freedom

Hive Messenger– A different type of SD-WAN

Most SD-WAN technologies simply focus on connecting or extending networks, which is normally fine. At Cachengo, we needed to do more than that. We needed to provide a way to connect to potentially millions of Symbiotes, which are almost exclusively deployed behind secure firewalls and can be configured as object storage devices (OSDs) or even as application servers.And we wanted to handle all of our communications without a dependency upon secure shell (SSH). So, we created Hive. Hive is a messenger, a protocol, a bit hard to describe. It allows us to seemlessly connect to our devices, no matter where they sit. And we can use it, in combination with Collective, to quickly deploy applications. Anything we can do via SSH can be done via Hive, but in a fully trackable, secure, and auditable fashion.

The shortest distance between two points is still a straight line

The worst thing you can do for your Edge computing latency is to connect everything up to a proxy. We efficiently, and securely connect all of our managed devices, regardless of whether they sit behind different firewalls. Proxies are inherently bad for scaling for numerous reasons— the biggest is that they ultimately create bottlenecks. Imagine wanting to go from point A to point B, but having to go through point Z to do so, only to find that there is major construction going on at point Z. Why do it if you don't have to? Connecting devices up via VPN tunnels is equivalent to throwing a proxy in the middle of all of your traffic. You can do it, but you don't have to.

In addition to the bottleneck potential, proxies are inherently bad because they also provide a risk for man in the middle attacks.

Figure: Example of a proxy server MITM exploit

With a man in the middle attack on a proxy, any vulnerability can be exploited to create an opportunity for data to be hijacked, manipulated, or otherwise compromised. Furthermore, any connected devices or services can also be attacked through these types of exploits.

Besides the proxy concerns, there is also a concern for exposing endpoints to the public. Ever hear of DoS or DDoS? DoS stands for denial of service. When you expose a service on the internet, it becomes vulnerable to attacks. This is because the service must broadcast itself to whatever is trying find it and utilize it. People looking to be malicious can discover these exposed endpoints and disrupt such services by overloading them with requests, until the underlying resources crash. With our Secure Routes, we can connect up many endpoints without the use of VPN tunnels and without exposing resource endpoints. Imagine being in a building with many offices. Now, remove all doors, windows, and even hallways, but you want to go from one office to another. While such a scenario might wreak havoc to someone suffering from claustrophobia, it is actually ideal when it comes to network security. And this is how we connect devices efficiently and securely. Of course, you are free to continue to utilize your VPNs if you'd like.