NetFoundry | Executives
NetFoundry Pricing

NetFoundry Pricing

Start Using the Leading Zero Trust Networking Platform Today.

Zero Trust Networking and Connectivity for Solution Providers

Connect anything to anything with multipoint, multi-tenant zero trust overlay networks rather than proliferating point-to-point VPNs.

Design and embed NetFoundry AppNets directly into your products to reinvent the product experience and eliminate IT and OT security sales friction.

Offer your customers on-premise deployment of your solutions that includes remote access without them opening inbound firewall ports.

Open Source
NetFoundry is the leading open-source development and integration platform for zero trust networking and connectivity. (OpenZiti.io)


Embed or Integrate Zero Trust
Solution providers embed connectivity and security into their products, as software.


OEM & White-label
Become a strategic partner to include NetFoundry in your secure-by-default enterprise-class solutions.

NetFoundry Platform Pricing

Get Started
Perfect for prototypes, POCs, and evaluating our zero trust platform and networking.
FREE for up to 30 days
  • NetFoundry provides both a Zero Trust platform and Network as a Service. Explore our Enterprise Edition at your pace with a private network, sandbox, admin console, and advanced security features to ensure your data is protected.
  • What's included:
  • Overlay network endpoints: Mobile, OT, IoT, laptop, desktop, server, DMZ, cloud. Zero trust: Identity, AuthN, AuthZ, posture, MFA, encryption, identity-based microsegmentation, and mTLS (mutual TLS).
  • Private overlay network fabric: Software-defined, programmable, high-performance, multi-point mesh network. Limited to one region.
  • Web console, Management, and Orchestration platform: Admin UI creates and manages networks, endpoints, services, and policies. Consultation: One-hour with a NetFoundry engineer.
  • Kick-off Meeting: Brief tour of our management console and creation of your private Internet overlay network. Up to 10 endpoints and up to 1TB of total data.
Popular

Enterprise

Tailored for service providers managing and delivering products with built-in zero trust networking.
Monthly Contact Sales
  • Enterprise-grade zero trust overlay networking as a service for any use case: mobile, APIs, OT, IIoT, remote management, B2B, Kubernetes, multi-cloud, 3rd party access, PAM, edge, and ingress with seamless integration across all platforms.
  • What's included:
  • Overlay network endpoints: mobile, OT, IoT, laptop, desktop, server, DMZ, cloud. Multi-tenant support enables you to support all your customers.
  • Zero trust: Identity, AuthN, AuthZ, posture, MFA, encryption, identity-based microsegmentation, and mTLS. Global private network overlay fabric: Software-defined, programmable, high-performance, multi-point mesh network. Managed globally by NetFoundry as NaaS across 100+ data centers.
  • Web console, Management, and Orchestration platform and APIs: Admin UI and APIs to create and manage networks, endpoints services, policies and posture checks.
  • Pre-built integrations: Includes IdPs, directories, SIEM, SOC, SOAR, etc. Technical Account Manager Customer Success oversight Compliance - SOC 2 type 2 certified, legal, SLAs 24 x 7 technical support.

Premium

Ideal for strategic partners to embed and OEM NetFoundry in applications, software, and products.
Custom Quote
  • Embed zero trust networking in software, services, or products. Our Premium Edition supports OEM and white-label arrangements with strategic partners, providing comprehensive support and flexibility for business needs.
  • What's included: Everything in Enterprise +
  • OEM & white label support: Embed zero trust networking directly into your applications, solutions, and services. Your network is private to you, and you can use it as a multi-tenant solution across all your customers. SDK-embed: We'll work with you to embed zero trust networking in your solutions via our SDKs. The result is agentless zero trust for your customers' data planes and your remote management.
  • Roadmap input: Collaborate with Netfoundry on features and product direction.
  • Customization: Collaborate with NetFoundry on advanced features. Dedicated Technical Account Manager Customer Success Quarterly Business Reviews.
  • Support for additional deployment models including 'private SaaS', 'air gapped'. Back-to-back SLAs for your company and your customers Sales and marketing support.

zrokNET Pricing

Make any web application, device, or service securely available on the internet in seconds.

Peer To Peer Sharing

zrokNET provides private or public, instant, secure application tunneling from anywhere secured effortlessly with a zero trust Internet-overlay network.

Reverse Proxy

zrokNET includes zrok frontdoor, a zero trust reverse proxy that allows a web application to be exposed securely without opening inbound ports.

Self-Hosted or Hosted by NetFoundry

Available as SaaS running on zrok.io, a NetFoundry zero trust Internet-overlay network. Or, run zrok on your server.

Share Apps, Files, Drives & Web Content

Allows sharing of many types of resources rather than just proxying http endpoints including files, drives and web content.

browZerNet BETA

Embed Zero Trust Security In Any Web Application

Automatically integrate zero trust networking into any Chromium-based solution without any changes to your web application granting access to only trusted identities.

Zero Trust Features

Zero Trust SDN

Software-defined overlay networks render assets invisible to the Internet by enabling you to close all inbound firewall ports without VPNs, permitted IPs, or bastions.

Authenticate & Authorize

Users and devices must prove their identity (authentication) and be granted specific access rights (authorization) before establishing a connection, including for third-party systems and API access.

Mutual TLS

Uses TLS (Transport Layer Security) as the client and server authentication security protocol. Secures APIs, RDP, SSH, server-initiated and bidirectional. Secondary authentication methods like MFA are available.

End-to-End Encryption

Ensures that all communications are securely encrypted from the source to the destination. All data is inaccessible to any intermediate hops.

Identity-Based Access Control

Access is granted based on the identity of users and devices, not merely IP addresses, allowing for more precise control.

Network Microsegmentation

Allows for the division of network resources into secure zones to minimize the attack surface and restrict lateral movement.

Application Segmentation

Ensures only authorized users can access specific applications, enhancing security at the application level.

Embeddable

Developers can leverage a software overlay network by embedding it directly inside all parts of their application as code using our SDKs.

Seamless Integration

Can be integrated with existing infrastructure and applications without significant modifications since the overlay is defined by software.

Open Source

The development is open to contributions from a community, offering transparency and collaborative improvements.

Multi-Platform Support

Supports a wide range of platforms, including Windows, Linux, macOS, and mobile OSes, ensuring broad applicability.

Continuous Authentication

Network constantly verifies the identity of a user or entity throughout their session or interaction with a system, rather than just at the initial login point.

Overlay Network Features

Mesh Architecture

Robust overlay programmable network with self-healing and dynamic routing.

Easy to Setup & Configure

Overlay routers are deployed in minutes in any cloud, accessible only by authorized OpenZiti endpoints, agents, and routers.

Decentralization

Eliminates a single point of failure by routing data across the shortest and fastest paths available.

Redundancy

Offers multiple pathways for data, enhancing robustness and resilience to failures.

Self-Healing

Automatically reconfigures when nodes are added or fail, maintaining network integrity.

Dynamic Routing

Utilizes advanced algorithms to determine optimal data paths, improving efficiency.

Scalability

Supports easy expansion with additional nodes to increase coverage and network strength.

Performance

Designed for unpredictable internet deployments, algorithms adjust to changing network conditions, minimizing latency and providing automated load balancing.

Isolated Networks

Your data planes are unique – not shared with other NetFoundry customers.

Any Endpoint

Automatically reconfigures when nodes are added or fail, maintaining network integrity.

Infrastructure Management Services

Infrastructure Provisioning

Quick provisioning and scaling of resources like VMs, storage, and networking using the leading Cloud Providers including AWS.

Software Management

Management of all underlying required software, tools, and databases handling installation, configuration, and maintenance.

Multi-tenant For Your Customers

Centrally manage multi-tenant, zero trust networks via the web console and APIs. Each of your customers is microsegmented with full zero trust, while you maintain central controls, visibility, provisioning, and telemetry.

Scalability and Elasticity

Automatic scaling based on demand with policies for resource adjustment, optimizing performance and costs.

High Availability

Built-in redundancy and mechanisms like load balancing and multi-region replication ensure application availability.

Security Services

A range of services including IAM, encryption, and DDoS protection to secure applications and data.

Infrastructure Monitoring

Tools to monitor application and infrastructure health, with analytics for insights.

Cost Management

Tools for tracking and optimizing cloud usage costs, including monitoring dashboards and budgeting tools.

Global Network

Data centers across multiple regions around the globe for low-latency access and edge computing for running workloads closer to users.

NetFoundry NaaS & on-prem zero trust platform

Zero Trust Native Network Overlays, Extended Anywhere

Each overlay is private and dedicated. Infrastructure is managed by NetFoundry as NaaS, or use NetFoundry’s zero trust platform to self-host your overlay, including at air-gapped sites. Extend overlays via:

+ NetFoundry zero trust endpoints for every major OS, as host-based agents, containers, VMs or gateways

+ NetFoundry zero trust SDKs to embed zero trust endpoints in software

+ Connectivity via NetFoundry’s distributed proxies, firewall connections, TLS or mTLS

All-batteries included solution – the network overlay is zero trust native to make deployments simple:

Built-in PKI, as a service

X.509 based PKI, including enrollment, revocation, renewal. Other CAs optional but supported (RFC 7030). X.509s are core identities (IdP integrations optional but supported).

IdP flexibility

Use NetFoundry’s built-in PKI with pre-integrated MFA and posture to identify and authenticate each session. Or, use any OAuth or OIDC complaint IdP.

Full mesh, HA, high performance NaaS

NetFoundry NaaS overlays dynamically optimize over 100 PoPs, with HA, load balancing & auto-scaling. You get end-to-end control and visibility, including geofencing.

On-prem, air-gapped & hybrid

Run your overlay locally, including air-gapped and sovereign sites, with NetFoundry’s On-premises Platform. Or, use a hybrid overlay with NetFoundry sites and other sites. 

End-to-end encryption (E2EE)

Encryption keys are specific to each session and sovereign to the endpoints, stored in HSMs on compatible devices. NetFoundry therefore doesn’t have access to your keys.

FIPS compliant encryption option

NetFoundry supports FIPS compliant encryption as a pluggable option and uses libsodium by default. Other cipers can be plugged-in. Gov Cloud, FedRamp and CIS support.

Network Access Control (NAC)

Next-gen NAC identifies, authenticates and authorizes every session before it is given overlay access. The NAC solution extends anywhere, including B2B, multinetwork and OT.

Identity-based visibility

Every session is identified by human, device or server identities (not IPs). Telemetry correlates identities, services, data. View in NetFoundry Console, SIEM or your UI via NetFoundry APIs.