Agents

The NetFoundry Frontdoor Agent is the core component that enables secure connectivity between your local infrastructure and NetFoundry's global network. Acting as a lightweight, secure proxy, the Agent creates and manages Environments that serve as the foundation for exposing your backend services through Shares without requiring inbound firewall ports or complex network configuration.

What is an Agent?

A NetFoundry Frontdoor Agent is a software component that you install and run on your infrastructure to establish secure connectivity with NetFoundry's network. The Agent acts as the bridge between your local services and the global NetFoundry infrastructure, enabling you to share your applications and services with external users securely and efficiently.

The Agent is designed as a lightweight binary that runs seamlessly across various platforms and operating systems, requiring only outbound network connections without any inbound firewall ports. Upon successful bootstrapping, it automatically creates secure Environments and implements zero-trust security through cryptographic identity and secure tunneling protocols. The Agent operates in a self-managing capacity, handling connection maintenance, authentication, and resource management automatically while providing comprehensive cross-platform support for Windows, Linux, macOS, and containerized deployments.

Agent Bootstrap Process

The Agent bootstrap process establishes the initial secure connection to NetFoundry's network:

Enrollment Token Generation

Before installing an Agent, you must generate an enrollment token using the UI or Agent API. These enrollment tokens serve as unique, time-limited credentials that provide the initial authentication for the Agent bootstrapping process. For security purposes, each token includes both an expiration time and a maximum attempt limit, and can only be used once during the enrollment process.

Agent Enrollment

During enrollment, the Agent does the following:

Validates Token: Verifies the enrollment token is valid and not expired
Establishes Identity: Creates cryptographic identity for secure communication
Registers Environment: Automatically creates an Environment associated with your Frontdoor account
Configures Connectivity: Establishes ongoing secure connection to NetFoundry infrastructure

Post-Bootstrap Operation

After successfully bootstrapping, the Agent maintains persistent, encrypted connections to NetFoundry while the bootstrap tokens are consumed and cannot be reused. The Agent then operates independently without requiring further manual configuration, making Environments available for creating Shares.

Agent Management

Agent Lifecycle Management

Installation Begin by downloading and installing the appropriate Agent binary for your platform or using a docker image. Configure the system service or process management according to your infrastructure needs, choosing between running the Agent as a system service, daemon, or manual process management. Prepare the bootstrap token for initial enrollment before starting the Agent.

Operation The Agent runs continuously as a system service or daemon, maintaining secure connections automatically while handling share creation and traffic routing transparently without manual intervention.

Removal Agents can be deleted to completely remove access to NetFoundry infrastructure. This deletion process removes all associated Environments and Shares, ensuring clean removal with no orphaned resources remaining in the system.

Security and Best Practices

Agent Security

Cryptographic Identity Each Agent receives a unique, cryptographic identity that cannot be spoofed or replicated.

Outbound-Only Connectivity Agents only make outbound connections, eliminating the need for inbound firewall rules.

Secure Tunneling All traffic between Agents and NetFoundry infrastructure is encrypted end-to-end.

Token Security Bootstrap tokens are time-limited and attempt-limited to prevent unauthorized use.

Deployment Best Practices

Strategic Placement Install Agents close to your backend services to minimize latency while considering network topology and bandwidth constraints when planning deployment locations. Deploy multiple Agents across different locations to ensure high availability and effective load distribution.

Resource Planning Ensure adequate system resources are available for optimal Agent operation by monitoring performance and resource utilization continuously. Plan for scaling requirements based on expected traffic patterns and usage growth to maintain service quality.

Security Hardening Follow established system security best practices for Agent host systems, including regular software updates to the latest Agent versions. Monitor Agent logs consistently for security events and anomalies that may indicate potential threats or operational issues.

Bootstrap Token Management Generate bootstrap tokens immediately before Agent installation and use them promptly before expiration to maintain security. Distribute tokens securely only to authorized personnel and implement monitoring for token usage and expiration to prevent unauthorized access.

Integration with Other Components

Relationship with Environments

Agents serve as the foundation for Environments, with the installation and bootstrapping process automatically creating an Environment for each Agent. Each Agent maintains exactly one environment, which represents the secure runtime context that the Agent provides for service operations.

Connection to Shares

Agents enable Share functionality by routing traffic through secure tunnels to backend services while handling all the necessary secure tunneling operations. Share performance directly depends on Agent connectivity quality, and a single Agent can efficiently support multiple Shares operating simultaneously.

Frontend Integration

Agents work with Frontends through Shares to create a complete connectivity path from the public internet to private services. Frontends receive public traffic and route it to Shares, while Agents receive the Share traffic and deliver it securely to the designated backend services.

Common Use Cases

Deploy Agents on development systems to share development servers with team members while providing external access to staging environments. This enables remote debugging and testing capabilities while facilitating seamless collaboration without the complexity of traditional VPN setups.

Production Service Exposure

Use Agents in production environments to securely expose APIs and web applications while providing partner access to integration endpoints. This approach enables customer access to services without requiring DMZ deployment and supports the implementation of comprehensive zero-trust access patterns.

Hybrid Cloud Connectivity

Leverage Agents to connect on-premises services to cloud applications while enabling secure hybrid cloud architectures. This approach facilitates cloud migration strategies and provides consistent connectivity across diverse environments without compromising security or performance.

Troubleshooting

Common Agent Issues

Bootstrap Failures When experiencing bootstrap failures, verify that the enrollment token remains valid and has not expired while checking network connectivity to NetFoundry infrastructure. Ensure the system has adequate resources and permissions for Agent operation, and review Agent logs for specific error messages that can guide troubleshooting efforts.

Connection Problems Address connection problems by verifying outbound network connectivity on required ports and checking firewall and proxy configurations that might block communications. Validate system time synchronization and monitor Agent status, restarting the service if necessary to restore connectivity.

Performance Issues Monitor system resources including CPU, memory, and network utilization to identify potential bottlenecks while checking for bandwidth limitations or network congestion. Consider the Agent's placement relative to backend services, as proximity can significantly impact performance and response times.

Diagnostic Steps

Agent Status Verification Check Agent status through management APIs to verify connectivity and operation.

Network Connectivity Testing Validate outbound connectivity to NetFoundry infrastructure endpoints.

Log Analysis Review Agent logs for error messages, warnings, and diagnostic information.

Resource Monitoring Monitor system resources to ensure adequate capacity for Agent operation.

Next Steps

Learn how to create Environments using your Agents
Explore Share creation to expose your services
Review Frontend configuration for public access

What is an Agent?​

Agent Bootstrap Process​

Enrollment Token Generation​

Agent Enrollment​

Post-Bootstrap Operation​

Agent Management​

Agent Lifecycle Management​

Security and Best Practices​

Agent Security​

Deployment Best Practices​

Integration with Other Components​

Relationship with Environments​

Connection to Shares​

Frontend Integration​

Common Use Cases​

Development Environment Sharing​

Production Service Exposure​

Hybrid Cloud Connectivity​

Troubleshooting​

Common Agent Issues​

Diagnostic Steps​

Next Steps​