FAQ

What is Bayware, Inc.?
Bayware is a San Francisco based company who provides subscription-based networking software for Enterprise DevOps teams who want to deploy applications to Hybrid or Multi Cloud. Bayware gives each application its own cloud-agnostic network all in software without any complex configurations. Bayware makes DevOps teams agile and self sufficient in networking - connectivity plus policy -  for their application.
What does Bayware software do?
Bayware securely interconnects widely distributed microservices that make up an application. It works seamlessly across public and private clouds and across virtual machines and containers, whether users have adopted Kubernetes or not. It is “over the top” of existing infrastructure. Bayware includes telemetry and command lines that are familiar to DevOps. Bayware is an all-in-one solution that does not require bolting on other virtual networking solutions. And Bayware’s native Linux networking requires no changes to the application -  the application does not “know” its using Bayware for its secure networking.
Who uses Bayware?
Bayware enables DevOps to achieve self-sufficiency and productivity in deploying secure networking for a new or existing application without having to master the networking frameworks for every cloud they deploy to. Devops deploy Baywares with the same deployment tools they already use for their application and then automatically get all the secure networking and observability to service that application.
How does Bayware eliminate complex configuration?
Bayware takes as input the application deployment design - such as a UML diagram - that DevOps already has to capture the communications intent of application microservices. We call this a service graph. Then, Bayware automatically creates and maintains all the secure networking - identity, security, routing, and telemetry -  end to end, to fulfill that intent. When application microservices replicate, move or fail, Bayware automatically adjusts the interconnections with full policy compliance.
What market category does Bayware compete in?
Bayware is a Multicloud Service Mesh. More generally, it is Infrastructure as Code. It is the first application centric platform for hybrid-cloud and multi-cloud networking.   This category - and Bayware’s product features replace the need for - several solutions that try to map applications to networking.
How is Bayware MultiCloud Service Mesh better than other Service Meshes?
Bayware eliminates all configuration with the intent model as a service graph.  Bayware is natively based on affinity (relationships) between application microservices.  Other service meshes work best if affinity is confined to proximity - ie a local network. As soon as microservices are widely distributed, other service meshes require additional, complex networking and security solutions - which undermines the value proposition for DevOps.  In addition, Bayware works equally well with VMs and Containers, whether a user is using Kubernetes or not. Bayware works across any Linux infrastructure, that is as many clouds, VPCs, data centers, clusters etc from whatever vendor the enterprise needs.
What products does Bayware replace?

For a given application - and without requiring changes to the solutions in place for any other applications, Bayware replaces the following by including the functionality:

  • Container-network interfaces (CNI) to Kubernetes
  • Linux kernel-based networking (eBPF)
  • Local DNS resolving
  • Application security: microsegmentation and application perimeter security
  • IP address management and translation
  • Virtual Network Firewalls 
  • VPN gateways
  • Cloud-routers and transit gateways
  • Programmable fabrics and modular network operating systems
  • Cloud-native network-flow telemetry and event management. 
Does Bayware replace application load balancers and service discovery?
No. Bayware is complementary to application load balancing and service discovery solutions that are higher in the stack. Bayware APIs can inform application-level load balancers about newly added or deleted instances of reachable application microserves, and then fulfill the interconnection. 
Does Bayware replace SDN systems?
Bayware removes SDNs from the consideration set of DevOps teams. Bayware removes the burden on SDN systems to try to accommodate the needs of multiple, ever changing applications.  Networking teams will still use SDNs to operate their shared infrastructure, that is to configure and manage underlying network . Bayware is complementary these SDN systems that are lower in the stack.
Is Bayware Zero-Trust?
Yes. The Bayware security architecture uses multiple Isolation levels and Security entities, working together to establish secure connections. In the absense of these, the forwarding state is empty, that is default deny.  Services cannot be discovered and traffic cannot pass outside of the relevant Isolation definitions. That is traffic can only flow to and from applications microservices that are members of the same contract in the same application domain deployed somewhere in the trusted fabric.  Also, traffic cannot pass unless the security entities - certificates, tokens, and signatures - are present and active, ie have not timed out.
Do I have move to latest Linux and containers to use Bayware?
No. Bayware works the same whether the application is VM-based, container-based or, as Bayware is, both.  Bayware operates at the level of the host Linux. That host is the choice of the deployment team, ie the DevOps team.  The application microservices themselves may be running on any vm hypervisor or container on any operating system. So long as the hypervisor or container pod system is running on modern versions of Linux, Bayware works.
Do I have to be using IPv6 networking to use Bayware?
No. Bayware uses IPv6 functionality including capabilities that enable your application to have overlapping and duplicate IP-addresses (so you don’t have to refactor the addresses in existing applications.) But Bayware automatically wraps IPv6 packets in IPv4 headers for delivery on any IP network.
What kind of company is Bayware for?
Bayware is for Enterprises large and small who have application teams migrating to clouds and containers.  This includes B2B enterprises - who operate distributed software applications for enterprise customers who demand and expect hybrid cloud offers and cloud choice.  This includes Software companies, Managed services companies, and all kinds of companies who offer digital products such as in Financial Services or Connected Wellness.  Bayware makes a small DevOps team highly productive.
What kind of application is Bayware best for?
Bayware is ideal for existing or new B2B Linux applications that have 5 to 25+ distinct microservices - that may scale out into many 100s to 1000s of instances -  that need to interconnect the same way with the same security policies in multiple VPCs or clusters in the same cloud, in different clouds for different customers, or across hybrid or multiple clouds. These applications can be VM-based, in the process of being containerized, or fully containerized and orchestrated with Kubernetes. These include enterprise business applications, commercial IOT applications, financial services applications, and media production applications.
What is Bayware’s primary benefit today?
For Enterprises deploying and operating applications, Bayware radically accelerates their release velocity while reducing the need to staff expensive legacy, SDN, and cloud networking specialists into DevOps teams. When DevOps can deploy networks as code self-sufficiently, they achieve the high productivity levels of the application world’s Agile and CI/CD models.  Bayware enables teams to deploy 6 times faster with ¼ the cost, achieve portability across cloud, get outstanding security automatically, and receive world class visibility of the overlay network supporting their applications.
How do I get started with Bayware?
Bayware is available in the public cloud marketplaces. You acquire them into your enterprise account. The first of four images that make up Bayware is Fabric Manager that automates the install of all the other components, across any clouds, not just the cloud where you acquire Fabric Manager.  Your next step is to use the Bayware GUI or modify a templated script to build the service graph for your application in minutes and issue tokens for each service. Then you deploy your application microservices - e.g. with Ansible - to your target hosts each with the appropriate Bayware tokens. And you have a working, secure multicloud service mesh. Simple. No configuration.
Does my application incur a performance penalty using Bayware?
No.  But your performance may improve.  Bayware is in the control plane only. Bayware configures the local Linux kernel as the network interface. Application packets never pass through Bayware locally, just through Linux..  Bayware also automatically configures an instance of Open Virtual Switch (OvS) as a gateway to each group of application workloads. Application packets only pass through OvS not any Bayware software in that gateway, as it might with other solutions. Hence the potential improvement with Bayware.
Why are you using OvS?
Bayware works with any standard Openflow switch. But OvS is all software and universally supported by the cloud community.  The OVS gateway for Bayware consolidates the actions of and replaces one or more alternative virtual firewalls, VPNs, Routers, and Ingress/Egress gateways that do more packet handling and therefore process packets slower than OvS.  OvS has been optimized and accelerated by the entire cloud community and each one operates at the equivalent of 10 to 25 Gbps. If a packet happens to be going from one microservice to another on the same host, the “extra” roundtrip to the OvS switch takes about 1 millesecond, which is essentially nothing.
Do I have to use Bayware Telemetry? Certificate authority?
No. Bayware uses all industry standard telemetry and event gathering. Bayware components can instead pass this data to your existing telemetry and events systems. And you can start with Bayware automatically providing this and then move at any time to integrate into your overall systems.  The same is true of our X.509 certificate handling.
What Cloud-native tools does Bayware make use of?

Bayware uses widely-adopted industry standards throughout the solution.  These include 

  • X.509 certificates,
  • UFW rules for existing firewalls
  • Strongswan for IPSec encryption
  • eBPF Linux programming
  • Calico or Celium CNI
  • Terraform and Ansible based playbooks
  • InfluxDB, Grafana, Telegraf, sFlow, and iperf and ping probes for telemetry
  • ELK and filebeat for event management.
What’s the business model?
Bayware is subscription software that users consume by the hour using cloud pricing models. Bayware does not charge any license fees until a customer is in enterprise production. It is very low cost during experimentation phases, and when users go into production, Bayware will cost between $2,000 up to $25,000 a month.  This cost is still ⅓ or less than they would spend on multiple cloud bases networking solutions for routers, firewalls, VPN gateways and more if Bayware’s all in one solution were not available.
How large is the market?
By 2023 the Enterprise Software networking market will be $12B.  Bayware’s target market is $4.5B based on 60,000 DevOps teams in digital enterprises, 75% of whom are moving to hybrid or multicloud, each with a capacity to spend at least $100,000 per year for cloud networking solutions.
What are the co-founders backgrounds?
Grigori Dzekon is a cybernetic engineer,  former CTO and CEO, as well as a successful entrepreneur. Grigori filed for and received a patent on the core technology that differentiates Bayware, granted in December 2015. Grigori has funded the company until now.  Igor Tarasenko is a networking engineer and former CTO and CIO. Igor has a patent pending for the Bayware system architecture, filed April 2017. Both Grigori and Igor are Ukrainian, and permanent US residents. Charles Stucki is a Harvard MBA,  former McKinsey Partner, and long-time Cisco VP/GM including for Telepresence, CloudDVR, and SDN-NFV.
Where did the co-founders meet?
Igor was the CTO for UkrTelecom when Grigori was CEO there. Charles met them through an angel investing networking in the fall of 2017.  Charles joined in March 2018 full tim
When did Bayware, Inc. form?
Bayware was incorporated as a Delaware corporation in April 2015.  The current system started development in September 2016. Version 1.0 of Bayware completed around June 1, 2019.
Where is the team located?
The team including engineering leadership are at the San Francisco headquarters. The agile engineering execution is in Ukraine using teams the founders have worked with for many years.