Banyan Security Enables Zero Trust Developer Access on Oracle Cloud


Originally posted by Robert Ronan, Senior Oracle Product Manager.

What is zero trust access?

As more organizations migrate their infrastructure to the cloud and rethink software development and deployment, they are also modernizing their approach to security. One of these approaches is Zero Trust – instead of relying on traditional network perimeter-based security tools such as VPNs and strongholds that connect you directly to a network, access (authentication and authorization). ) is granted based on user and device attributes as well as the sensitivity of specific applications and services within that network.

Zero Trust Access is particularly well suited to infrastructure as a service (IaaS) environments such as Oracle Cloud, because traditional network security tools were not designed to handle the ephemeral, automation-driven nature of these environments.

FinConDX 2021
Zero trust access VPN and traditional strongholds
Connect the user to applications and services Connect the user to networks
Rules using cryptography related to user and device attributes Rules based on IP address
Automated issuance and rotation of identifiers Manual interaction

Install the access level

To get started with Banyan Zero Trust Access, create a Banyan account. You can use Banyan Team Edition for free.

On a Linux virtual machine in your Oracle Cloud Infrastructure (OCI) bucket with a public IP address, install the Banyan Access Tier component. This will act as a gateway to your OCI infrastructure.

# add the Banyan RPM repo
$> yum-config-manager --add-repo
$> rpm --import
# install it
$> yum install banyan-netagent

Other installation methods – Docker, DEB, Tarball, Terraform, etc. – are available in our documentation. Once installed and configured, you will see the access level reports in Banyan’s Cloud Command Center console.

Image of access level Banyan

(Note: If you are using Banyan Team Edition, you will install an outbound connector instead of the access tier; the fully managed access tier Banyan global edge network will act as a gateway to your OCI infrastructure.)

Automatic discovery of OCI resources

The next step is to sync your OCI resources in Banyan. You can use OCI tags to tell Banyan to only discover specific categories of resources in your environment.

$> banyan cloud-resource sync-oci all {oci-compartment} --tag_name banyan:discovery

--> Getting list of OCI VM resources:

type    name              public_dns_name    public_ip    private_dns_name    private_ip    ports    provider    region      tags
------  ----------------  -----------------  -----------  ------------------  ------------  -------  ----------  --------  ------
vm      oke-cqqhk6ivu2q-                                                []       oci         phx            2
vm      oke-cko3n7f326q-                                               []       oci         phx            2
vm      oke-cko3n7f326q-                                                []       oci         phx            2

--> Filtering for new OCI resources:

type    name              public_dns_name    public_ip    private_dns_name    private_ip    ports    provider    region      tags
------  ----------------  -----------------  -----------  ------------------  ------------  -------  ----------  --------  ------
vm      oke-cqqhk6ivu2q-                                                []       oci         phx            2

--> Syncing into Banyan Cloud Resource inventory:

--> Added OCIresource id(name): ocid1.instance.oc1.phx.anyhqljreqfgs5acfank3k2codj2srj4cnns3naalfttpmqjwk24digsi6qq(oke-cqqhk6ivu2q-nvp2thc5biq-

--> Sync with Oracle Cloud successful.

You can configure this sync to run at regular intervals so that Banyan always has the latest snapshot of your OCI resources. In the Banyan Cloud Command Center console, you will see all of your discovered OCI resources. You can now publish the individual resources that your users need to access.

Banyan inventory image

Publish a service catalog for your users

To publish an OCI resource as a Banyan service for your end users, just select the resource, click Publish, and follow the wizard steps.

Banyan Post image

Banyan provides native support for all common services and protocols that you can deploy in OCI:

  • Web Applications (HTTPS)
  • Linux servers (SSH)
  • Windows Servers (RDP)
  • Kubernetes clusters (K8s API)
  • Databases (TCP)

Banyan also provides a WireGuard powered service tunnel for use cases and protocols that cannot be handled by an identity sensitive proxy.

Authenticated end users can now access these published services through the Banyan app, a cross-platform endpoint client that runs on Windows, macOS, Linux, iOS, and Android devices. The Banyan app also establishes the device identity and posture checks necessary for zero-trust security.

Image Banyan Autorun

Try Banyan on OCI Today

You can further organize your published Banyan services into sets, create security policies to only allow specific sets of users to access certain apps, and more. Best of all, you can use Banyan Zero Trust remote access on OCI today! Sign up for the free Banyan Team Edition or request an Enterprise Edition trial account.

The Banyan Security Enables Zero Trust Developer Access post on Oracle Cloud first appeared on Banyan Security.

*** This is a syndicated Security Bloggers Network blog from Banyan Security, written by Tarun Desikan. Read the original post at: -zero-trust-developer-access-on-oracle-cloud


Comments are closed.