I was just wondering, what makes OpenZiti special and preferred over other Zero Trust solutions like TRASA and Pritunl Zero? (haven’t tried them jet, but i’d like to implement a solution to my lab env)
I would love to hear your opinions!
Point solution versus platform.
TRASA and Pritunl Zero look like nice proxies/bastions, implementing zero trust concepts such as identity secured networking.
OpenZiti is a platform - you use it to extend zero trust networking for any use case you can imagine - even embedding it inside individual apps or solutions, as code, to eliminate dependencies on VPNs, WANs, firewalls, NATs, IP addresses, private APNs, etc. You get multicloud native zero trust networking, orchestrated from a single platform, regardless of different underlying edges, clouds or networks.
From a security perspective, because the OpenZiti platform uniquely includes endpoints on both sides*, and a programmable private Fabric** in the middle, it is the only platform to enable you to eliminate link listeners and open inbound firewall ports. In contrast, every other solution, including the ones you listed, are open to the networks, relying on things like firewall rules to reduce the attack surface.
*agentless or agents - up to you. agentless via the OpenZiti SDKs for various programming languages. agents for any OS or cloud, available in every marketplace.
**think of this as your own cloud native SDN or SD-WAN, with the routers hosted by you (OpenZiti) or hosted by NetFoundry (SaaS built on top of OpenZiti))
@P.H, Clint did a nice ZitiTV this week which called out some of the superpowers of OpenZiti which should help add to why it is special - Ziti TV 6th May - YouTube