Key Capabilities and Features of Banyan's Access Tier

  • Updated on Nov 09, 2022

This article describes features that are only available in the Banyan Business edition and Banyan Enterprise edition.

Banyan’s Access Tier is an identity-aware cloud-managed proxy written in Golang, and it runs on Linux servers. Access Tiers are deployed similarly to open-source proxies (such as Nginx) but have the advantage of being built with zero-trust security functionalities.

Access Tier Architecture

The internal modules that comprise Access Tiers are depicted in the diagram below:

Access Tiers function primarily as a reverse proxy, intercepting traffic on specified ports on a Linux server. By default, Access Tiers intercept traffic on the following ports:

  • 443/tcp - for web services, accessed via a browser
  • 8443/tcp - for infrastructure services, accessed via the Banyan app
  • 51820/udp - for Service Tunnels that enable network access

Access Tiers leverage various Linux kernel functionalities to manage and forward traffic, including the following:

  • iptables
  • conntrack
  • WireGuard

Note that Access Tiers are delivered as a Linux package (and NOT a Virtual Appliance) so can be used in a variety of cloud-native deployments.

Supported Operating Systems

Netagent is the core technical component of an Access Tier. The Netagent binary can be installed on virtual or physical 64-bit Linux servers.

Officially Supported: the following distros are supported, when run with an officially released kernel:

  • Amazon-Linux (2011.09-2018.03) and Amazon-Linux-2
  • CentOS 7.x and RHEL 7.x
  • Ubuntu 16.04+

Support Deprecated: the following Linux distros are no longer supported:

  • CentOS 6.x
  • Ubuntu 12.04, 14.04

If you’re running an unsupported distro or a custom kernel, contact us for tailored installation instructions.

Access Tier features

Health Check, logs, metrics

Operations teams can use Netagent’s built-in logs and metrics capabilities to set up high-availability configurations and detailed monitoring.

  • Health Check - When functioning correctly, Netagent listens on a TCP port (default: 9998). Monitoring tools can establish a connection to the health check port to confirm Netagent health.
  • Logs - Netagent saves logs to both console and file; you can manage the log level via the Netagent Configuration. To change the location (default: /var/log/banyan/netagent.log), set the environment variable LOGFILENAME. You can also similarly configure syslog daemon to gather Netagent logs.
  • Metrics - Netagent uses the statsd format to aggregate and summarize its metrics. Once you set the Netagent Configuration to emit to your statsd daemon, you can start collecting Netagent metrics including: tx/rx bytes, http response code, http response time, unauthorized attempts, error counts, etc. Metrics are emitted per service id.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.