Bayware securely interconnects application microservices with an infrastructure-as-code architecture that is entirely infrastructure agnostic. Jump to our Products page or our Documentation to learn more about how we do that.
Bayware seamlessly works across any cloud infrastructure - public or private. It works the same in every cloud. It works the same on VMs and Containers. And the policy model is a simple service graph of your application components.
This enable DevOps to break down monoliths into microservices and very simply create a portable communication policy between those microservices.
It enables DevOps to move application microservices without having to change the application code, without having to change the underlying network, and without having to configure networks and security elements in and between each cloud.
Cloud migration includes breaking your existing applications into microservices, and then migrating a subset of those microservices into a cloud. Also, you add new microservices in the cloud for UI or AI and connect them to your existing applications.
Those are the right moves. But they also mean that DevOps has to specify networking and security policies for every microservice and provision every instance as you scale out. Policies need to be robust since you're crossing company and other trust boundaries.
This cloud migration process is ongoing and iterative. But the legacy methods of configuring multiple identify, security, routing, and telemetry systems in the public and private cloud are not very agile. At best, since no two clouds implement their infrastructure in the same way, your teams have a fleet of scripts that need constant updating.
Bayware securely and automatically interconnects application microservices no matter how widely deployed they need to be to serve your users. It works seamlessly across any Linux infrastructure - that is any combination of public and private clouds, and however far you are in implementing microservices. It works the equally well with any mix of virtual machine or container packaging.
Bayware is simpler because we have eliminated virtually all configuration and yet automatically provide powerful identity, security, routing, and telemetry services automatically. This is based entirely on the application topology, which we capture in a few minutes in the form of a cloud agnostic service graph - as code. From there, its all code that you deploy anywhere along with your application workloads. Bayware automatically, securely, and observably interconnects your workloads.
Check out our read-the-docs Product Documentation to learn exactly how you use it.
Legacy networking and security have evolved to service widely distributed communications. They're just not designed to be Agile. Many modern solutions, such as a standard service mesh, presume that microservices are in the same trust domain - the same cluster or VPC.
But most enterprises have geographically distributed operations and customers - and so their applications are deployed and scaled across different geographies in different formations.
So even with a modern service mesh with a modern container-to-network interface (CNI), to make it work outside of a single VPC or date center, you end up needing to add in legacy networking approaches. Without agility, cloud migration turns into a long, fragile, frustrating project.
Who, really, is facing this kind of complexity?
Every Enterprise that has a highly distributed application, that is a widely distributed customer base and operational footprint.
Today, cloud vendors suggest that as you go to microservices, you consider one VPC for every microservice. The same has happened with Kubernetes clusters; for fault tolerance and to serve edge computing cases, many applications consist of multiple clusters with potentially different access rules for the same application.
These clusters will surely also be in different VPCs, so now the problem starts to get a little hairy.
If you extend the application from a private cloud, or into a second cloud vendor, you have to start crossing wide-area networks and into separate accounts, so you have to enable different types of broadcast and routing as well as syndicate authentication and authorization on top of coordinating the IP address-to service-name mapping and access rules.
Many enterprises postpone migration to from private to hybrid cloud because of the complexity of creating a secure network that is as agile as the business requires. Most companies who go to the cloud stick with one cloud company because the learning curve is so steep on their networking and security frameworks. Cloud migration is too complex, by design, to be a practical option.
Bayware is based entirely on service names and service affinity rather than IP addresses which gives it some powerfully positive attributes that you associate with Layer 4-7 application mesh but applied to the Layer 3 secure interconnection domain:
We call this a Multicloud Service Mesh. Working with any client-side load balancer, Bayware perfectly complements an application mesh and turns it into a cloud agnostic service mesh that you can use across AWS, Azure, Google, and any other Linux cloud or data center.
An application deployed on Bayware is cloud portable. DevOps can copy-and-paste the deployment as code from any cloud to any other cloud in minutes. And failover between clouds can be automatic, and nearly instantaneous.
Bayware’s solution is to extend all the benefits of an application service mesh into the networking and security domain. That is we use name space combined with very clever engineering to keep our software out of the data path and create all interconnection services entirely from the application topology. DevOps is self service from day one, even in a highly distributed application.
Bayware is ideal for cloud migration because it:
For VM and container-based applications, Bayware brings cloud-agnostic (i.e. hybrid and multi-cloud), no-config (i.e. automatic and derived directly from application orchestration), zero-trust (i.e. all flows are authenticated, authorized and encrypted), Layer 3 networking as code into the control of DevOps so that networking deploys at DevOps CI/CD speed.
Get to the technical details in our on-line documentation.
And try it with your application at the Azure Marketplace.
Bayware enables DevOps to be self-sufficient in the cloud migration. Because Bayware creates the complete set of services end to end, DevOps does not have to architect and master the complex implementation of a secure cross-cloud fabric for their application.
And because it is all in code, DevOps can demonstrate to Security and Networking peers exactly what the fabric consists of and make any requested changes directly to the code. This is agile. This enables DevOps teams to achieve compliance faster and to get into production sooner.
Bayware provides one multi-cloud platform. See the four components that make Bayware work in our documentation.
Hybrid cloud environments demand applications be deployable anywhere. With Bayware, applications become portable because the network implementation belongs to the application. This means a single network implementation works for every public and private cloud in use, so you take advantage of the scaling, resiliency, and efficiency of multiple public and private cloud-based infrastructure.
You can now migrate your application to a new cloud provider or split it among several for geo-redundancy and failover without any change to the underlying network - and more importantly - without any change to the application code. Watch us do this in minutes in this video.
You can use Bayware to make migration from private data centers to the cloud much easier.
With Bayware, DevOps makes a simple declaration of application intent that is based on the application topology. This is not based on the infrastructure where the application will reside, but on the logical relationships of the application services.
Bayware creates portable network policy as Network Microservices that require only Linux to execute and will govern the flows between your application microservices. These network microservices include identify, security, routing and telemetry. Bayware creates all those service automatically from this declaration.
You create this service graph for your application in minutes. Below is an example that you can see in our Product Demo Video for the Getaway Application.
Starting with a standard UML diagram of the application components that is familiar to them, DevOps can use our UI or YAML code to create a series of Network Microservices that we call Contracts based on Bayware templates for each flow. Together these contracts form the service graph.
Now all you have to do is deploy Bayware software into the target environments where you want to deploy your applications. You don't have to configure any of the Bayware software, it will implement your intent based on the service graph. Looking at an IOT example below, you can start by implementing Bayware in your private cloud. Now it has it's own, zero-trust, portable network.
Then, you simply copy and paste your application workloads along with the Bayware software from the your private cloud or data center into the target edge data centers and cloud VPCs. Bayware will automatically recreate the same, highly secure connections you had in your private cloud across these additional clouds.
In this IOT example, your data sets remain in your private cloud so you have migrated to hybrid cloud without having to migrate or replicate you databases. If you wanted to replicate them, you can create a Bayware contract between replicas that, based on a heartbeat, will automatically and securely connect them across clouds so they can sync.
You may have noticed in the example, that since Bayware is Linux based, it is also agnostic to your packaging. You can use any hypervisor for your VMs, and you can mix containers into your application microservices. It will all work exactly the same way.
This means you can also use Bayware to enable your migration to microservices. Each time you break a service off of your monolith, you simple add the new service to your service graph. Bayware takes care of all the rest - identity, security end to end, routing, and all the visibility into telemetry and events you need.
This same approach works in case you want to start using multiple clouds based on customer preferences or pricing differences, which is increasingly common for larger enterprise customers. You can use Bayware to create automatic or on-demand failover from one cloud to another.
In this 3-tier application example, once you have given this application it's own secure, portable Bayware network, you can move and replicate your application microservices to any cloud. They all will connect in exactly the same was as they did in your private cloud and as they would if you were on one cloud.
This seems almost too good to be true. This level of power and simplicity comes from very sophisticated underlying technology. Bayware's advanced architecture ensures pervasive application security from the Linux interface across the network. And it is all code to enable agile collaboration with security and networking teams for compliance, and agile, continuous code upgradability.
To get into the real details, you are welcome to read our product documentation.
Or try it today with no Bayware license charges at the Azure Marketplace.
Bayware provides secure hyper-segmentation by default. Your microsgementation and isolation policies are portable, they move with your microservices as you migrate.
Micro-segmentation subdivides business application data into secured flows between workloads. By providing flow-level policy and link encryption, Bayware naturally supports hyper segmentation and a zero-trust, role-based network. Bayware automatically establishes flow-level micro-segmentation, encrypted private-to-public cloud VPN, and encrypted multi-cloud peering.
Security at this level of granularity ensures that the application transmits and receives data only as allowed by the enterprise security policy. You can define additional segments that prevent, for example, internal-facing microservices from communicating with external-facing microservices without needing to ask developers to change the application.
Bayware is all code.
There is no complex stack. Bayware is a simple overlay deployed as code. You don't have to change your underlying network.
Bayware is control plane only. No Bayware software is in the path of your communication between your application microservices. You don't have to change your application code.
Networking functionality and management systems that define and enforce identity, security, routing and telemetry all exist as software – as code – that can be deployed anywhere just like application microservices. This means you get the same development and deployment agility and the same cloud-scaling benefits for your networking functions as you get for your cloud-native applications. You interconnection policies automatically migrate and scale with your application.
Bayware programmability accelerates migration project velocity. That means accelerating compliance approval, application deployment, security enhancements and business improvement in a hybrid, multi-VPC or even multcloud deployment.
You declare your microservice communication intent in Bayware by choosing from a simple set of templates representing common patterns the one that delivers the application intent. They become Network Microservices in an overall service graph that represents your application end to end. Then, authorized DevNetSecOps professionals can choose to enhance those - program them - to achieve company goals for security, resource isolation, efficient resource uses, and more without altering the application code or intent.
Moments after a microservice has been improved and deployed, it takes effect wherever those contracts are in use by an application microservice. Network microservices are embedded in an application’s own data stream headers and tell software-based network nodes how to deliver a service — as fast as the data flows.
This stateless and distributed execution is highly robust and adaptable to events and changing conditions, such as automatically failing over from one cloud to another.
Bayware eliminates the need to run and update complex routing protocols everywhere across multiple public and private networks. You don’t need to install specialized middleboxes, nor to reconfigure your underlying network devices every time your applications evolves or security policies change.
Bayware accelerates continuous deployment of dynamic applications by eliminating current network constraints imposed by managing network configurations, and securely serves each application’s data communications needs as they change and move across any cloud.