VPN Infrastructure Overhead
Traditional VPNs require complex network configuration, expose entire networks, and create maintenance burden.
Distributed Networking
Data Mesh Networking
Connect Harmony proxies into a secure, distributed network. Enable authenticated communication between teams, organisations, and environments without complex VPN setups.
Available in Harmony Proxy
The Challenge
Cross-organisation connectivity is complex
Weak Authentication
Point-to-point connections often lack proper mutual authentication and verified chain of custody.
Rigid Network Topologies
Connecting multiple sites, partners, and cloud services creates tangled network architectures that don't scale.
The Solution
Verified mesh connectivity
Data Mesh transforms individual Harmony proxies into nodes of a secure, distributed network. JWT-based mutual authentication creates a verified chain of custody, ensuring only trusted proxies communicate. Connect distributed systems as if they were local, abstracting away underlying network complexity.
Explicit Ingress/Egress
Define how data enters and leaves your mesh within pipeline configuration.
JWT Authentication
Mutual authentication using Shared Secrets (HS256), RSA Keys (RS256), or cloud-managed credentials.
Strict Access Control
Reject traffic without valid cryptographic signatures from known mesh peers.
Hot-Reloading
Update mesh definitions, rotate keys, or change routing rules with zero downtime.
HQ Gateway
Regional Office
Partner Org
Cloud Services
Remote Site
Edge Location
How it Works
Harmony sits between your systems as a secure gateway, handling ingestion, transformation, and routing of data across any protocol or network boundary, while Runbeam handles configuration and distributed access.
1
Deploy Behind Your Firewall
Install Harmony gateway nodes in your network. They stay completely behind your firewall—no direct external access required.
2
Manage from Cloud
Use the Runbeam control plane to centrally manage configuration, policies, and authentication across all your gateways.
3
Connect and Route Data
Configure data flows: ingest, transform, validate, and route across protocols and networks with full audit trails.
Core Features
Secure mesh capabilities
Unified Ingress/Egress Model
Explicitly define how data enters (Ingress) and leaves (Egress) your mesh within your pipeline configuration.
Local Mode Authentication
Self-managed security using Shared Secrets (HS256) or RSA Key Pairs (RS256) for complete control.
Cloud Mode Authentication
Managed authentication and automatic key rotation via Runbeam Cloud for simplified operations.
Cryptographic Access Control
Configure endpoints in mesh mode to reject any traffic without a valid signature from a known peer.
Flexible Topologies
Support for complex routing scenarios including cross-team API access and partner integrations.
Zero-Downtime Updates
Hot-reload mesh definitions, rotate cryptographic keys, or change ingress/egress rules without service interruption.
Benefits
Granular connectivity without broad network access
Traditional networking exposes entire networks or requires complex firewall rules. Data Mesh provides service-level, cryptographically verified connectivity between specific endpoints.
Secure by Design
Built-in authentication ensures only trusted proxies communicate, creating a verified chain of custody for your data.
Simplified Connectivity
Connect distributed systems (e.g., on-premise PACS to Cloud FHIR Store) as if they were local, abstracting network complexity.
Zero-Trust Readiness
Enforce strict identity verification at the edge of every service boundary without manual certificate management.
Scalable Collaboration
Safely expose specific pipelines to partners or other internal teams without exposing your entire infrastructure.
Authentication Modes
Local Mode
Self-managed security for complete control over cryptographic material:
- • HS256: Shared secret authentication
- • RS256: RSA key pair authentication
Cloud Mode
Managed authentication via Runbeam Cloud with automatic key rotation and simplified credential management.
Choose the mode that fits your security requirements and operational preferences. Switch between modes as your needs evolve.
Use Cases
Real-world mesh scenarios
AI & ML
Distributed AI/ML Training
Securely share training data across research institutions or hospital systems for collaborative model training. Build federated learning pipelines that respect data sovereignty and privacy requirements.
AI & ML
Federated Learning Support
Enable privacy-preserving machine learning across organizational boundaries. Share model updates without exposing raw training data, maintaining compliance with data protection regulations.
AI & ML
Multi-Site AI Inference
Route production data to AI services across different geographic regions for real-time inference. Maintain low-latency connections while ensuring secure model access.
Cross-Team API Access
Enable secure API connectivity between teams or departments without VPN complexity. Each team runs its own Harmony instance, connected via mesh authentication.
Partner Integrations
Expose specific data pipelines to external partners with cryptographically verified access. Control exactly which services partners can reach.
Multi-Site Connectivity
Connect headquarters, regional offices, and remote sites into a unified data fabric. Eliminate site-to-site VPN configuration overhead.
Healthcare Data Exchange
Connect on-premise PACS systems to cloud-based FHIR stores across organisational boundaries. Maintain audit trails and consent-aware routing.
Part of Harmony Proxy
Data Mesh networking is built into Harmony Proxy, enabling mesh capabilities in both standalone deployments and Runbeam-orchestrated environments.
Configure mesh settings via TOML configuration files. Define ingress and egress endpoints, specify authentication modes, and establish trusted peer relationships—all as code.
Learn about Harmony Proxy →Configuration
Mesh as configuration
Pipeline Configuration
Define mesh ingress and egress within your pipeline configuration. Specify which endpoints accept mesh traffic and which can route to other mesh nodes.
Authentication Setup
Configure JWT signing and verification using shared secrets, RSA key pairs, or Runbeam Cloud credentials. All authentication material stays in configuration.
Hot Reloading
Update mesh topology, rotate keys, or modify access control without restarting Harmony. Configuration changes take effect immediately.
Get Started
Build your secure data mesh
Enable authenticated cross-organisation connectivity without VPN complexity.