To run this demo, you will need the following:
- Azure account with credentials
- An SSH key-pair for authentication into Linux VMs
- Terraform CLI 0.14.9+, configured for Azure provisioning
- Banyan account and admin API key, and a device with the Banyan Desktop App installed
For instructions on how to set these up, go to the Prerequisities Details section.
Clone this repo to your machine. Edit the locals.tf file with details from your environment.
locals {
name_prefix = "bnn-demo-azure"
region = "westus3"
ssh_key_path = "~/.ssh/id_rsa.pub"
banyan_host = "https://team.console.banyanops.com/"
banyan_api_key = "YOUR_BANYAN_API_KEY"
banyan_org = "YOUR_BANYAN_ORG"
}Then, provision all the resources:
terraform applyProvisioning is broken up into 6 steps; the code is written so you can run it step-by-step by specifying each step during the apply as: terraform apply -target=module.network
- Network - a new Resource Group with a virtual network and subnet
- Database - an Azure Database for MySQL instance
- Application - an VM instance that runs a demo website container
- Banyan Connector - deploy an VM instance with the
connectorto create an outbound connection to the Banyan Global Edge network, so you can manage access to your Azure environment - Banyan Policies - create a few roles and policies to establish which users and devices can access your Azure environment
- Banyan Services - publish the services that are deployed in your Azure environment for your end users
This first 3 steps get you a basic but representative Azure environment. The last 3 steps set up Banyan to provide secure remote access to this environment.
All your deployed Azure resources - VM and Database - are in a private subnet with private IPs. They cannot be directly reached from the public internet.
To access your Azure resources from your device, open the Banyan App and click on a given service to connect to it.
Clicking "Open" on your web application bnn-demo-azure-web will launch a new browser tab and take you the demo site after authentication.
To SSH into the Linux server, click "Connect" on the SSH service bnn-demo-azure-ssh. Then run the SSH command with your SSH key as the credential:
ssh -i PATH_TO_SSH_KEY adminuser@bnn-demo-azure-ssh
To access your Azure Database instance, click "Connect" on the DB service bnn-demo-azuredb. Then, fire up your favorite MySQL client and connect to your database at 127.0.0.1:8811, using the credentials (banyan@bnn-demo-azure-db, insecure123!@#) we configured via Terraform:
mysql --host=127.0.0.1 --port=8811 --user='banyan@bnn-demo-azure-db' --password='insecure123!@#'
Behind the scenes, Banyan uses short-lived cryptographic credentials to connect you to your AWS resources and a zero trust security model to enforce access control policies.
This demo requires an Azure account. If you don't already have an Azure account, you can create a free Azure account.
Then, install the Azure CLI and sign in to your Azure account.
This demo uses Terraform. Follow the getting started in Azure tutorial to install the Terraform CLI (v0.14.9+), learn the basics of Terraform and configure authentication for Azure.
This demo shows you to how to use Banyan Security Zero Trust Remote Access. If you don't have a Banyan account, sign up for a free Banyan account.
Take note of your Org name. Navigate to the API Keys section in the Banyan Command Center console and create an admin API key. Also, install the Banyan Desktop App on your device.