ansible-paramikoz-demo VS ziti

OpenZiti has tunnelers for all popular OS, allowing you to support many apps and services. Even better, a tunneler can support multiple identities and thus be part of different networks (which ZPA or a VPN cannot do). This is great for admin access for MSPs, for example. The SDKs are super powerful if you develop the app yourself and give more security (i.e., you no longer trust the host OS network). The SDKs also give us the ability to do cool app-embedded things, e.g., zero trust Ansible, Prometheus, SSH, Lambda/serverless, clientless for browzer.

Regarding Mattermost, we didn't do app embedded; we 'merely' use the OpenZiti tunnelers at source and destination (think better VPN client). We did do zitifications of the following (and more) - Prometheus, Ansible, SSH, Kubectl. For Mattermost, the interesting zitification is the client side. Most of our company uses BrowZer, which is a new (beta) OpenZiti capability which gives the user a public application experience, while the server stays completely private and unaddressable on the public internet - to understand how that is even possible, read this blog - https://openziti.io/introducing-openziti-browzer.

What are your thoughts on building the VPN into SSH Shadonovitch? I work for an open source project which built an overlay mesh network built on zero trust networking principles incl. outbound only connectivity, and a strong identity. This means you do not need any inbound ports, VPNs or private APNs. More important, at its route its a suite of SDKs, so we took our Python one and put it inside Paramiko SSH so we could put it in Ansible and not need the external VPN client, as the private overlay is in SSH - https://github.com/openziti-test-kitchen/ansible-paramikoz-demo

- https://github.com/openziti-test-kitchen/ansible-paramikoz-demo

Check out the Ansible Collection for the code, and if you want, you can try the demo.

Zero Trust Ansible Demo

If you are not aware of what OpenZiti is, this is the description available on their website:

fwiw, its back up. stars for zrok and ziti (i.e., the parent repo) are super appreciated!

https://github.com/openziti/ziti (1.2k stars)

Create an AUR package for the ziti binaries

I ask because I'm going to start with the simplified-docker-compose.yml file instead of the more complicated one for starters

OpenZiti is the most sophisticated and simple-to-use ZTNA platform on the planet. Allows you to create micro-segmented ZTNA networks by desktop application, web application, device, containers, API, and servers. All data is distributed dynamically across an overlay mesh network focused on routing performance, self-healing, and latency. It has desktop clients on all operating systems, pre-built SSH consoles, and SDKs in different languages to integrate OpenZiti into any product natively. And best of all, it's Open-Source. Seriously, try it, you'll be mind-blowing...

This repo hosts the OpenZiti SDK for NodeJS, and is designed to help you deliver secure applications over a OpenZiti Network - https://github.com/openziti/ziti-sdk-nodejs.

zrok.io seems fit for this purpose though you'd have to do a little work like combining it with FileGator or similar. Future releases would add this functionality directly, you could just watch the project. It is fundamentally designed for web app & webhook testing. It's built on top of a zero-trust networking overlay technology called openziti.io. There are developer discourse channels to help.