March 2024 Platform Update: Unlocking the Power of Application Embedded Zero Trust Connectivity
Overview
This bulletin covers announcements from NetFoundry, details on our embeddable zero trust connectivity and general features released between Jan 2024 & March 2024 and information on latest blogs & articles. We are excited to share the launch of our commercial offer for NetFoundry hosted & managed zrok, our first Ziti-based purpose-built application for resource sharing. Other highlights include all new network visualizer analytics and launch of tools for developers to experience application embedded zero trust with Ziti SDKs.
Product Update Highlights
- Managed zrok now available for enterprises.
- New network visualizer offers latency insights.
- BrowZer updates enhance zero trust web app security.
Launch of NetFoundry managed & hosted “zrok”
zrok is a zero trust connectivity and sharing solution providing secure, private and public sharing with zero trust reverse proxy capabilities for applications. It is being used by 1000s of developers and organizations world-wide. zrok is now available as a managed hosted offer with NetFoundry hosting dedicated & private zrok networks for customers. This is in addition to the “self-hosted” and “hosted multi-tenant” options that are available. zrok for enterprise delivers private share, public share and zero trust reverse proxy capabilities with the following benefits:
- Private Network
- Dedicated Domain
- High Availability
- Service Level Agreements
- 24/7 Support
- Unlimited Transfers
- Configurable Rate Limiter
- Built in Geo Restrictions
- Script injection defense
- SQL injection defense
- Configurable Payload Defense
Improvements to MACD & network upgrade
Ability to get the controller IP ahead of controller movement:
NetFoundry Cloud provides an option to move the controller from one cloud provider / region to another cloud provider / region. During this movement to a different region or provider, a new IP address would be assigned to the controller and the domain name. This IP can now be obtained ahead of the activity so that the firewalls deployed at customer edges can whitelist the new IP to the outbound policy. The NetFoundry customer support team would be able to provide you the details as part of the MACD process to move the controller.
Upgrade of offline edge routers:
Routers that are offline during a network upgrade window will auto-upgrade matching the version of the controller when they come online upon a reboot. This is achieved by an on-boot upgrade script. Any edge router that has been online for more than 24 hours since Nov 2023 would already have this feature enabled.
The all new Network Visualizer
Network utilization for Edge Routers, Services, and Identities
Network utilization graphs are available for edge routers, services and identities. The network visualizer section in the console provides this information under each router / service / identity. A right click against the respective router / service / identity shall provide the graphs. Note that for networks with only router endpoint hosted services, the graph might not provide the information for the public routers.
Network visualizer – Fabric latency data
Network visualizer now provides fabric latency data. The graph can be accessed by a right click against the specific edge router of choice. Latency data is available as P99, Mean and Max values. Hourly charts can be selected for the last one week, current day and the past day.
Network visualizer – Fabric latency with timeouts
Another informative graph that’s available for each edge router is the fabric link latency along with timeouts if any. You can find the latency data from a source router to a specific router or all applicable routers in the network. The data is available for the last 7 days.
A summary is also available when you hover the mouse pointer on a edge router as shown below.
Improvements to endpoint service path visualizer:
Endpoint service path visualizer which is available for each identity (endpoint) under the “identities” section is enriched with link status information. A summary is available for the endpoints, routers and service in the visualizer.
New parameters available to query via NetFoundry Cloud’s MOP API:
Salt minion availability state for customer edge routers is now available via MOP API.
Updates on BrowZer: Zero Trust Connectivity for Web Apps
NetFoundry Cloud now supports provisioning more than one web socket enabled public routers or WSS routers. This would allow our customers to provision geo based WSS routers for better latency from the web browser to the fabric. The edge router policies can be used to control which set of endpoints need to have access to specific WSS routers.
TLS over mTLS capability to support https apps, error codes and messages for better troubleshooting and various other capabilities have been added to BrowZer.
Articles, updates and software releases:
- Video demo on securing a web application (wazuh SOAR platform dashboard as an example) with zrok frontdoor, our zero trust reverse proxy solution
- Blog on securing APIs with Ziti
- Case Study: TZ smart lockers
- Case Study : Digibee IPaaS
- Tools that provide access to demo networks with live applications for developers to experience application embedded zero trust in a few minutes with our SDKs.
https://appetizer.openziti.io/
https://landing.openziti.io/taste-of-ziti/
- Follow our ziti releases at – https://github.com/openziti/ziti/releases
- Updated WDE released – https://github.com/openziti/desktop-edge-win/releases
- Updated Linux tunneler released (check that your ERs and controller are on the same version as the tunneler) – https://github.com/openziti/ziti-tunnel-sdk-c/releases
- Watch the announcements space for updates about open issues or things that impact our services.
Closing Thoughts:
Watch our youtube channel and openziti channel for updates, demos and all exciting stuff on NetFoundry. If you are interested in our “Browzer” solution , zrok.io, additional use cases or if you have any feedback about these features, please contact us at customer.success@netfoundry.io. You can also reach out to us on the same email address if you would like to participate in the customer spotlight sessions.
About NetFoundry
Networking was once a barrier to app innovation and automation with dependencies on after-the-fact security and performance engineering. NetFoundry is shifting the paradigm in cybersecurity by embedding zero trust networking and security as code.
Our NetFoundry Cloud solution embeds zero trust as software into apps, APIs, IoT devices, and other valuable assets rendering critical infrastructure invisible to the internet – and unreachable by potential attackers. It is the world’s first programmable, cloud native, zero trust network with near unlimited scale concurrency, and performance.
NetFoundry Cloud represents a new art of the impossible by enabling developers, network engineers, DevOps, and cloud teams to programmatically control private, zero trust, high performance networking.
NetFoundry Cloud is built on NetFoundry’s Ziti platform which is part of the OpenZiti project, the world’s most used and widely integrated open source networking platform.