Skip to main content

Frontdoor overview

NetFoundry Frontdoor is an enterprise-ready, zero-trust ingress platform. It's engineered to securely expose your internal services to the internet, partners, or customers without ever compromising your network perimeter.

Forget the complexity and risk of traditional methods. Frontdoor is your modern internet edge, providing a hardened, globally distributed entry point that seamlessly connects services across your data center, Kubernetes clusters, and multi-cloud environments.

Architecture

Why deploy complexity when you can simply connect? We do the heavy lifting of edge hardening and continuous security by leveraging the OpenZiti fabric. Lightweight Agents establish outbound-only connections, creating dark, identity-based tunnels for your services.

Going beyond basic tunneling, Frontdoor provides a single control plane for centralized management, access control, and observability. This is frictionless security that delights developers and satisfies the CISO.

NF Frontdoor architecture

Features

  • Share an enterprise service or API: Securely expose internal web services, enterprise APIs, or company websites by proxying a target web server specified as an HTTP/S URL.
  • Custom DNS and branding: Use your own domain names for publicly exposed services, allowing for complete custom branding and seamless integration with existing DNS infrastructure.
  • Zero trust: Uses OpenZiti's mesh overlay network to continuously authenticate and authorize every user, device, and application.
  • Easy to use: Features a simple management console allowing you to start sharing quickly.
  • Controlled access: Restrict service access by integrating with auth provider such as OIDC-compliant systems, Google OAuth, or GitHub OAuth to enforce policies based on user identity, email domains, or organization membership.
  • Hardened entry point: All managed frontends automatically handle failover and use a Web Application Firewall (WAF) with protection rules to filter and mitigate malicious traffic and anonymous abuse from the web.
  • Secure backhaul: The data link between the frontends and your Frontdoor agent is automatically encrypted and can't be eavesdropped, impersonated, or manipulated.
  • Convenient deployment: The lightweight Frontdoor agent installs easily as a Linux package.
  • Management console: Provides beautiful visualization of usage metrics over useful time frames.
  • Activity logs: Logs every request your share service handles on your server.

Hit next to get started with Frontdoor!