Overview
This bulletin covers announcements from NetFoundry, details on features released between Jan 2024 & March 2024 and information on latest blogs & articles. We are excited to share the launch of our commercial offer for NetFoundry hosted & managed zrok. Highlights include all new network visualizer analytics and launch of tools for developers to experience application embedded zero trust with ziti SDKs.
Launch of NetFoundry managed & hosted "zrok"
zrok is being used by 1000s of developers and organizations world-wide. zrok is now available as a managed offer with NetFoundry hosting dedicated & private zrok networks for customers. This is in addition to the "self-hosted" and "hosted multi-tenant" options that are available. zrok for enterprise delivers private share, public share and zero trust reverse proxy capabilities with the following benefits:
- Private Network
- Dedicated Domain
- High Availability
- Service Level Agreements
- 24/7 Support
- Unlimited Transfers
- Configurable Rate Limiter
- Built in Geo Restrictions
- Script injection defense
- SQL injection defense
- Configurable Payload Defense
Improvements to MACD & network upgrade:
Ability to get the controller IP ahead of controller movement:
CloudZiti provides an option to move the controller from one cloud provider / region to another cloud provider / region. During this movement to a different region or provider, a new IP address would be assigned to the controller and the domain name. This IP can now be obtained ahead of the activity so that the firewalls deployed at customer edges can whitelist the new IP to the outbound policy. The NetFoundry customer support team would be able to provide you the details as part of the MACD process to move the controller.
Upgrade of offline edge routers;
Routers that are offline during a network upgrade window will auto-upgrade matching the version of the controller when they come online upon a reboot. This is achieved by an on-boot upgrade script. Any edge router that has been online for more than 24 hours since Nov 2023 would already have this feature enabled.
The all new Network Visualizer:
Network utilization for Edge Routers, Services, and Identities
Network utilization graphs are available for edge routers, services and identities. The network visualizer section in the console provides this information under each router / service / identity. A right click against the respective router / service / identity shall provide the graphs. Note that for networks with only router endpoint hosted services, the graph might not provide the information for the public routers.
Network visualizer - Fabric latency data
Network visualizer now provides fabric latency data. The graph can be accessed by a right click against the specific edge router of choice. Latency data is available as P99, Mean and Max values. Hourly charts can be selected for the last one week, current day and the past day.
Network visualizer - Fabric latency with timeouts
Another informative graph that's available for each edge router is the fabric link latency along with timeouts if any. You can find the latency data from a source router to a specific router or all applicable routers in the network. The data is available for the last 7 days.
A summary is also available when you hover the mouse pointer on a edge router as shown below.
Improvements to endpoint service path visualizer:
Endpoint service path visualizer which is available for each identity (endpoint) under the "identities" section is enriched with link status information. A summary is available for the endpoints, routers and service in the visualizer.
New parameters available to query via CloudZiti's MOP API:
Salt minion availability state for customer edge routers is now available via MOP API.
networkId
: The network id.enabled
: true = salt minion is created and was reachable the last time it was checked. false = the salt minion has not been created or did not respond the last time it was checked.type
: Limits this query to edge routers.embed
: Includes the edge router details in the response. The edge router will be in an "_embedded" element for each deployment state in the response.
Updates on BrowZer:
CloudZiti now supports provisioning more than one web socket enabled public routers or WSS routers. This would allow our customers to provision geo based WSS routers for better latency from the web browser to the fabric. The edge router policies can be used to control which set of endpoints need to have access to specific WSS routers.
TLS over mTLS capability to support https apps, error codes and messages for better troubleshooting and various other capabilities have been added to BrowZer.
Articles, updates and software releases:
- Video demo on securing a webapplication (wazuh SOAR platform dashboard as an example) with zrok frontdoor, our zero trust reverse proxy solution
- Blog on securing APIs with Ziti
- Case Study: TZ smart lockers
- Case Study : Digibee IPaaS
- Tools that provide access to demo networks with live applications for developers to experience application embedded zero trust in a few minutes with our SDKs.
https://appetizer.openziti.io/
https://landing.openziti.io/taste-of-ziti/
- Follow our ziti releases at - https://github.com/openziti/ziti/releases
- Updated WDE released - https://github.com/openziti/desktop-edge-win/releases
- Updated Linux tunneler released (check that your ERs and controller are on the same version as the tunneler) - https://github.com/openziti/ziti-tunnel-sdk-c/releases
- Watch the announcements space for updates about open issues or things that impact our services.
Closing Thoughts:
Watch our youtube channel and openziti channel for updates, demos and all exciting stuff on NetFoundry. If you are interested in our "Browzer" solution , zrok.io, additional use cases or if you have any feedback about these features, please contact us at customer.success@netfoundry.io. You can also reach out to us on the same email address if you would like to participate in the customer spotlight sessions.