A Taste of OpenZiti
Designing and building a secure, private, distributed app can be daunting. In today’s world, application developers and solution providers are wise to assume whatever networks they are using are already compromised by bad actors.
So wow do you deliver a secure solution, and how can you be assured you have extreme visibility into who is using your network and what exactly they are doing?
Zero Trust Security Baked Right In
Here are a few of the things you need to design into your application
Strong Identity
You need to be confident all entities on your network are who they claim to be, and tightly control access to your network
Completely Dark
No open ports! Your application should be “dark”, meaning no inbound ports to your applications and services are available for direct attack
Segmented Access
Access to services on your network needs to follow a “least privileged access” model, allowing access only to exactly what is needed to help mitigate against lateral attacks
Continuous
Auth
Things change constantly. An auth event that is valid at one point in time may not still be valid in the face of changing event
End-to-End Encryption
Only your application and endpoints should be able to access private data.
The Demo Environment
We are providing this “Taste of Ziti” environment to show how you can embed OpenZiti into your applications and quickly achieve the benefits listed above. “Taste of Ziti” consists of.
A Simple App
A simple “Pet Store” application based on the Swagger PetStore
Instructions
Instructions for “brownfield” access using OpenZiti “tunnelers”
Sample Code
Example code for access from various devices (e.g., mobile) and programming languages
Tutorials
Brief tutorials on configuring access and investigating how the network is being used
To start basic, we set up an instance of everyone’s favorite Swagger PetStore Server in a completely dark environment. This app is a great example of how easy it is to access a service that has no public ports available without any special firewall configuration. Try it out by pasting a couple lines of code of your favorite programing language.
What is OpenZiti?
At NetFoundry, we believe the best way to accomplish is in software, leveraging a software overlay network that can be embedded directly inside all parts of your application. And that this overlay network (and associated SDKs) needs to be completely free and available… We call this tech OpenZiti.