In this 5-minute video blog, Ashur Kanoon takes us through VPN as-a-service (VPNaaS); see how easy it is from configuration to deployment in our VPNaaS tunnel demo.

[transcript] Welcome to the Banyan Security VPNaaS demo. In this demo, you’ll see from deployment all the way to end user experience. So first, let’s talk about how you quickly deploy this after you get a domain. The next thing that needs to be done is to either deploy an access tier or a connector. And I’m going to show you how to deploy a connector in any network you want…and how quickly it is.

 

Creating a Connector

So I select Create a Connector. I’ll just call it AshMacC2, and I’ll leave everything else as default. Select Continue, and I’ll go ahead and use the Docker Container install (but there is a TarBall Installer option). There’s ways to install this in Windows Server, and there are ways to install this in different cloud service providers. So in this case, there are a couple of commands to copy. I’m going to copy the first set, hit Enter, copy the second set, hit Enter, put my password. And it’s pulled all of the connector software that it needs, and it’s configured it. So we’ll see it in a second.

All right, so now that it’s connected and reporting, I’m going to say it’s done. So now we have a connector. This is running on my Mac in Docker. Uh, you can actually see it here, AshMacC2. So now I can start configuring services to make everything on my home network accessible. But since we already have this all configured, we’re gonna go ahead and take a look at how it’s working and we’re using the access tiers. These can be configured anywhere. We have a couple that are in aws, some that are in Google Cloud. But let’s take a look at how the stuff gets configured.

 

Service Tunnel

So first we’re gonna go to Manage Services > Service Tunnel, and we’ll look at something that’s already configured and running. So the one I’m going to look at is Datacenter: so once you go to Manage Services > Service Tunnel, there’s a few things to point out. This is the Service Tunnel Name. This will be AutoRun once I log in. And then at the bottom, these are all the things that should be accessible. So there’s a couple internal subnets, there’s a few private IP addresses, there’s some public stuff. So if we want to route things like Salesforce you can have it where all of that domain traffic is going over the tunnel. You don’t have to worry about IP addresses and so on. In terms of access permissions, this will be tied to a policy and we’ll show that in a second. We do have the service tunnel configured. Now let’s go look at the policy. In this case, the Datacenter restricted policy is the one that we are looking at.

 

Roles

And here we can create multiple roles: these roles could be based on device and user trust levels. It can also be done on roles. We can configure the port, the protocol IP addresses, CIDR or subnets and FQDNS that this particular access group can access. So there will be multiple access groups that are allowed to use this tunnel and you can configure each one differently. So in this case, these are admins and users. So they get access to a lot more than, let’s say, your contractor. And this example contractor: we have TCP access for specific ports for specific internal devices. That’s it. So it’s really granular what type of tunnel you can do. We never back haul everything. The tunnel is not always on. It’s really only specifically used for what’s needed.

So now let’s take a quick look at the end user experience. So I have my client here. This is my organization. I go to log in. Again, I don’t have to decide what I’m connecting to. I click on log in, it’ll log me in, and now my data center tunnel, which was the tunnel that we looked at earlier. Right here, this is what we’re connecting to. So now as a user with a high trust level, I’ll be able to access all the things that is available to my specific User Group, Device Identity and Device Trust. And another cool thing: if we go to dashboards, you can quickly see who’s accessing what. So here’s the Datacenter Tunnel:  Most of our connections are coming from a high level of device trust, and most of them are coming from MacOS. And if I need to get more information, I can click through all this stuff.

Thanks for watching this demo. In Part 3, we’re going to take a look at how you go from a layer three tunnel to really granular access using device discovery. Part 1 is where we discussed VPNaaS with a general overview. Thank you.

Banyan Security is here to make configuring VPNaaS easy to deploy in your organization – attend our weekly live demo to ask all your questions and see how we can help.

author avatar
Ashur Kanoon