OpenZiti

OpenZiti provides a zero‑trust overlay network where every connection is authenticated with a cryptographic identity, authorized by policy, and encrypted end‑to‑end. It can be added to existing applications through lightweight tunnelers that require no code changes, while new applications can embed OpenZiti SDKs for tighter integration. The platform supports a full‑mesh architecture with edge routers, a controller, and client software for all major desktop and mobile operating systems, and includes built‑in two‑factor authentication.

The system is designed for a range of scenarios, such as replacing VPNs, exposing “dark” services that have no listening ports, securing IoT devices, and connecting workloads across clouds, hybrid environments, or Kubernetes clusters. Identity‑aware access eliminates reliance on IP addresses, firewalls, or shared secrets, allowing each service or device to be individually authorized.

OpenZiti is self‑hostable, offered under the Apache‑2.0 license, and does not require a subscription. It is available in community‑supported self‑hosted deployments as well as a managed SaaS option from NetFoundry, giving users flexibility to choose the operational model that fits their regulatory and infrastructure needs.