Zero Trust Inter-networking For Providers

Zero trust for solution providers

Connect anything to anything with multipoint, multi-tenant zero trust overlay networks, rather than point to point VPNs. Solution, product, software and service providers build NetFoundry into their services to enable their customers to have zero trust connections for data access and remote management, without their customers opening any inbound firewall ports.

Based on OpenZiti open source

NetFoundry open sourced OpenZiti, and is the leading maintainer. OpenZiti is now the leading open source platform for zero trust networking.

Solution embeddable

Solution providers and product manufacturers embed connectivity and security into their solutions, as software.

OEM & Whitelabel

Become a strategic partner to include NetFoundry in your secure-by-default enterprise-class solutions for use cases such as cybersecurity, industrial connectivity and B2B.

Get Started
Ideal for prototypes, POCs and evaluation of our basic zero trust networking.

FREE for up to 30 days

Sample our functionality at your own pace with your own private network and sandbox.  Note: inactive networks are spun down after 3 days.

  • Guided trial includes

    • Overlay network endpoints: Mobile, OT, IoT, laptop, desktop, server, DMZ, cloud.
    • Zero trust: Identity, AuthN, AuthZ, posture, MFA, encryption, identity based microsegmentation, mTLS (mutual TLS).
    • Private network overlay fabric in one region: Software-defined, programmable, high-performance, multi-point mesh network.  Limited to one region.
    • Web console: Admin UI to create and manage networks and users.
    • Consultation: One hour consultation with a NetFoundry engineer
    • Up to 10 endpoints and up to 1TB of total data
  • Service Availability: Not applicable
Start Now
Enterprise
Ideal for solution providers delivering and managing your solutions with zero trust networking built-in.

Starting at $5000/month

Enterprise-grade zero trust overlay networking as a service for any use case including mobile, APIs, OT, IIoT, remote management, B2B, Kubernetes, multi-cloud, 3rd party access, PAM, edge and ingress.

  • What’s included

    • Overlay network endpoints: Mobile, OT, IoT, laptop, desktop, server, DMZ, cloud.  Multi-tenant support to enable you to support all your customers.
    • Zero trust: Identity, AuthN, AuthZ, posture, MFA, encryption, identity based microsegmentation, mTLS (mutual TLS).
    • Global private network overlay fabric: Software-defined, programmable, high-performance, multi-point mesh network.  Managed globally by NetFoundry as NaaS across over 100 data centers.
    • Web console and APIs: Admin UI and APIs to manage networks, services, policies and posture checks
    • Pre-built integrations: Includes IdPs, directories, SIEM, SOC, SOAR, etc.
    • Technical Account Manager
    • Customer Success oversight
    • Compliance - SOC 2 type 2 certified, legal, SLAs
    • 24 x 7 technical support
  • Service Availability: 99.99%
Get a demo or briefing
Premium
Ideal for strategic partners embedding OpenZiti into their applications, software, services and physical products.

Custom quote

Embed zero trust networking in your software, service or product. Our Premium Edition supports OEM and whitelabel arrangements with our strategic partners.

  • What’s included

    Everything in Enterprise plus
    • OEM & white label support: Embed zero trust networking directly into your applications, solutions and services.  Your network is private to you, and  you can use it as a multi-tenant solution across all your customers.
    • SDK-embed: We'll work with you to embed zero trust networking in your solutions, via our SDKs.  The result is agentless zero trust, for both your customers' data planes, and your remote management.
    • Roadmap input: Collaborate with Netfoundry on features and product direction.
    • Customization: Collaborate with NetFoundry on advanced features.
    • Dedicated Technical Account Manager
    • Customer Success Quarterly Business Reviews
    • Support for additional deployment models including 'private SaaS', 'air gapped'.
    • Back-to-back SLAs
  • Service Availability: 99.99%
Talk with an expert

NetFoundry Platform

Core Zero Trust Features

Zero Trust SDN

Software defined overlay network renders assets invisible to the Internet by enabling you to close all inbound firewall ports, without VPNs, permitted IPs, or bastions.

Authenticate & Authorize

Users and devices must prove their identity (authentication) and be granted specific access rights (authorization) before establishing a connection, including for third-party systems and API access.

Mutual TLS

Uses TLS (Transport Layer Security) as the security protocol for both client and server authentication. Secures APIs, RDP, SSH, server-initiated and bidirectional. Secondary authentication methods like MFA available.

End-to-End Encryption

Ensures that all communications are securely encrypted from the source to the destination. All data is inaccessible to any intermediate hops.

Identity-Based Access Control

Access is granted based on the identity of users and devices, not merely IP addresses, allowing for more precise control.

Network Microsegmentation

Allows for the division of network resources into secure zones to minimize the attack surface and restrict lateral movement.

Application Segmentation

Ensures only authorized users can access specific applications, enhancing security at the application level.

Embeddable

Developers can leverage a software overlay network by embedded it directly inside all parts of their application as code using our SDKs.

Seamless Integration

Can be integrated with existing infrastructure and applications without significant modifications since the overlay is defined by software.

Open Source

The development is open to contributions from a community, offering transparency and collaborative improvements.

Multi-Platform Support

Supports a wide range of platforms, including Windows, Linux, macOS, and mobile OSes, ensuring broad applicability.

Continuous Authentication

Network constantly verifies the identity of a user or entity throughout their session or interaction with a system, rather than just at the initial login point.

NetFoundry Fabric

Global Overlay Mesh Network Features

Mesh Architecture

Robust overlay programmable network with self-healing and dynamic routing.

Easy To Setup & Configure

Overlay routers are deployed in minutes in any public or private cloud. Only authorized OpenZiti SDK endpoints, OpenZiti agents and OpenZiti routers can access the overlay.

Decentralization

Eliminates a single point of failure by routing data across the shortest and fastest paths available.

Redundancy

Offers multiple pathways for data, enhancing robustness and resilience to failures.

Self-Healing

Automatically reconfigures when nodes are added or fail, maintaining network integrity.

Dynamic Routing

Utilizes advanced algorithms to determine optimal data paths, improving efficiency.

Scalability

Supports easy expansion with additional nodes to increase coverage and network strength.

Performance

Designed to handle deployments on an unpredictable internet without compromising performance. Algorithms continually adjust as network conditions change, minimizing latency, and providing automated load balancing.

Isolated Networks

Your data planes are unique - not shared with other NetFoundry customers.

Any Endpoint

Agents and gateways for OT, IoT, mobile, desktop, edge, site and cloud. SDKs enable the agents to be integrated into your software, for agentless zero trust networking, which goes anywhere your software is installed.

NetFoundry NaaS

Network Management Services

PKI Enrollment & Management

NetFoundry manages PKI, handling X.509 digital certificates for secure authentication and data exchange, and supports integration with custom Certificate Authorities as per RFC 7030.

Private DNS Management

Management of the NetFoundry private Domain Name System that translates domain names to IP addresses in a controlled and secure manner, inaccessible to the public internet.

Zero Trust Network Endpoints

Management of endpoints within a network that operate on a zero trust principle, meaning they do not automatically trust any request or connection without verification, applicable for various devices and environments like IoT, mobile, and cloud.

Policy Engine & Management

Creation, management and enforcement of network policies, dictating how resources are accessed and used within a network.

Telemetry, Visibility & Monitoring

Management of telemetry data tracks network performance and usage, aiding in monitoring, troubleshooting, and optimization. Robust metrics available for visibility.

Posture Checks, MFA

Built-in dynamic posture checks and multi-factor authentication, including X.509 certificates for OT, APIs, and servers. Supports third-party TOTP, MFA, Yubikey, KeyCloak integrations, along with OICD, OAuth, and SPIFFE compatibility.

Identity, CA, and Directory Integrations

The integration of identity management systems, Certificate Authorities (CAs), and directory services (like LDAP or Active Directory) for streamlined user authentication and resource access control.

Network Access Control

Implementing Network Access Control (NAC) that is not dependent on the network infrastructure, for granular security.

Identities and Policies

Management of identities and security policies independently of the physical network, enabling consistent access rules across different network environments and platforms, facilitating secure application integration.

NetFoundry Cloud & Hosting

Infrastructure Management Services

Infrastructure Provisioning

Quick provisioning and scaling of resources like VMs, storage, and networking using the leading Cloud Providers including AWS.

Software Management

Management of all underlying required software, tools, and databases handling installation, configuration, and maintenance.

Multi-tenant For Your Customers

Centrally manage multi-tenant, zero trust networks via web console and APIs. Each of your customers is microsegmented with full zero trust, while you maintain central controls, visibility, provisioning and telemetry.

Scalability and Elasticity

Automatic scaling based on demand with policies for resource adjustment, optimizing performance and costs.

High Availability

Built-in redundancy and mechanisms like load balancing and multi-region replication ensure application availability.

Security Services

A range of services including IAM, encryption, and DDoS protection to secure applications and data.

Infrastructure Monitoring

Tools to monitor application and infrastructure health, with analytics for insights.

Cost Management

Tools for tracking and optimizing cloud usage costs, including monitoring dashboards and budgeting tools.

Global Network

Data centers across multiple regions around the globe for low-latency access and edge computing for running workloads closer to users.

NetFoundry Embeddable and Agentless SDKs

NetFoundry takes a comprehensive approach towards implementing Zero Trust security including Software Development Kits that enable developers to embed zero trust security and connectivity directly into applications using code.

C

Provides foundational support for integrating OpenZiti into C applications, and can serve as a base for other language bindings.

Go

Enables easy integration of OpenZiti into Go applications for secure networking.

.NET (C#)

Allows for the incorporation of OpenZiti into .NET framework applications, primarily targeting C# developers.

Java

Supports the integration of OpenZiti into Java applications, facilitating secure communication.

JavaScript/Node.js

Facilitates the inclusion of OpenZiti in web and server-side applications using JavaScript or Node.js.

Swift

Aimed at developers building applications within the Apple ecosystem, including iOS and macOS.

Python

Enables Python applications to leverage OpenZiti for secure networking and communication.