Skip to content

Hive Connect

A new type of SD-WAN

Most SD-WAN technologies simply focus on connecting or extending networks. At Cachengo, we needed to do much more than that. We needed to provide a way to connect to potentially millions of Symbiotes, which are almost exclusively deployed behind secure firewalls and can be configured as object storage devices (OSDs), or even as application servers.

We wanted to handle all of our communications without a dependency upon Secure Shell (SSH). It is with this idea in mind that we created Hive. Hive is a messenger and a protocol at the same time, making it a unique product that allows us to seamlessly connect to our devices, no matter where they sit.

We can use Hive Connect in combination with Hive Portal to quickly deploy applications. Anything we can do via SSH can be done via Hive, but in a fully-trackable, secure, and auditable fashion.

The shortest distance between two points is still a straight line

The worst thing you can do for your edge computing latency is to connect everything up to a proxy. We efficiently and securely connect all of our managed devices, regardless of whether they sit behind different firewalls. Proxies are inherently bad for scaling for numerous reasons— the biggest is that they ultimately create bottlenecks.

Imagine wanting to go from point A to point B, but having to go through point Z to do so, only to find that there is major construction going on at point Z. Why go through this experience if you don’t have to?

Connecting devices up via VPN tunnels is equivalent to throwing a proxy in the middle of all of your traffic. You can do it, but you don’t have to.

In addition to the bottleneck potential, proxies are inherently bad because they also provide a risk for man in the middle attacks.

Figure: Example of a proxy server MITM exploit

With a man in the middle attack on a proxy, any vulnerability can be exploited to create an opportunity for data to be hijacked, manipulated, or otherwise compromised. Furthermore, any connected devices or services can also be attacked through these types of exploits.

Besides the proxy concerns, there is also a concern for exposing endpoints to the public. Ever hear of DoS or DDoS? DoS stands for denial of service. When you expose a service on the internet it becomes extremely vulnerable to attacks.

This is because the service must broadcast itself to whatever is trying to find it and utilize it. People with malicious intentions can discover these exposed endpoints and disrupt such services by overloading them with requests until the underlying resources crash.

With our Secure Routes we can connect many endpoints without the use of VPN tunnels and without exposing resource endpoints. Imagine being in a building with many offices. Now, remove all doors, windows, and even hallways, but you want to go from one office to another.

While such a scenario might wreak havoc to someone suffering from claustrophobia, it is actually ideal when it comes to network security. This is how we connect devices efficiently and securely. Of course, you are free to continue to utilize your VPNs if you like…but we wouldn’t recommend it.