Global Edge Network Architecture

This article describes how Cloud Secure Edge hosts and manages Access Tiers for your organization in a global deployment model

  • Updated on May 21, 2024

Overview

The Global Edge Network contains Access Tiers hosted and managed by Cloud Secure Edge (CSE) for your organization. A high-level architecture diagram is shown below.

The diagram highlights the following concepts:

  1. Access Tiers are deployed at locations around the world at our edge infrastructure provider; the specific number of locations vary based on your organization’s deployment strategy and SLA.

  2. A Connector is deployed in the customer network, and dials out to establish a secure encrypted tunnel with one or more Access Tiers in the Global Edge Network.

  3. CSE allocates a unique Org Domain - of the form {orgname}.banyanops.com - for every organization that is provisioned in the Global Edge Network. The Org Domain resolves via Public DNS (which is configured using geo-proximity routing) to your organization’s Access Tiers managed in the Global Edge Network.

  4. Admins publish CSE services for their end users; service domain names will resolve to the network IP address of the nearest Banyan Access Tier.

  5. A user or program running on a device will make a request to a service by using its fully qualified domain name, e.g., wiki.exampleorg.banyanops.com.

  6. The Access Tiers in the Global Edge Network can address the upstream (aka backend) service instance by IP address or by name, via the encrypted tunnel that has been set up with the Connector.

  7. The Access Tiers in the Global Edge Network are connected to the Cloud Command Center to receive the security policy it needs to enforce and to report on access events.