NetFoundry is a zero trust NAAS platform that helps you to take zero trust dark networks to any app or any device delivering zero trust security with simplicity. You can use the console or the APIs to orchestrate the platform for network as code. Utilizing NetFoundry's automation user's can build application specific, zero trust, global transport networks in a matter of minutes that enhance application security, reliability and performance.
A NetFoundry Network consists of 5 major elements apart from the network controller that is the heart of the system:
- Endpoints are software installed onto a user's device, on an operating system, or embedded within an application utilizing NetFoundry's Ziti SDK.
- Edge Routers are either NetFoundry Hosted (NetFoundry Global Fabric) or Customer Hosted and provide ingress/egress of network traffic between endpoints.
- Services encapsulate the definition of any resource that can be accessed by a client on a traditional network.
- Attributes and Policies are used to set rights to services and paths.
- APPWANs define the services that endpoints can reach over the NetFoundry network.
The Controller is the central function of the network. The controller provides the control plane for the software defined network for management and configurations. It is responsible for configuring services, policies as well as being the central point for managing the identities used by users, devices and the nodes making up the Network. Lastly but critically, the Controller is responsible for authentication and authorization for every connection in the network.
Endpoints are light-weight agents that are installed on your devices or in an APP as a SDK. Endpoints are enrolled to the NetFoundry network using the registration process via one-time use secure JWT.
See more here to learn more about endpoints in NetFoundry and how to create & install endpoints.
Edge Routers -
NetFoundry Hosted Router –
NetFoundry fabric is a dynamic mesh of hosted edge routers that are enabled to receive traffic. The fabric is dedicated per network and carries traffic only within the network. NF fabric provides the best path for traffic to reach the destination node from the source node. This document covers details about NF's smart routing, how edge routers make routing decisions and how the best path is selected. A min of 1 hosted edge router is required and two or more routers are suggested to create a fabric.
Customer Edge Router –
Customer edge routers are spun up by customers at their private data center / public clouds / branch locations in their LAN. The role of an edge router is to act as a gateway to NetFoundry network to send / receive packets between the apps and a NetFoundry Network. Edge routers can either host services or act as a WAN gateway to access services in an APPWAN.
See more here to learn more about edge routers in NetFoundry and how to create & install edge routers.
Services define resources on your local network that you want to make available over your NetFoundry network. Once you've created a service, add it to one or more AppWANs to make it available to those AppWAN members. Think of a service as a rule in a firewall whitelist, which defines the exact set of network resources that one may access over an AppWAN, while all other traffic is blocked.
See more here on how to create services.
AppWans are like a policy that defines which endpoints can access which services. AppWANs are micro perimeters within your network. Each network can have many APPWANs. AppWANs are a combination of services & endpoints that have to access the services.
See more here on how to create and manage APPWANs.
Attributes are applied to Endpoints, Services, and Edge Routers. These are tags that are used for identifying a group or a single endpoint / service / edge router. Attributes are used while creating APPWANs. The @ symbol is used to tag Individual endpoints / services / edge routers and # symbol is used to tag a group of endpoints / services / edge routers.
Learn more on how attributes simplify policy management in NetFoundry.
Edge Router Policy
This Edge Router Policy configures particular Endpoints to dial the network via the Edge router. When multiple edge routers are selected, the first-responding Edge routers handles the traffic.
NetFoundry Platform Architecture
You might be interested to know about the underlying component of the NetFoundry platform. This whitepaper gives you that insight in the context of how the various layers integrate to provide security, reliability and performance over Internet connections for today’s distributed, dynamic, automated application environments.