OpenZiti "Host It Myself" Quickstart Overview

Рет қаралды 3,909

Күн бұрын

Пікірлер: 12

@AnthOS_72 11 ай бұрын

Hello, I'm having a hard time implementing that, as much as without docker, with docker and with docker compose. Think you can help me? Thank you.

@OpenZiti 11 ай бұрын

Will you start a thread on our Discourse forum where we can get more data and help you better? Sign up and create a post over at openziti.discourse.group/

@AnthOS_72 11 ай бұрын

Thanks@@OpenZiti

@jessequinn7628 2 жыл бұрын

Hi Clint, can you make a video on how to add a service such as a database on the same VPC as the controller/router? I am having difficultly wrapping my head around the entire process. For instance, i have followed this video where i have a provisioned GCP compute instance that has the controller/router installed and on the same subnet I have a Cassandra node. I would like to be able to setup the service, identities and policies to connect to this Cassandra node.

@openclint 2 жыл бұрын

Sure! Accessing resources from OpenZiti is pretty much the same regardless of what cloud provider you use (or kubernetes, docker, private DC, or home network, whatever) but I'll make a video where I demonstrate access to a totally private server using OpenZiti. I don't have much Cassandra experience so I will assume that it doesn't matter for you what the 'target' service I use actually is (I might use netcat, i might use some http server etc).

@jessequinn7628 2 жыл бұрын

@@openclint no it doesn’t matter. just need some service with an open port as an example. possibly a managed service as well as an example

@openclint 2 жыл бұрын

@@jessequinn7628 Video uploading right now at kzbin.info/www/bejne/pZS4gYqAl8Z6b9E hopefully it's what you need. If not let me know and we'll get you there!

@edwinpacheco7239 2 жыл бұрын

Could you make a video where you show something similar to this configuration, but everything local (not docker), please? I tell you that I have had some complications for the ZAC

@OpenZiti 2 жыл бұрын

Sure. It's uploading now. HD always takes a few minutes to process. Find it at kzbin.info/www/bejne/q5zZpnlsjJpobJI

@danielgonzalez9692 Жыл бұрын

So, you have to open up ports on your FW? Thats not zero trust access. The point of ZTNA is to not open ports on the NGFW.

@OpenZiti Жыл бұрын

You're absolutely correct that open ports in your firewall is contrary to a zero trust setup but those are not the ports that need to be open and this comment is a common one. The confusion is that it's the overlay network itself is what needs ports to be opened for the control plane and for the data plane which are both mTLS secured. Nodes on your "private" network would require outbound internet access toward the controller/router but nothing INBOUND on those private networks. Hopefully that makes enough sense. We believe strongly that all firewalls should be deny by default.