab the source code for the module from our open-source installer git repository.
pyBanyan Python API client or Terraform provider automation for set up, tear down, and management of ephemeral infrastructure
Banyan APIs are accessible using a simple Python API client and command-line utility, available on GitHub.
More info on using pyBanyan and APIs ⇢
Workflows
Define zero trust policies in development and version control platforms and integrate into CI/CD workflows.
Self-service applications
Once a tenant is created, all aspects of the solution are available for your administrators.
The end-user client desktop app can be downloaded from getbanyan.app, and the mobile app is available from Google Play or the Apple App Store.
The Flexible Edge components can all be downloaded and installed easily.
More info on the Flexible Edge ⇢
pyBanyan, a simple Python API client and command-line utility, is available on GitHub.