December 2023 NetFoundry Platform Update

December 2023 NetFoundry Platform Update

NetFoundry | December 2023 NetFoundry Product Updates

Overview

This bulletin covers announcements from NetFoundry, details on features released between September 2023 & December 2023 and information on latest blogs & articles. We are excited to share that controller high availability feature has moved to the alpha release. Highlights include the launch of “zrok frontdoor”, custom domain name support and improvements to the network upgrade process.

Product Update Highlights

  • Controller High Availability Feature
  • Launch of zrok Frontdoor
  • Custom Domain Name Support & Upgrade Improvements

Router link listener control:

When Public routers ( Including NetFoundry hosted public routers) are provisioned, the link listener can be turned off during the provisioning of the router and enabled at a later stage. This would help our customers and partners to make sure that the router’s domain name / IP are whitelisted on security gateway devices before the router starts receiving link requests from private customer edge routers or other public routers in the network. Once the router is provisioned and live, the IP and domain name of the router is available on console / console API which can be picked up for outbound policy whitelisting. Note that the router will still establish connection to the public networks in the network while the link listener is turned off.

NetFoundry | Router Link Listener Control

Custom domain name support for public routers:

Public routers now support the option of custom domain names. The public routers are assigned NetFoundry domain names by default. The option of adding custom domain names has been added. Hosting and managing the custom domain name is the responsibility of customers for the public routers to be reachable from private routers and endpoints on the network. This feature would help our customers to manage fewer domain names for outbound whitelisting with partners and end customers. The custom domain’s CNAME record should be pointed to the NetFoundry domain name by the customer.

NetFoundry | Custom Domain Name Support for Public Routers
NetFoundry | NetFoundry | Custom Domain Name Support for Public Routers (2)

Improvements to network upgrade process: 

We have made two key changes to the network upgrade process that would help the way we manage network upgrades for large networks. The upgrade process continues to be executed by the NetFoundry support team.

  • Router binary can now be upgraded prior to the controller upgrade. The pre-requisite is that the router is backward compatible to the controller version which would be confirmed by our support team in the planning stage of network upgrades. 
  • A collection of routers can be selectively upgraded. Prior to launch of this feature, all the routers in the network had to be upgraded in one go or had to be upgraded one by one. 

These features would help reduce the window for the network upgrade process and also plan the upgrade of specific edge routers ahead of the controller upgrade while not affecting the rest of the network. In a scenario of multi-tenant or B2B networks, customers and partners can now plan upgrade of the edge routers as per the business convenience.

Move to single port – 443 via Application layer protocol negotiation 

Last quarter, we added the ability to optionally shut port 6262 for salt communication and stick to ports 443 and 80. In the journey of simplifying port requirements to operate the NetFoundry Cloud network, we have made yet another feature release.

Cloud Ziti Controller and Routers can operate with a single open port. In order to implement this feature we use ALPN (Application Layer Protocol Negotiation) TLS extension. It allows TLS client to request and TLS server to select appropriate application protocol handler during TLS handshake. Customers who desire to move to a single port of 443 from the current model of two ports –  443 & 80 can raise a ticket with our support desk or contact the Technical Account Manager to implement this feature. The feature is available from MOP version 7.3.94 and above. Due to the introduction of ALPN header, all networks that have to be upgraded to 7.3.94 and above will require that the routers are upgraded prior to the controller upgrade so that the routers do not lose connection to the controller due to the missing ALPN header. The choice of shutting down port 80 still exists with the customer post the network upgrade. 

Pls refer the release notes for more details on move to single port. 

Launch of “zrok frontdoor”: 

“zrok frontdoor” is a combination of reverse proxy and zero trust networks that offer the flexibility of reaching resources such as web apps, files or APIs while not directly exposing them to the internet. zrok frontdoor is built on the same openziti platform that is used by zrok and is currently available as an opensoure project. Learn more about zrok frontdoor here.  You can also watch a demo of zrok frontdoor.

NetFoundry | zrok Frontdoor

Update on Controller HA: 

High availability of controllers or distributed controllers is a critical project that we have been working on for a year now. We are excited to share the news with our customers that we have made an internal alpha release of HA of controllers. The details of HA of controller design has been recorded in a ZitiTV session. 

Articles, updates and software releases

The following articles have been added:

Solution Recipes

Accessing ODOO with BrowZer

Accessing Graphite with BrowZer 

Accessing Solarwinds with BrowZer

 

Support guides

Deploy Ziti Edge Routers Behind a Proxy 

 

Blogs 

Securing enterprise private mobile apps – LLM – Azure AI example

Enrollment and authentication in  ZTNA embedded mobile apps

Business Rule Driven Ephemeral Network Access

Securing Azure OpenAI Applications with OpenZiti

Closing Thoughts:

Watch our youtube channel and openziti channel for updates, demos and all exciting stuff on NetFoundry. If you are interested in our “Browzer” solution, zrok.io, additional use cases or if you have any feedback about these features, please contact us at customer.success@netfoundry.io. You can also reach out to us on the same email address if you would like to participate in the customer spotlight sessions. 

About NetFoundry

Networking was once a barrier to app innovation and automation with dependencies on after-the-fact security and performance engineering. NetFoundry is shifting the paradigm in cybersecurity by embedding zero trust networking and security as code.

Our NetFoundry Cloud solution embeds zero trust as software into apps, APIs, IoT devices, and other valuable assets rendering critical infrastructure invisible to the internet – and unreachable by potential attackers. It is the world’s first programmable, cloud native, zero trust network with near unlimited scale concurrency, and performance.  

NetFoundry Cloud represents a new art of the impossible by enabling developers, network engineers, DevOps, and cloud teams to programmatically control private, zero trust, high performance networking. NetFoundry Cloud is built on NetFoundry’s Ziti platform which is part of the OpenZiti project, the world’s most used and widely integrated open source networking platform.