You may have noticed that here at NetFoundry, we talk a lot about AppNets(TM). Thanks to the miracle of overlay networking, just about every time you see our name, we tell you how you can use our orchestration tools to spin up AppNets in minutes. So what exactly are AppNets?
They’re software-defined encrypted overlays created using our console, command-line interface, or APIs, that define how endpoints are permitted to access services (such as applications) across the Internet and/or existing private networks like MPLS.
Clear as mud, right? Let’s take a step back…
What is Overlay Networking?
Overlay networking is a method of using software to create layers of network abstraction that can be used to run multiple separate, discrete virtualized network layers on top of a physical network, providing new applications or security benefits. One major benefit of NetFoundry’s overlays (AppNets) are that since they’re abstracted above the infrastructure, they’re completely service-provider agnostic. Overlay networks also add layers of security and isolation when you’re working over the Internet, in public clouds, or in shared environments.
SDxCentral describes it best: One way to conceptualize an overlay is to think of it as endpoints designated by an identification tag or number, somewhat like the phone system. A device can be located simply by knowing its identification tag or number in the networking system. In a traditional physical network, such as the original phone system, the phone number was used to locate a specific physical device hard-wired on to a network. However, in the modern phone system, a phone number can become “virtualized” – that is, assigned to devices or software, or programmed to follow the user. This is a form of virtualization, or overlay.
AppNets and Microsegmentation
An AppNet is a software-defined segment of a Ziti overlay network dedicated to a specific application with access defined by a unique set of Identities, Services, and Policies. In the zero trust realm, this is called microsegmentation.
Everything NetFoundry does starts with zero trust, including applying the fundamentals of application microsegmentation.
Application-Centric Networking is a key concept of NetFoundry – each AppNet focuses on the connectivity needs of specific applications rather than the entire network infrastructure. This approach ensures that each application receives the network performance, security, and compliance it requires.
NetFoundry also ensures Isolation and Segmentation – each AppNet is isolated from other networks, providing an extra layer of security by segmenting networks on a per-application basis. This eliminates the lateral movement of potential security threats within networks.
Here are some key aspects of an AppNet:
- Virtualized Networking: The AppNet uses an overlay network to create virtual connections between devices or services, independent of the underlying physical network. This allows for a flexible, software-defined approach to networking.
- Application-Centric MicroSegmentation: The AppNet is designed with an application-centric approach, which means it focuses on establishing secure connections between specific applications or services, rather than relying on traditional network-based models.
- Zero Trust Security: An AppNet follows the zero trust security model, meaning that it authenticates and authorizes each connection based on identity, reducing the risk of unauthorized access.
- Overlay Networking: The AppNet forms an overlay network on top of existing network infrastructures. This allows it to manage connections and enforce security policies without requiring changes to the underlying physical networks.
- Dynamic & Programmable: An AppNet is dynamic and programmable, allowing organizations to create, manage, and modify network configurations and policies in real-time. This flexibility enables quick responses to changing business needs.
- Encrypted Communication: An AppNet ensures that all communications are encrypted end-to-end, providing robust security for data in transit.
- Endpoint Agnostic: An AppNet is created when an endpoint or group of endpoints (which can be any combination of servers, virtual gateways, virtual machines, IoT devices, smartphones, laptops, etc.) is assigned permission to access a set of services (applications).
In summary, NetFoundry’s AppNet is a secure, dynamic, and programmable networking solution designed to connect applications directly, improving security and operational flexibility. An AppNet is the fundamental building block for application-centric networking — using endpoint identities to define how endpoints are permitted to access services and applications.
How Do NetFoundry AppNets Work?
First, an administrator uses NetFoundry’s web-based orchestration console and/or APIs to design and instantly deploy cloud-native, application-specific networks (AppNets). An AppNet is created when an endpoint or group of endpoints (which can be any combination of virtual gateways, virtual machines, IoT devices, smartphones, laptops, etc.) is assigned permission to access a set of services (applications). The console and APIs enable the administrator to enforce their policies, without needing to manage the infrastructure itself.
Each AppNet is managed by a NetFoundry controller, enabling the administrator to benefit from NetFoundry’s network fabric without needing to manage the underlying network. Controllers interact with business and application systems such as IAM, IoT identity, and cloud policies to enable each AppNet to be programmatically controlled by the application contexts and needs.
NetFoundry’s global network fabric and endpoint software enable secure, reliable networking from anywhere to anywhere. The endpoint software connects to the fabric from any Internet connection, extending each AppNet to the application edge. The software routes each session to the NetFoundry network fabric, and adaptively manages Quality of Experience (QoE) during each session.
What Can I Do With AppNets?
The sky’s the limit. Since AppNet-based overlay networking is service-provider and infrastructure agnostic by design, there’s not much stopping you from connecting the things you need to connect to the applications they need to access. Plus, since administrators can “spin up” AppNets from the console in minutes, you can extend the agility you demand from your DevOps teams to your network, opening up a whole new world of possibilities.
One of the most interesting use cases for AppNets is multicloud connectivity. AppNetss designed for multicloud enable instant creation of cloud-to-cloud and cloud-to-edge private network fabrics over existing internet circuits.
The components within our orchestration console were designed to make building and augmenting AppNetss for multicloud situations easy and seamless. For example, our virtual gateways, which connect your AppNets to cloud instances, come pre-built to integrate quickly and seamlessly with popular providers such as AWS, Microsoft Azure, Google Cloud Platform, and IBM Bluemix. They are also available as VMIs for ESXi 5.0 or greater for more custom deployments.
As a result, AppNets designed for multicloud connectivity make stubborn, legacy applications cloud-portable with a layered security architecture that isolates and protects data flows through a data stream fragmentation (aggregation and disaggregation) and military-grade encryption. The result is a private, dark, zero-trust network.
AppNets (previously called AppWANs) allow you to connect endpoints to and across multiple cloud environments at application-level granularity, in as much time as it takes to spin up a virtual machine.
The best part is, you’re not stuck with just connecting clouds. AppNets are incredibly agile and elastic, so you can connect any combination of endpoints, whether employee laptops or IoT devices, in any combination that works best, at application-level granularity.
To learn how to get into our web-console and start spinning up AppNets for your business, click here to set up a free personalized demo or click here to start a 30-day free trial.
