Last time, we wrote about our experiences of using Replify Accelerator with Cloudflare Zero Trust. In this blog entry we’re going to talk about our experiences with Banyan Security’s Zero Trust solution
Some of us who are a certain age will remember Banyan Vines being a way of connecting to the Internet. Banyan Security may have the same name, but are a fairly new and well respected Californian company doing innovative things in the Zero Trust space.
As per the claims on their website we were able to get their solution up and running fairly quickly and acting as a replacement for our VPN. In particular, I liked the fact that their connector ran on a Docker container, so I didn’t need to install any new software on our data-center infrastructure, and I could easily uninstall or remove the connector if necessary.
The client was also straight-forward to deploy and within half an hour I had a secure VPN equivalent available that allowed me to access our data center without having to make any Firewall configuration changes.
However, there’s a Catch…
The latency between my laptop at home and my office internet increased from 11ms to 280ms! This meant that accessing resources in our data-center became much slower than before.
The reason for this appears to be that the traffic from my home in Northern Ireland to my data-centre in Northern Ireland was being routed via the US West Coast.
Banyan’s Global Edge network uses Google Cloud Platform (GCP), so I suspect a routing mis-configuration meant that I wasn’t using an access tier that was closer to our data center’s actual location. I would hope that their support team would be able to resolve this fairly quickly if necessary.
However, this does expose an intrinsic issue with ZTNA. That is, performance is very dependent on the location of the ZTNA provider’s infrastructure. Many of the providers have a fantastic global infrastructure and many users will be in metropolitan locations that can avail of this. However there will always be users who can’t. These may be employees who live in a remote location, who are working from a holiday home or just happen to be on a train that is travelling cross-country. These types of users may not always appreciate the extra security that ZTNA offers them, but they will notice that access to their corporate resources is slower than it used to be.
Banyan ZTNA + Replify Wan Optimization
As you might expect, the Replify Accelerator comes to the rescue. I was able to install the Accelerator Mobile Client on my laptop, a Virtual Accelerator appliance in our data centre, and I was able to download files from an internal webserver ten times faster than before. I was then able to get the benefits of the Zero Trust solution, but able to mitigate some of the performance impact by using WAN optimization.
As ZTNA adoption increases globally, the performance impact of these solutions will start to be noticed and will need to be dealt with.
WAN optimization will become an essential tool in the ZTNA toolkit, in the way it currently is with SD-WAN. With our well established Accelerator client, our proven history of integrating with technology partners and our flexible licensing model, we are in a great position to provide WAN optimization for those who need to adopt Zero Trust technologies, but can’t accept the reduction in performance that this will inevitably bring.
Update: Banyan Security contacted us to suggest an alternative configuration to reduce the latency in the scenario that we tested.