You may have noticed that here at NetFoundry, we talk a lot about AppNets(TM). Thanks to the miracle of overlay networking, just about every time you see our name, we tell you how you can use our orchestration tools to spin up AppNets in minutes. So, what exactly are AppNets?
AppNets are software-defined encrypted overlays created using the NetFoundry Console, command-line interface, or APIs that define how endpoints are permitted to access services (such as applications) across the Internet and/or existing private networks like MPLS.
Clear as mud, right? Let’s take a step back…
What is Overlay Networking?
Overlay networking is a method of using software to create layers of network abstraction that can be used to run multiple separate, discrete virtualized network layers on top of a physical network, providing new applications or security benefits. One major benefit of NetFoundry’s overlays (AppNets) is that since they’re abstracted above the infrastructure, they’re completely service-provider agnostic. Overlay networks also add layers of security and isolation when you’re working over the Internet, in public clouds, or in shared environments.
SDxCentral describes it best: One way to conceptualize an overlay is to think of it as endpoints designated by an identification tag or number, somewhat like the phone system. A device can be located simply by knowing its identification tag or number in the networking system. In a traditional physical network, such as the original phone system, the phone number was used to locate a specific physical device hard-wired onto a network. However, in the modern phone system, a phone number can become “virtualized” – that is, assigned to devices or software, or programmed to follow the user. This is a form of virtualization or overlay.
AppNets and Zero Trust Microsegmentation
An AppNet is a software-defined segment of a Ziti overlay network dedicated to a specific application with access defined by a unique set of Identities, Services, and Policies. In the zero trust realm, this is called microsegmentation.
Everything NetFoundry does starts with zero trust, including applying the fundamentals of application microsegmentation.
Application-centric networking is a key concept of NetFoundry. Each AppNet focuses on the connectivity needs of specific applications rather than the entire network infrastructure. This approach ensures that each application receives the network performance, security, and compliance it requires.
NetFoundry also ensures Isolation and Segmentation. Each AppNet is isolated from other networks, providing an extra layer of security by segmenting networks on a per-application basis. This eliminates the lateral movement of potential security threats within networks.
Here are some key aspects of an AppNet:
- Virtualized Networking: The AppNet uses an overlay network to create virtual connections between devices or services, independent of the underlying physical network. This allows for a flexible, software-defined approach to networking.
- Application-Centric Zero Trust MicroSegmentation: The AppNet is designed with an application-centric approach, which means it focuses on establishing secure connections between specific applications or services rather than relying on traditional network-based models.
- Zero Trust Security: AppNet follows the zero trust security model, which means that it authenticates and authorizes each connection based on identity, reducing the risk of unauthorized access.
- Overlay Networking: The AppNet forms an overlay network on top of existing network infrastructures. This allows it to manage connections and enforce security policies without requiring changes to the underlying physical networks.
- Dynamic & Programmable: An AppNet is dynamic and programmable, allowing organizations to create, manage, and modify network configurations and policies in real time. This flexibility enables quick responses to changing business needs.
- Encrypted Communication: An AppNet ensures that all communications are encrypted end-to-end, providing robust security for data in transit.
- Endpoint Agnostic: An AppNet is created when an endpoint or group of endpoints (which can be any combination of servers, virtual gateways, virtual machines, IoT devices, smartphones, laptops, etc.) is assigned permission to access a set of services (applications).
As you can see, NetFoundry’s AppNet is a secure, dynamic, and programmable network designed to connect applications directly, improving security and operational flexibility. An AppNet is the fundamental NetFoundry building block for application-centric networking — using endpoint identities to define how endpoints are permitted to access services and applications.
How B2B and IIoT Product Providers Use AppNets
In today’s hyperconnected world, ensuring secure and efficient communication between devices and systems is paramount. This is particularly true for B2B and IIoT product providers who must navigate the complexities of secure networking in industrial environments. Here are some of the ways AppNet can be leveraged to embed secure connectivity in IIoT products.
- Enhancing Security in Industrial Environments – Security is a top priority for B2B and IIoT product providers. AppNets provides a robust solution by allowing these providers to create secure overlay networks tailored to their products’ specific needs. For instance, a product designer in an industrial equipment manufacturer can use an AppNet to securely connect its machinery across multiple factory floors, ensuring that data transmitted between machines is encrypted and protected from unauthorized access.
- Simplifying Network Management—Managing a complex network of connected devices can be challenging. AppNets simplifies this by abstracting the underlying network infrastructure, allowing product providers to manage their networks through a single, unified interface. This reduces the need for specialized network management skills and allows for quicker deployment and scaling of connected devices.
- Embedding Secure Connectivity in Products – By embedding AppNets directly into their products, IIoT leaders can ensure that their devices are inherently secure. This means that a device is part of a secure, managed network from the moment a device is deployed. For example, a manufacturer of smart sensors can embed AppNet connectivity into each sensor, ensuring that data collected is securely transmitted back to a central system without the need for additional security layers.
How Do NetFoundry AppNets Work?
First, an administrator uses NetFoundry’s web-based orchestration console and/or APIs to design and instantly deploy cloud-native, application-specific networks (AppNets). An AppNet is created when an endpoint or group of endpoints (which can be any combination of virtual gateways, virtual machines, IoT devices, smartphones, laptops, etc.) is assigned permission to access a set of services (applications). The console and APIs enable the administrator to enforce their policies, without needing to manage the infrastructure itself.
Each AppNet is managed by a NetFoundry controller, enabling the administrator to benefit from NetFoundry’s network fabric without needing to manage the underlying network. Controllers interact with business and application systems such as IAM, IoT identity, and cloud policies to enable each AppNet to be programmatically controlled by the application contexts and needs.
NetFoundry’s global network fabric and endpoint software enable secure, reliable networking from anywhere to anywhere. The endpoint software connects to the fabric from any Internet connection, extending each AppNet to the application edge. The software routes each session to the NetFoundry network fabric and adaptively manages the Quality of Experience (QoE) during each session.
What Else Can I Do With AppNets and Overlay Networking?
The sky’s the limit. Since AppNet-based overlay networking is service-provider and infrastructure agnostic by design, there’s not much stopping you from connecting the things you need to connect to the applications they need to access. Plus, since administrators can “spin up” AppNets from the console in minutes, you can extend the agility you demand from your DevOps teams to your network, opening up a whole new world of possibilities.
One of the most interesting use cases for AppNets is multi-cloud connectivity. AppNets designed for multi-cloud enable instant creation of cloud-to-cloud and cloud-to-edge private network fabrics over existing internet circuits.
The components within our orchestration console were designed to make building and augmenting AppNets for multi-cloud situations easy and seamless. For example, our virtual gateways, which connect your AppNets to cloud instances, come pre-built to integrate quickly and seamlessly with popular providers such as AWS, Microsoft Azure, Google Cloud Platform, and IBM Bluemix. They are also available as VMIs for ESXi 5.0 or greater for more custom deployments.
As a result, AppNets designed for multi-cloud connectivity make stubborn, legacy applications cloud-portable. They use a layered security architecture that isolates and protects data flows through data stream fragmentation (aggregation and disaggregation) and military-grade encryption. The result is a private, dark, zero-trust network.
The best part is that you’re not stuck connecting clouds. AppNets are incredibly agile and elastic, so you can connect any combination of endpoints, whether employee laptops or IoT devices, in any combination that works best, at application-level granularity.
To learn how to access our web console and start spinning up AppNets for your business, click here to set up a free personalized demo or start a 30-day free trial.