extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2024-11-27 02:23:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
e9ec9f2120
zrok/website/blog/introducing_zrok.md
Michael Quigley 18bd8a798e
introducing zrok; paragraph
2023-01-27 13:54:34 -05:00

6.1 KiB
Raw Blame History

Introducing zrok

I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

zrok focuses on streamlining sharing for both developers and end users alike. zrok takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, zrok adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.

Here are some of the things that make zrok different...

Private Sharing

Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.

zrok expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other zrok users through the zero-trust overlay network.

In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. zrok handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.

And if you want public sharing, zrok has that also. Our private sharing modes are an additional capability that zrok adds to the recipe. zrok supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.

Files; Repositories; Video... Decentralized

Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a frictionless way.

zrok also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... zrok will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.

Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using zrok as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.

We're still just getting started on building out these aspects of zrok. zrok already provides built-in single-command file sharing. You can get started using these powerful tools today!

Production zrok

NetFoundry is offering zrok.io, a managed zrok service instance you can use to try out zrok and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit zrok.io for details about requesting an invite.

Once zrok and zrok.io are out of beta, we'll be opening this service up to the public.

zrok.io runs on top of the open-source version of zrok. We're building on top of the same open-source codebase that's available today.

Open-Source; Self-Host

zrok is committed to being open-source. You've got everything you need to host your own zrok instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple guide to getting this running in minutes, including the OpenZiti portions.

You can access the open-source version of zrok today.

A Start

I'm really excited about sharing zrok with you. As of this writing, we're at v0.3.0, and there is still a ton of work to do to get zrok to where I know it can go. zrok is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the OpenZiti GitHub).

Starting with v0.4, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with zrok. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of zrok on top of OpenZiti; these will be a great introduction to building a Ziti Native Application from the ground up. These videos will also be a comprehensive look at how zrok works.

We'd love your participation in the zrok project! You can find us on GitHub at https://github.com/openziti/zrok.