Best practice for multi-user zero-trust isolation on the same host

tttjhgan · May 6, 2026, 1:22am

Hi everyone,

I’m evaluating OpenZiti / NetBird for a scenario where multiple users share the same Linux host.

Example:

User A and User B log in to the same machine.  
User A should only access A’s resources.  
User B should only access B’s resources.  
They must not access each other’s services, identities, routes, DNS, or tunnels.

Questions:

What is the recommended architecture for this scenario?
Should each user run a dedicated tunnel/agent with a separate identity?
How should routing, DNS, and TUN interfaces be isolated on the same host?
Are Linux network namespaces, containers, or separate VMs recommended?
Are there official best practices for this type of multi-user isolation?

Topic		Replies	Views
Ziti Desktop Edge for Windows on a computer with more than one desktop user Ziti Desktop Edge for Windows	4	317	February 17, 2025
BrowZer Multi-Service Support, NGINX Module Logging, and Multi-Tenant Design in OpenZiti BrowZer	3	52	September 16, 2025
OpenZiti support for pods within same node	2	50	August 30, 2024
Decision about my Zero Trust Netwrok Infrastructure project	7	111	May 30, 2025
Binding a service to multiple hosts Ziti Tunnel	12	411	February 27, 2023

Best practice for multi-user zero-trust isolation on the same host

Related topics