hybrid cloud networking netfoundry zero trust

NetFoundry for Hybrid Cloud

Connect the data center to any combination of public and private clouds with one ubiquitous, Zero Trust connectivity platform.

Unshackle the Network

Hybrid cloud, the mix of on premises infrastructure with assets across public and private cloud topologies, is powerful and gaining in popularity. But, managing the complexity of connecting on-premises assets and apps to multiple clouds is difficult, insecure, and expensive.

Current generation WAN connectivity options like MPLS, VPN tunnels, and remote user VPNs are not well suited for making these cloud connections. They tend to be rigid, complex, error prone, and costly to operate, thus negating many advantages of adopting cloud environments that are designed to be agile, automated, versionable, and cost effective. Connectivity solutions are lagging well behind the advances of the software-defined data center, and businesses need a better solution.

The Trouble With Traditional Networks

● Traditional VPN technology cannot support the agility required by cloud applications
Complex of management and connection of multi-cloud environments
Inflexible and limited MPLS and SD-WAN solutions
Lack of ubiquity between on premises infrastructure and the cloud
● Increased security risks associated with on-net trust and single-dimensional TLS encryption
● Constraints of being locked-into telcos and network providers
● Performance issues from "hair pinning" edge-to-cloud traffic through core network
● Lack of zero trust application segmentation capabilities

See The NetFoundry Solution

Transform Hybrid Cloud Connectivity

Safely Extend the Enterprise to the Cloud

Reduce exposure of new attack surfaces on the Internet: Bastion hosts, such as jump servers and VPN gateways, are vectors for attack on the Internet. NetFoundry's Zero Trust connectivity solution significantly reduces the attack surface on an enterprise network.

Access control management: With applications hosted in a mix of clouds and data centers, access control mechanisms need to work across the board. Using NetFoundry's unified, Zero Trust networking solution enables you to leverage existing investments in IAM systems like Active Directory to control access to applications inside the network, while also providing access control policies based on user location, time of day, device type, etc.

Meet unique connectivity requirements of enterprise campus, branch sites, and remote workers: Three different connectivity models traditionally mean three different connectivity solutions. NetFoundry offers a ubiquitous solution across all three..

Find Out How

Optimize Network Performance to Cloud-Based Apps

Traditional hub-and-spoke topologies are not ideal for cloud use. Branch and remote user traffic must transit the corporate network to reach the cloud. This affects the responsiveness of applications that are hosted in the cloud. NetFoundry offers a superior mesh approach.

When it comes to performance, remote user VPNs are at the mercy of the Internet. NetFoundry optimizes TCP performance across the Internet to increase throughput, while reducing the effects of congestion and long distance latency.

With the popularity of SaaS application offerings soaring, sending all user traffic across the corporate backbone and back out to the internet can be very costly. NetFoundry offers local intelligence to route traffic across the most optimal path.

Learn More

Reduce Time, Complexity, & Cost

MPLS is costly and slow to set up. High speed MPLS backbones do well to connect campus sites to one another, but they are not always the best choice to connect those same sites to the cloud. NetFoundry provides a virtual network topology that runs across any Internet connection from any location.

VPN tunnels do not scale. The delay caused by VPN connectivity back to the data center significantly increases the time it takes to deploy apps to the cloud, because requests must be made and change controls must be scheduled before any work can be done. Many companies deploy a “transit VPC” to eliminate individual connections back to the data center, degrading the quality of experience (QoE) for users. NetFoundry eliminates the delay of VPNs and elevates QOE.

Network change management processes can add significant time to new cloud deployments. Typical network changes take weeks to schedule and deploy. With cloud computing able to spin up in minutes, having to wait weeks to connect to it can severely penalize the agility cloud computing affords. NetFoundry enables you to spin up the network as quickly as the rest of the environment, maximizing cloud agility.

Learn More

Simplify Azure Stack Connectivity

Microsoft Azure Stack brings a ubiquitous Azure experience to private data centers, enabling seamless integration with resources across the Azure ecosystem, but traditional networks complicate connectivity. NetFoundry extends the power of software-only, instant-on connectivity to Azure Stack as an approved templated solution, enabling businesses to effectively manage workloads across the entire Azure ecosystem without bespoke connectivity solutions.

Find Out How

The NetFoundry Solution

NetFoundry extends the power of software-only, instant-on connectivity across data centers, public, and private clouds, enablingbusinesses to effectively manage workloads across their entire ecosystem without bespoke connectivity solutions.

The components within NetFoundry’s orchestration console were designed to make building and augmenting Zero Trust AppWANs to and across hybrid cloud environments easy and seamless through automation, integration, and abstraction. With NetFoundry, evolving from a capacity model to a consumption model is simple and straightforward, enabling you to seamlessly connect clouds and data centers instantaneously and at scale without hardware.



NetFoundry is unlike SD-WAN and MPLS, which provide limited site-to-site networking capability. We also replace point-to-point and remote access VPNs with a centralized, instantaneous, cloud-optimized solution, managed inside existing DevOps toolsets.

AppWANs are created and managed using secure, developer-friendly web-based orchestration tools and APIs tailored to fit within application development and operation life cycles.

Unlike VPNs, AppWANs are not constrained by limits on throughput and automatically adapt to network conditions and route traffic via the most optimal path over the Internet. Furthermore, NetFoundry is cloud-native, eliminating the need for hardware, or backhaul of VPN tunnels to a data center or concentrator. The application specificity of AppWANs make Zero Trust software defined perimeters simple, extending the security of the WAN to endpoints, regardless of location or connection type. Plus, AppWANs are inherently multipoint-to-multipoint, driven by application access,context, and identity, which makes managing AppWANs to and from clouds and the data center far simpler than managing traditional VPN connections.

AppWANs are created and managed using developer-friendly, web-based orchestration tools and APIs tailored to fit within application development and operation life cycles. Within AppWANs, endpoints route each session across the NetFoundry network fabric, a secure, global Internet overlay orchestrated by a cloud-native, instance-specific network controller which integrates with business and application systems such as IAM, IoT identity, and cloud policies, while securing traffic across multiple layers and adaptively optimizing performance and throughput.

With NetFoundry, there is no need for complex routing and configuration or hardware. NetFoundry’s platform brings flexibility and agility to networking, with the ability to make changes on-the-fly, establish policies driven by identity, context, and application need, as well as easily interconnect many virtual networks within the enterprise ecosystem and between cloud providers.


NetFoundry is "dark": NetFoundry's network overlay fabric provides access to private VPC resourceswithout exposing anything to the public Internet to be attacked or breached.

Authenticate Before Connect: NetFoundry's network overlay fabric authenticates all connection requests before the connection is permitted. Conversely, VPN, RDP, and SSH allow connections to be made before authentication, introducing vulnerability.

Least Privilege Access: NetFoundry's network overlay fabric enables developer access to be finely tuned to their exact access requirements by an administrator through application micro-segments called AppWANs.

Agility Through Automation

NetFoundry can be fully automated by APIs, and Infrastructure-As-Code tools, such as Terraform. As a result, secure application connections can be set up right along with the rest of the application stack by the DevOps team. Since the connections are expressed as "code", they can be placed in version control and repeatedly executed for consistent results that are insulated from manual error.

Powerful Network Abstraction Beyond the Data Center

NetFoundry delivers power and simplicity through network infrastructure abstraction, putting total control of connectivity in your hands. Rise above the infrastructure and elevate your network across the enterprise ecosystem, multiple cloud providers, Industrial Internet of Things (IIoT) deployments, and more, while simplifying and future-proofing your application development, security, & connectivity strategies.

Get Started

We're Transforming Connectivity

  • “We are committed to protecting our clients’ data. Partnering with NetFoundry isn’t just a way to accomplish this, but the best way.”
    Steve Lindsey
    CIO, Liveview Technologies (LVT)
  • “Businesses can use NetFoundry's Ziti platform to simplify network management, and enable zero trust networking for applications running at the edge on Azure public MEC and Azure regions.”
    Ross Ortega
    VP, Azure for Operators
  • “At the onset of Covid-19, our NetFoundry platform enables us to configure and activate our entire staff for remote access to various on premise local workstations & servers in under 2 hours with a range of permissions per users and/or group and no hardware deployment. In the last few days it has been a life saver.”
    Shawn Campion
    CEO, Integro Technologies
  • “We are seeing increased demand from our customers for greater security, control, & flexibility for their IoT private networks. Our partnership with NetFoundry allows us to embed zero trust networking to satisfy those requirements.”
    Bryan Lubel
    President, Integron
  • “Integrating our IoT solution with NetFoundry SDKs enables IoT networking without VPNs or proprietary hardware. We can jointly be deployed as software on any IoT device to provide customers with simple solutions.”
    Paul Edrich
    CTO, IMS Evolve
  • “By integrating NetFoundry’s zero trust platform into our IoT and Edge analytics solutions, TOOQ is transforming the retail industry.”
    Ronaldo Moura
  • “In the current pandemic, although our usage has multiplied at FWD Insurance, NetFoundry easily scaled to facilitate zero trust security for our new work from home workforce.”
    Shilpa Tumma
    Info Security Officer, FWD Insurance
  • klarrio logo
    “Zero trust and least privilege access in a world that is moving towards edge compute and dynamic containerized services is pivotal, which is yet again where NetFoundry scores with its capability to easily integrate ZTNA with automation frameworks via its APIs.”
    Martin Braem
    COO, Klarrio
  • PliantCloud Alliance Technology Group netfoundry appwan zero trust fintech
    NetFoundry extends the WAN all the way to the application endpoint without CPE, over the Internet. We integrated NetFoundry’s AppWANs into the networking solutions we sell to financial institutions to enable them to meet their strict regulatory and security requirements.
    Chris Williams
    VP at PliantCloud, Alliance Technology Group

Interested in seeing Netfoundry & Hybrid Cloud in Action?

schedule a live demo