Overview
This bulletin covers announcements from NetFoundry, details on features released between October 2024 & December 2024 and information on latest blogs & articles. Highlights include the launch of the NetFoundry Support Stack offer that empowers partners and customers to leverage all of the telemetry and events that is available in the NetFoundry network with packaged tooling and pre-built dashboards.
Support Stack
NetFoundry has launched an addon service for the NetFoundry Cloud and NetFoundry hybrid cloud deployment models. The support stack is meant for customers & partners who are looking for heavy integration w.r.t metrics and events and want to stream all of the event / metric data to their own systems. The solution empowers partners and customers to leverage all of the telemetry and events that is available in the NetFoundry network with packaged tooling and pre-built dashboards. The deployment is built on on our proprietary helm chart and is available with a private access token issued upon subscription to the service. All components within the support stack are currently open source, and they are pre-configured to work together to provide viable support for the NetFoundry network deployed. This includes pre-configured telemetry dashboards and searchable application logs that mirror what NetFoundry uses internally to support the installation. The subcomponents within the support stack are outlined below:
- Elasticsearch - Telemetry and Log storage and searchability. Also provides an API for all log and telemetry data
- Logstash - Flexible data processing and shipping. Future iterations will allow extensions to be configured by the user to stream metrics to additional systems
- Kibana - UI for Elasticsearch, used to view the raw log and telemetry data and provides a full featured search mechanism. Ships pre-configured organized data sources.
- Grafana - Industry standard dashboard tool for viewing and analyzing metrics. Ships pre-configured with all data sources and standard dashboards that we use internally at NetFoundry.
- RabbitMQ - Provides a buffer for Ziti metrics and events. The metrics are consumed and processed by Logstash. This can also be extended if customers want to create additional queues and stream metrics to their own systems.
- Beats Agents - These are micro-containers that run as data collectors on all Kubernetes nodes as a daemon set. They collect logs and metrics from all containers in the support and ziti namespaces.
- Ziti Edge Tunnel - We recommend making the support tools accessible over Ziti, and using the Ziti Edge Tunnel as the primary access method. This eliminates any extra open ports from the support installation, and satisfies most compliance audits.
Key management for NetFoundry hybrid cloud:
For NetFoundry hybrid cloud deployment with customer managed controller infrastructure, the SSH keys for secure access between NetFoundry console and the controller can now be managed via the console. Customers with network group admin permissions will be able to set the value of the key, but will not be able to retrieve it. Customers with network group admin permission can create a single use link. The link can be shared with anyone to update the value of the private key, without having access to the NetFoundry console. There are two links generated
- API link: suitable for setting the value via postman, curl, etc.
- Browser link: loads a branded page in the console where the key can be pasted.
Improvements to Fabric Link Latency Visualizer:
The display and usability of the link latency visualizer have been improved. The visualizer limits display to 10 routers per page for clarity and performance. The target router selection and better range availability enhances the analysis and troubleshooting experience.
Filtering of edge routers in console by ziti ID and MOP ID:
The edge routers section now allows filtering routers by ziti ID or MOP ID of the router
Support wild card domain in host.v1/host.v2 allowed Addresses:
Ziti and console now support creation of services with "*" i.e any domain or IP address in the host.v1/host.v2 allowed address as part of service configuration. This allows customers to forward any traffic to a specific router or identity using host.v1/host.v2 service config. The feature has been released in networks 1.1.5 and above.
Articles, updates and software releases:
- Latest Blogs:
- How Mendix Customers Use NetFoundry for Private Connectivity Without VPNs
- NetFoundry Joins CISA Secure By Design Pledge: Leading the Movement for Embeddable Zero Trust
- The Zero Trust Revolution Starts with You: Designing Security Into Every Product
- Tailscale and Wireguard versus NetFoundry and OpenZiti
- Unified Namespace Architecture and Secure Connectivity
- Latest Solution Recipes:
- Deploying Ziti-Tunnel as a side car proxy to a containerized app - NetFoundry Cloud for Kubernetes
- Intercepting Services in Routers using Proxy Tunnel Mode - NetFoundry for Kubernetes / Docker
- Follow our ziti releases at - https://github.com/openziti/ziti/releases
- Updated WDE released - https://github.com/openziti/desktop-edge-win/releases
- Updated Linux tunneler released (check that your ERs and controller are on the same version as the tunneler) - https://github.com/openziti/ziti-tunnel-sdk-c/releases
- Watch the announcements section for announcements about the NetFoundry cloud services.
Closing Thoughts:
Watch our youtube channel and openziti channel for updates, demos and all exciting stuff on NetFoundry. Whether you're intrigued by our cutting-edge OT/IIOT solutions, fascinated by "Browzer" and zrok.io, or have valuable feedback to share, we’d love to hear from you! Reach out to us at customer.success@netfoundry.io.