I love what you're doing with OpenZiti. I've looked at it multiple times, and I always come away feeling like it's not a good fit for me, and indiehosters in general.
I think the concept of making a simple SDK for embedding tunneling in apps is unique and very compelling.
However, for me to commit to a platform like that, the most important question is: if upstream changes their license, runs out of money, or just generally takes things in a direction I don't like, what are my options?
Ideally, the platform would be so simple that I can just fork it myself or with a small team without too much effort. The best way to create a platform like this is to build around simple, open protocols. I've never gotten the feeling OpenZiti is designed this way. I've never found any documentation on the network protocol. Your platform also offers many features I don't need, which makes it even higher risk to consider forking.
Note that I'm not trying to say you're doing something wrong. I'm not aware of any tunneling platform that provides this, which is why I'm currently building one myself (a successor to boringproxy).
I get the feeling OpenZiti is rather enterprise focused. And that makes sense, it's almost certainly where all the money is. I really hope you guys are able to prove the value of app-embedded tunneling.
But I'm looking for a very simple consumer product/platform.
- Agreed. OpenZiti is not trying to focus on indie hosts. It has the goal to completely transform how networking and connectivity are done, to make secure by default and a simple user experience the de facto standard.
- Our path to do this definitely depends on monetising enterprise rather than indiehosters. That said, you can build abstractions on OpenZiti, which are much more simple and focused on indie hosters. A good example is zrok (https://zrok.io/), which makes sharing super simple (publicly, privately, and more), and is built on OpenZiti. Likewise, it's FOSS and permissively licensed under Apache 2.0 while also having a free SaaS.
- Likewise, we truly do believe in the power of app-embedded to transform networking and connectivity, but I would note the majority of people (self-hosters and enterprises alike) today use it as a superior private connectivity platform rather than for the app-embedded. They may use the SDKs, or consider it in the future, but the main selling point is the power of the platform, making it dead simple to do private connectivity across networks while abstracting away a lot of complexity (no need for VPNs, SDWAN, inbound ports, complex ACLs, L4 load balancers, public DNS, etc).
> "feeling like it's not a good fit for me, and indiehosters in general."
Maintainer here so I'm gonna be biased with this hot take, but I really don't agree with this particular sentiment.
I would turn it around instead and say that most indie hosters are maybe not looking for the levels of protection a zero trust overlay network provides. That is a believable reason for me why it might be perceived as not a good fit. If you're not looking for the sort of security that OpenZiti affords the operator, it will certainly feel less of a fit than a classic VPN-like solution. It also focuses on a different paradigm wrt connectivity centered around individual services. That does mean the learning curve is absolutely steeper because it's not "just IP" and all our years of ip-based-know-how are useful, but not to make the most of the system. While one can use IP/L3/L4 just fine with OpenZiti, it's certainly not trying to be an IP-based VPN (like many of the other solutions are). That also might lead to feeling like it's not a great fit.
For the people who want the sort of security OpenZiti provides, however. It really is an easy-to-use (my bias showing) solution that plenty of indie hosters use already. :)
Not trying to sound too defensive here (a little is ok, right?) but I also appreciate the comments and feedback, thank you!
I think the concept of making a simple SDK for embedding tunneling in apps is unique and very compelling.
However, for me to commit to a platform like that, the most important question is: if upstream changes their license, runs out of money, or just generally takes things in a direction I don't like, what are my options?
Ideally, the platform would be so simple that I can just fork it myself or with a small team without too much effort. The best way to create a platform like this is to build around simple, open protocols. I've never gotten the feeling OpenZiti is designed this way. I've never found any documentation on the network protocol. Your platform also offers many features I don't need, which makes it even higher risk to consider forking.
Note that I'm not trying to say you're doing something wrong. I'm not aware of any tunneling platform that provides this, which is why I'm currently building one myself (a successor to boringproxy).
I get the feeling OpenZiti is rather enterprise focused. And that makes sense, it's almost certainly where all the money is. I really hope you guys are able to prove the value of app-embedded tunneling.
But I'm looking for a very simple consumer product/platform.