In this lab, you will see step-by-step how to implement a Zero Trust Networking solution using OpenZiti.
All steps are written on the Guide.pdf.
OpenZiti is a free and open source project created by the Netfoundry company, focused on bringing zero trust networking principles directly into any application. The project provides all the pieces required to implement a zero trust overlay network and provides all the tools necessary to integrate zero trust into existing solutions (interesting for brown field applications).
For more details, you can check the OpenZiti documentation and the Guide.pdf.
| Features | VPN | OpenZiti |
|---|---|---|
| Implementation | Easy implementation | Can be more complex, but if using NetFoundry (SaaS, Hybrid, or airgap deploy) then it's no more complex |
| Requires inbound FW port and public DNS | ✅ | ❌ |
| Control and Data Plane | VPN combines it | Ziti separates them out, while providing HA across both, with smart routing and visibility |
| Operation level | VPN operates at network or host level | Ziti provides SDKs for app embedded or other deeper integrations for high security and easier user experience |
| Posture checks for extra device security | ❌ | ✅ |
| Network | VPN use IP and DNS | Ziti has a private dNS which means naming does not need to comply to TLDs plus easily solve overlapping IP, NAT, etc... |
| Least privilege | Access to non essential resources, involving complex network architectures | Access only to services we are supposed to access |
| Multi-layer encryption | ❌ | ✅ Click here |