ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (13.3%) to scientific vocabulary
Keywords
Keywords from Contributors
Repository
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Basic Info
- Host: GitHub
- Owner: openziti
- License: apache-2.0
- Language: Go
- Default Branch: main
- Homepage: https://openziti.io
- Size: 27.1 MB
Statistics
- Stars: 3,543
- Watchers: 37
- Forks: 206
- Open Issues: 257
- Releases: 0
Topics
Metadata Files
README.md
OpenZiti
OpenZiti represents the next generation of secure, open-source networking for your applications. OpenZiti has several components.
Quick Reference
- Documentation
- Developer Overview
- Local Development Tutorial
- Local Deployment Tutorial
- Controller PKI Tutorial
- Release Notes
What is OpenZiti?
- The OpenZiti fabric provides a scalable, pluggable, networking mesh with built in smart routing
- The OpenZiti edge components provide a secure, Zero Trust entry point into your network
- The OpenZiti SDKs allow you to integrate OpenZiti directly into your applications
- The OpenZiti tunnelers and proxies allow existing applications and networks to take advantage of a OpenZiti deployment
Security Features
- Zero Trust and Application Segmentation
- Dark Services and Routers
- End to end encryption
Performance and Reliability
- A scalable mesh fabric with smart routing
- Support for load balancing services for both horizontal scale and failover setups
Developer Focus
- Open source code, available with the Apache 2.0 license
- Fully programmable REST management APIs
- SDKs for a variety of programming languages
- Application specific configuration store allowing centralized management of configuration allowing you to add structured configuration specific to your application
- An extensible fabric, allowing you to add your own
- load balancing algorithms
- interconnect protocols
- ingress and egress protocols
- metrics collections frameworks
- control and management plane messaging and semantics
Easy Management
- A flexible and expressive policy model for managing access to services and edge routers
- A web based admin console
- Pre-built tunnelers and proxies for a variety of operating systems, including mobile
Let's break some of these buzzwords down.
Zero Trust/Application Segmentation
Many networking security solutions act like a wall around an internal network. Once you are through the wall, you have access to everything inside. Zero trust solutions enforce not just access to a network, but access to individual applications within that network.
Every client in a OpenZiti system must have an identity with provisioned certificates. The certificates are used to establish secure communications channels as well as for authentication and authorization of the associated identity. Whenever the client attempts to access a network application, OpenZiti will first ensure that the identity has access to the application. If access is revoked, open network connections will be closed.
This model enables OpenZiti systems to provide access to multiple applications while ensuring that clients only get access to those applications to which they have been granted access.
In addition to requiring cert based authentication for clients, OpenZiti uses certificates to authorize communication between OpenZiti components.
Dark Services and Routers
There are various levels of accessibility a network application/service can have.
- Many network services are available to the world. The service then relies on authentication and authorization policies to prevent unwanted access.
- Firewalls can be used to limit access to specific IP or ranges. This increases security at the cost of flexibility. Adding users can be complicated and users may not be able to easily switch devices or access the service remotely.
- Services can be put behind a VPN or made only accessible to an internal network, but there are some downsides to this approach.
- If you can access the VPN or internal network for any reason, all services in that VPN become more vulnerable to you.
- VPNs are not usually appropriate for external customers or users.
- For end users, VPNs add an extra step that needs to be done each time they want to access the service.
- Services can be made dark, meaning they do not have any ports open for anyone to even try and connect to.
Making something dark can be done in a few ways, but the way it's generally handled in OpenZiti is that services reach out and establish one or more connections to the OpenZiti network fabric. Clients coming into the fabric can then reach the service through these connections after being authenticated and authorized.
OpenZiti routers, which make up the fabric, can also be dark. Routers located in private networks will usually be made dark. These routers will reach out of the private network to talk to the controller and to make connections to join the network fabric mesh. This allows the services and routers in your private networks to make only outbound connections, so no holes have to be opened for inbound traffic.
Services can be completely dark if they are implemented with a OpenZiti SDK. If this is not possible a OpenZiti tunneler or proxy can be colocated with the service. The service then only needs to allow connections from the local machine or network, depending on how close you colocate the proxy to the service.
End to End Encryption
If you take advantage of OpenZiti's developer SDKs and embed OpenZiti in your client and server applications, your traffic can be configured to be seamlessly encrypted from the client application to server application. If you prefer to use tunnelers or proxy applications, the traffic can be encrypted for you from machine to machine or private network to private network. Various combinations of the above are also supported.
End-to-end encryption means that even if systems between the client and server are compromised, your traffic cannot be decrypted or tampered with.
Getting started with OpenZiti
If you are looking to jump right in feet first you can follow along with one of our up-and-running quickstart guides. These guides are designed to get an overlay network quickly and allow you to run it all locally, use Docker or host it anywhere.
This environment is perfect for evaluators to get to know OpenZiti and the capabilities it offers. The environment was not designed for large scale deployment or for long-term usage. If you are looking for a managed service to help you run a truly global, scalable network browse over the NetFoundry web site to learn more.
Build from Source
Please refer to the local development tutorial for build instructions.
Adopters
Interested to see what companies are using OpenZiti? Check out the list of projects and companies using OpenZiti here. Interested in adding your project to the list? Add an issue to github or better yet feel free to add a pull request! Instructions for getting your project added are included on the adopters list
Support
We have a very active Discourse forum. Join the conversation! Help others if you can. If you want to ask a question or just check it out, cruise on over to the OpenZiti Discourse forum. We love getting questions, jump in!
Contributing
The OpenZiti project welcomes contributions including, but not limited to, code, documentation and bug reports.
- All OpenZiti code is found on Github under the OpenZiti organization.
- ziti: top level project which builds all OpenZiti executables
- edge: edge components and model which includes identity, polices and config
- fabric: fabric project which includes core controller and router
- foundation: project which contains library code used across multiple projects
- SDKs
- ziti-sdk-c: C SDK
- sdk-golang: Go SDK
- ziti-sdk-jvm: SDK for JVM based languages
- ziti-sdk-swift: Swift SDK
- ziti-sdk-nodejs: NodeJS SDK
- ziti-sdk-csharp: C# SDK
- ziti-doc: Powers the static documentation site
OpenZiti was developed and open sourced by Netfoundry, Inc. NetFoundry continues to fund and contribute to OpenZiti.
Owner
- Name: OpenZiti
- Login: openziti
- Kind: organization
- Website: https://openziti.io
- Twitter: openziti
- Repositories: 79
- Profile: https://github.com/openziti
OpenZiti is a programmable network overlay and associated edge components for application-embedded, zero-trust networking
Citation (CITATION.cff)
# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!
cff-version: 1.2.0
title: OpenZiti
message: >-
Thanks for using OpenZiti. Please cite it using this
metadata.
type: software
authors:
- name: NetFoundry Inc.
address: 101 S Tryon St UNIT 2700
city: Charlotte
country: US
post-code: '28280'
repository-code: 'https://github.com/openziti/ziti'
url: 'https://openziti.io'
abstract: >-
OpenZiti is a free and open source project focused on
bringing zero trust networking principles directly into
applications.
keywords:
- open source
- zero trust
- secure networking
license: Apache-2.0
Committers
Last synced: 9 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Paul Lorenz | p****z@n****o | 1,500 |
| Andrew Martinez | a****z@g****m | 934 |
| ziti-ci | z****i@n****o | 825 |
| Kenneth Bingham | k****m@n****o | 598 |
| dovholuknf | 4****f | 522 |
| Michael Quigley | m****l@q****m | 287 |
| gberl002 | g****l@n****o | 202 |
| dependabot[bot] | 4****] | 200 |
| Shawn Carey | s****y@n****o | 73 |
| Eugene K | e****v@n****o | 56 |
| Steven A. Broderick Elias | s****k@n****o | 42 |
| dependabot-preview[bot] | 2****] | 30 |
| Cam Otts | o****n@g****m | 30 |
| Curt Tudor | c****t@r****m | 22 |
| Tod Burtchell | t****l@n****o | 14 |
| Jens Alm | j****s@u****g | 12 |
| dariuszSki | d****i@n****o | 6 |
| Mario Trangoni | m****i@g****m | 5 |
| Chernenko Ruslan | r****e@g****m | 4 |
| Geoff Berl | 9****2 | 3 |
| Lars Lehtonen | l****n@g****m | 3 |
| codesee-architecture-diagrams[bot] | 8****] | 3 |
| r-caamano | r****o@n****o | 3 |
| Edward Moscardini | e****i@n****o | 3 |
| Geoff Berl | g****1@g****m | 3 |
| Dave Hart | d****t@r****m | 2 |
| Mike Guthrie | m****e@n****o | 2 |
| StefanGajic | s****c@y****m | 2 |
| Kelvin Smith | k****n@t****z | 2 |
| Mamy Ratsimbazafy | m****b@n****o | 1 |
| and 24 more... | ||
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 6 months ago
All Time
- Total issues: 776
- Total pull requests: 1,790
- Average time to close issues: 7 months
- Average time to close pull requests: 8 days
- Total issue authors: 79
- Total pull request authors: 39
- Average comments per issue: 0.73
- Average comments per pull request: 0.41
- Merged pull requests: 1,020
- Bot issues: 4
- Bot pull requests: 660
Past Year
- Issues: 316
- Pull requests: 919
- Average time to close issues: 7 days
- Average time to close pull requests: 3 days
- Issue authors: 39
- Pull request authors: 14
- Average comments per issue: 0.28
- Average comments per pull request: 0.37
- Merged pull requests: 515
- Bot issues: 3
- Bot pull requests: 360
Top Authors
Issue Authors
- plorenz (223)
- andrewpmartinez (145)
- qrkourier (140)
- dovholuknf (75)
- gberl002 (28)
- mikegorman-nf (15)
- ekoby (13)
- sabedevops (9)
- scareything (8)
- emoscardini (7)
- nenkoru (7)
- tburtchell (6)
- NicFragale (4)
- dependabot[bot] (4)
- jensalm (4)
Pull Request Authors
- dependabot[bot] (660)
- plorenz (422)
- qrkourier (297)
- andrewpmartinez (177)
- dovholuknf (97)
- scareything (34)
- gberl002 (23)
- jensalm (17)
- mjtrangoni (6)
- Pehesi97 (4)
- alrs (4)
- nenkoru (3)
- mikegorman-nf (3)
- ekoby (3)
- Vrashabh-Sontakke (2)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 6
-
Total downloads:
- pypi 3,418 last-month
- Total docker downloads: 5,103
-
Total dependent packages: 6
(may contain duplicates) -
Total dependent repositories: 6
(may contain duplicates) - Total versions: 814
- Total maintainers: 2
proxy.golang.org: github.com/openziti/ziti
- Homepage: https://github.com/openziti/ziti
- Documentation: https://pkg.go.dev/github.com/openziti/ziti#section-documentation
- License: Apache-2.0
-
Latest release: v1.6.7
published 6 months ago
Rankings
proxy.golang.org: github.com/openziti/ziti/network-tests
- Homepage: https://github.com/openziti/ziti
- Documentation: https://pkg.go.dev/github.com/openziti/ziti/network-tests#section-documentation
- License: Apache-2.0
-
Latest release: v0.0.0-20230512161415-a03712b41eb6
published almost 3 years ago
Rankings
proxy.golang.org: github.com/OpenZiti/ziti
- Documentation: https://pkg.go.dev/github.com/OpenZiti/ziti#section-documentation
- License: apache-2.0
-
Latest release: v1.6.7
published 6 months ago
Rankings
proxy.golang.org: github.com/OpenZITI/Ziti
- Documentation: https://pkg.go.dev/github.com/OpenZITI/Ziti#section-documentation
- License: apache-2.0
-
Latest release: v1.6.7
published 6 months ago
Rankings
proxy.golang.org: github.com/openziti/ziti/zititest
- Homepage: https://github.com/openziti/ziti
- Documentation: https://pkg.go.dev/github.com/openziti/ziti/zititest#section-documentation
- License: Apache-2.0
-
Latest release: v0.0.0-20240110174547-3fc114263371
published about 2 years ago
Rankings
pypi.org: openziti
Ziti Python SDK
- Homepage: https://github.com/openziti/ziti-sdk-py
- Documentation: https://openziti.github.io/ziti/overview.html
- License: Apache-2.0
-
Latest release: 1.3.1
published 6 months ago