NetFoundry

API

NetFoundry is a zero-trust networking platform using OpenZiti to embed application-specific networking in software witho

netfoundry.io

Last updated: April 2026

NetFoundry is a zero-trust networking platform using OpenZiti to embed application-specific networking in software without VPNs or open firewall ports.

Visit Website

4views

Network SecurityEnterprise SaaS Commercial

About

NetFoundry is the company behind OpenZiti, the open source zero-trust networking project, and provides a managed cloud service for deploying, managing, and operating zero-trust overlay networks at scale. NetFoundry's platform enables organizations to eliminate traditional VPN infrastructure and firewall-based access controls by embedding networking directly into applications using OpenZiti SDKs.

The software-defined connectivity model that NetFoundry promotes is fundamentally different from network-level access control. Traditional VPNs grant access at the network level, allowing authenticated users to communicate with any host in the connected network segment. NetFoundry's approach embeds the security boundary inside the application itself using SDKs, so that only applications with the correct cryptographic identity can communicate, regardless of the underlying network.

NetFoundry Console provides a centralized management interface for creating and managing zero-trust networks, managing identities, configuring access policies, and monitoring network activity. Organizations use the console to define which identities (users, services, devices) are permitted to access which services, with cryptographically enforced policies that cannot be bypassed by network-level tricks.

The NetFoundry Fabric is the globally distributed network infrastructure that provides the routing, relay, and control plane for NetFoundry-based overlay networks. The Fabric is deployed across major cloud regions worldwide, providing the latency optimization and redundancy needed for production applications. Organizations using NetFoundry Cloud do not need to operate their own network infrastructure, relying instead on the managed Fabric.

Edge Router management through the NetFoundry platform allows deploying edge routers on customer infrastructure to provide local network access points. Edge routers improve performance for users and services in specific locations by providing a nearby entry point to the NetFoundry Fabric.

Developer integration using the OpenZiti SDKs for Java, Go, Python, Node.js, Swift, and other languages enables embedding zero-trust connectivity directly in application code. The SDK handles all aspects of the zero-trust connection including identity enrollment, policy evaluation, and encrypted tunneling, requiring only a few lines of code to add zero-trust networking to any application.

Positioning

NetFoundry provides a zero-trust networking platform built on OpenZiti, its open source programmable network overlay. The platform enables organizations to embed zero-trust connectivity directly into applications, eliminating the need for traditional VPNs, firewalls, and exposed ports while maintaining complete application-level security.

NetFoundry’s approach is fundamentally different from bolt-on security solutions. Rather than protecting network perimeters, it makes applications invisible to the internet by default—services only communicate through authenticated, encrypted, identity-based connections. This application-embedded networking model, combined with a global fabric of points of presence, delivers both security and performance without the complexity of traditional network infrastructure.

What You Get

Zero-Trust Application Networking
Embeds secure connectivity into applications so services never expose listening ports to the internet, eliminating the attack surface entirely
Global Network Fabric
Managed global network with points of presence worldwide that optimize routing and provide resilient, low-latency connectivity
AppWANs
Application-specific micro-networks that define exactly which identities can access which services, enforced at the network level
OpenZiti Integration
Built on the open source OpenZiti project, ensuring no vendor lock-in and full transparency of the underlying networking stack
CloudZiti Console
Web-based management interface for provisioning networks, managing identities, defining services, and monitoring connectivity

Core Areas

Zero-Trust Overlay Networking

Application-embedded networking that authenticates and encrypts every connection without exposing services to the public internet

Managed Network Fabric

Global infrastructure of fabric routers that provide optimized, resilient connectivity across regions and cloud providers

Identity-Based Access

Strong identity verification using x.509 certificates with policies that control which identities can access specific services and endpoints

Developer SDKs

Native SDKs for embedding zero-trust networking directly into applications in Go, C, Python, Swift, Kotlin, and other languages

Why It Matters

The traditional security model of protecting network perimeters has failed—exposed ports, VPN vulnerabilities, and lateral movement attacks continue to plague organizations. NetFoundry inverts this model by making applications dark to the internet by default. No listening ports means no attack surface for scanners, bots, or attackers to exploit.

For organizations building IoT, edge computing, or multi-cloud applications, NetFoundry provides secure connectivity that scales without the operational burden of managing VPN infrastructure. The combination of a managed global fabric with open source foundations through OpenZiti means organizations get enterprise reliability with the transparency and flexibility of open source.

Reviews

No reviews yet.

Netmaker

Netmaker is an open source WireGuard-based mesh networking platform for creating fast, secure virtual networks between servers, containers, and clients.

Network SecurityNetworking

Nebula

Nebula is an open source mesh networking tool by Slack for creating fast, secure overlay networks between distributed hosts using WireGuard-inspired design.