Zscaler
Cloud-based zero trust security platform providing secure access to applications without traditional VPNs
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Zero‑trust, programmable network fabric for secure application connectivity
OpenZiti delivers a scalable, pluggable mesh with zero‑trust access, dark services, and end‑to‑end encryption, plus SDKs, tunnelers, and a web console for easy management.
OpenZiti is a programmable networking layer that lets developers and operators build zero‑trust, application‑segmented connections. By using certificate‑based identities, every client and service is authenticated and authorized before traffic is allowed, eliminating the need for open ports or traditional VPNs.
The platform provides a smart‑routing mesh with built‑in load balancing, dark services and routers that only make outbound connections, and end‑to‑end encryption whether you embed the SDKs or deploy pre‑built tunnelers and proxies. Management is handled through a flexible policy model, a web‑based admin console, and fully programmable REST APIs. SDKs are available for multiple languages, and the fabric can be extended with custom load‑balancing algorithms, interconnect protocols, and metrics collection.
OpenZiti can be started locally via quick‑start guides, Docker, or any host environment. While the quick‑start environment is ideal for evaluation, production deployments require planning of PKI, controller scaling, and mesh topology. The project is Apache‑2.0 licensed and supported by a growing community of adopters.
When teams consider OpenZiti, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Secure remote access to internal dashboards
Employees connect through dark routers, gaining access only to authorized web interfaces without exposing ports.
Zero‑trust service mesh for microservices
Each service uses the OpenZiti SDK, ensuring mutual authentication and encrypted traffic across clusters.
Legacy application integration
Deploy a Ziti tunnel proxy beside the legacy app, making it a dark service reachable securely by authorized clients.
Multi‑cloud connectivity
Edge routers in different clouds join the mesh, providing seamless, encrypted communication between cloud resources.
OpenZiti provides SDKs for several languages, including Go, Java, JavaScript, and others, enabling integration across diverse application stacks.
Unlike VPNs that grant network‑wide access, OpenZiti enforces zero‑trust policies at the application level, using dark services and certificate‑based authentication to limit exposure.
Yes, OpenZiti components can be deployed via Docker or other container platforms, and quick‑start guides cover local container setups.
While the core project is open source, a managed service is offered by NetFoundry for global, scalable deployments.
Certificates are provisioned per identity and used for both authentication and authorization; the controller handles PKI operations and certificate distribution.
Project at a glance
ActiveLast synced 4 days ago