Skip to main content
Star us on GitHub Star
👆 live "Reflect" messages will display here
Ziggy Chef

Appetizer: Taste OpenZiti

If you have go installed, it's as simple as clone the repo, and go run and you can experience application embedded zero trust in action 👇.

git clone https://github.com/openziti-test-kitchen/appetizer.git
cd appetizer
go run clients/reflect.go reflectService

What You Get by Adopting an OpenZiti SDK

  • Strong identities. X509 certificates guarantee all entities on the network are who they claim to be.
  • Segmented access. Follow the "least privileged access" model. Allow access only to exactly what is needed.
  • Protection from port scanning. The application has no listening ports, it's "dark". It's impossible to detect and directly attack.
  • Continuous authentication. The world is dynamic. Constant authentication is vital.
  • End-to-end encryption. Make sure the data you intend to send is only available to the intended recipient.
Loading asciinema cast...

Taking a Closer Look

Step 1 - Reflect Server Strong Identity

When the Appetizer process starts, it first creates a strong identity for itself. This strong identity (represented by the lock icon) is authorized to "bind" the reflect service, creating a listener. The reflect server is then listening on the overlay and able to accept incoming connections from other strong identities, authorized to participate in the OpenZiti network.

[object Object]