Key Capabilities and Features of Banyan's Access Tier
- Updated on Dec 15, 2022
Banyan’s Access Tier is an identity-aware cloud-managed proxy written in Golang, and it runs on Linux servers. Access Tiers are deployed similarly to open-source proxies (such as Nginx) but have the advantage of being built with zero-trust security functionalities.
Access Tier Architecture
The internal modules that comprise Access Tiers are depicted in the diagram below:

Access Tiers function primarily as a reverse proxy, intercepting traffic on specified ports on a Linux server. By default, Access Tiers intercept traffic on the following ports:
- 443/tcp - for web services, accessed via a browser
- 8443/tcp - for infrastructure services, accessed via the Banyan app
- 51820/udp - for Service Tunnels that enable network access
Access Tiers leverage various Linux kernel functionalities to manage and forward traffic, including the following:
- iptables
- conntrack
- WireGuard
Supported Operating Systems
Netagent is the core technical component of an Access Tier. The Netagent binary can be installed on virtual or physical 64-bit Linux servers.
Officially Supported: the following distros are supported, when run with an officially released kernel:
- Amazon-Linux (2011.09-2018.03) and Amazon-Linux-2
- CentOS 7.x and RHEL 7.x
- Ubuntu 16.04+
Support Deprecated: the following Linux distros are no longer supported:
- CentOS 6.x
- Ubuntu 12.04, 14.04
If you’re running an unsupported distro or a custom kernel, contact us for tailored installation instructions.
Access Tier features
Health Check, logs, metrics
Operations teams can use Netagent’s built-in logs and metrics capabilities to set up high-availability configurations and detailed monitoring.
- Health Check - When functioning correctly, Netagent listens on a TCP port (default:
9998
). Monitoring tools can establish a connection to the health check port to confirm Netagent health. - Logs - Netagent saves logs to both console and file; you can manage the log level via the Netagent Configuration. To change the location (default:
/var/log/banyan/netagent.log
), set the environment variableLOGFILENAME
. You can also similarly configuresyslog
daemon to gather Netagent logs. - Metrics - Netagent uses the statsd format to aggregate and summarize its metrics. Once you set the Netagent Configuration to emit to your
statsd
daemon, you can start collecting Netagent metrics including: tx/rx bytes, http response code, http response time, unauthorized attempts, error counts, etc. Metrics are emitted per service id.
Can’t find what you’re looking for?
We’re happy to help. Contact our team .