{"id":4887,"date":"2026-02-06T11:27:29","date_gmt":"2026-02-06T10:27:29","guid":{"rendered":"https:\/\/ba.be\/?p=4887"},"modified":"2026-02-11T11:56:46","modified_gmt":"2026-02-11T10:56:46","slug":"openziti-zero-trust-the-oss-way","status":"publish","type":"post","link":"https:\/\/ba.be\/en\/front-en\/openziti-zero-trust-the-oss-way\/","title":{"rendered":"OpenZiti: Zero Trust the Open Source Way"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4887\" class=\"elementor elementor-4887 elementor-4886\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-63890cc e-flex e-con-boxed e-con e-parent\" data-id=\"63890cc\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-085ae31 elementor-widget elementor-widget-text-editor\" data-id=\"085ae31\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-path-to-node=\"3\"><b>Like most security terms, <span data-path-to-node=\"3\" data-index-in-node=\"26\">Zero Trust<\/span> is a brilliant conceptual idea that, unfortunately, too often ends up as a hollow slogan smothered in &#8220;marketing-bullshit-caramel-sauce.&#8221; Just like when someone drops the term AI, it becomes crucial to peek under the hood and see what and especially <i data-path-to-node=\"3\" data-index-in-node=\"289\">how\u00a0<\/i>they actually mean it.I recently got asked what we &#8220;open source guys&#8221; actually use for <span data-path-to-node=\"4\" data-index-in-node=\"65\">Zero Trust Network Access (ZTNA)<\/span>. Well, for a few years now, our go-to has been <span data-path-to-node=\"4\" data-index-in-node=\"145\">OpenZiti<\/span>.<\/b><\/p><p data-path-to-node=\"6\">OpenZiti is a full-blown open-source technology that allows you to cover every aspect of ZTNA: from strong identity-based authentication and micro-segmentation (Least Privilege Access) to making your environment go almost completely &#8220;dark.&#8221;<\/p><p data-path-to-node=\"7\">The kicker? It\u2019s built for a modern software world. Because it\u2019s fully open source and comes with a handy SDK and tons of extras, you can simply tuck it away inside your Docker containers or proxies. Everything is easily manageable via <span data-path-to-node=\"7\" data-index-in-node=\"236\">Infrastructure-as-Code<\/span>; we use <span data-path-to-node=\"7\" data-index-in-node=\"267\">Ansible<\/span> ourselves, but thanks to the API, virtually any tool will work.<\/p><p data-path-to-node=\"8\">Ziti was developed years ago by Netfoundry\u2014an internal startup of TATA Networks\u2014to solve a real internal problem. This leads us to another major plus: you can run it on your own infrastructure (on-prem or cloud), keeping full control without lock-in or digital sovereignty headaches.<\/p><p data-path-to-node=\"9\">Of course, like any powerful tech, there\u2019s a <span data-path-to-node=\"9\" data-index-in-node=\"45\">learning curve<\/span>. But if you don\u2019t want to invest the time, if things get too complex with international requirements, or if you just need rock-solid enterprise support, you can seamlessly transition to the commercial Netfoundry product. Best of both worlds.<\/p><h2 data-path-to-node=\"10\">What can you actually do with it?<\/h2><ul data-path-to-node=\"11\"><li><p data-path-to-node=\"11,0,0\"><b data-path-to-node=\"11,0,0\" data-index-in-node=\"0\">Make remote work simple (and safe) again:<\/b> The first application most companies will care about is replacing traditional, often insecure VPNs with ZTNA. Completely &#8220;dark&#8221; (no externally visible ports), strongly authenticated with MFA, where the user only sees what they are allowed to see\u2014all managed from a single dashboard with robust logging.<\/p><\/li><li><p data-path-to-node=\"11,1,0\"><b data-path-to-node=\"11,1,0\" data-index-in-node=\"0\">A secure wAN over the Internet:<\/b> Whether you\u2019re an SME or an Enterprise, you can use it as a secure overlay network that transparently leverages multiple internet connections for bandwidth and redundancy. It links your sites, cloud infra, and apps across different providers with the guarantees you need today: identity-based security and performance optimization.<\/p><\/li><li><p data-path-to-node=\"11,2,0\"><b data-path-to-node=\"11,2,0\" data-index-in-node=\"0\">Extra security in your own software through embedded networking:<\/b> For those who want to go further, you can use the SDK to embed OpenZiti directly into your own software. This brings all these security features deep into your app or software infrastructure.<\/p><\/li><\/ul><h2 data-path-to-node=\"12\">Real-world Case: CERM<\/h2><p data-path-to-node=\"13\">We recently used this as the foundation for an international overlay network for one of our oldest and most technically challenging clients: <span data-path-to-node=\"13\" data-index-in-node=\"141\">CERM<\/span>. It works there on so many levels\u2014from Zero Trust remote work for consultants to a &#8220;dark&#8221; internal network connecting their infrastructure and cloud components across four continents. It\u2019s all fully automated with Ansible to keep it manageable. It\u2019s a story where all the pieces finally click into an integrated infrastructure and software solution that adds massive value to their core business.<\/p><h2>How to get started?<\/h2><p data-path-to-node=\"16\">My advice if you want to dive in: start with a &#8220;taster&#8221; in the form of a <span data-path-to-node=\"16\" data-index-in-node=\"73\">Proof-of-Concept<\/span>.<\/p><p data-path-to-node=\"17\">What that looks like depends on your needs, but we\u2019re happy to set it up for you and give your technical team hands-on training. That immediately flattens that steep learning curve for you.<\/p><p data-path-to-node=\"18\"><span data-path-to-node=\"18\" data-index-in-node=\"0\">Drop us an <\/span><a style=\"background-color: #ffffff; color: #2e82b5;\" href=\"mailto:contact@ba.be?subject:OpenZiti\" target=\"_blank\" rel=\"noopener\">email<\/a>\u00a0if you\u2019re interested in cutting through the noise.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Like most security terms, Zero Trust is a brilliant conceptual idea that, unfortunately, too often ends up as a hollow slogan smothered in &#8220;marketing-bullshit-caramel-sauce.&#8221; Just like when someone drops the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":4790,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[76,77],"tags":[65],"class_list":["post-4887","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-front-en","category-lab-en","tag-cybersecurity-en"],"_links":{"self":[{"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/posts\/4887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/comments?post=4887"}],"version-history":[{"count":6,"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/posts\/4887\/revisions"}],"predecessor-version":[{"id":4908,"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/posts\/4887\/revisions\/4908"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/media\/4790"}],"wp:attachment":[{"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/media?parent=4887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/categories?post=4887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ba.be\/en\/wp-json\/wp\/v2\/tags?post=4887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}