What’s new in DN?
While Nebula has always had a robust host firewall and groups-based model for defining rules, managing it at scale took effort.
When we first launched the DN beta we only provided a very basic toggle, allow all / allow none, when setting a host’s inbound firewall rules.
For the Advanced Firewall release, we went back to the drawing board and returned with Roles, which combines group-identity with a collection of inbound firewall rules.
Each host is assigned a role, which is evaluated by other hosts to determine which firewall rules apply.
For example, a server-www role might specify the following: Hosts with the endpoint-admin role may attempt to connect on port 22 to use SSH, but all other hosts may only attempt to connect on ports 80 & 443.
The best part? Any time a firewall rule is changed, each host affected by that change is automatically updated. ✨
The DN client software running on each host automatically updates its configuration to reflect changes made by a DN administrator.
One of the benefits of rolling out an overlay network is that it provides the opportunity to significantly improve network security by defining appropriate access controls for each overlay host.
In order to join the overlay network and establish any connectivity, each host also needs a digitally signed certificate. Adding hosts and issuing certificates is core to managing any Nebula overlay network.
In DN, we store information related to each change in an organization’s overlay network, and surface those changes via a comprehensive audit log.
The before and after state of each activity is stored in the audit log — providing a changelog for your overlay network. Know exactly what happened, who made the change, and when the affected hosts were updated.
View and filter the logs in the DN web app or export them to a CSV to dive deeper with even greater detail and metadata.
We’d love to hear from you!
What do you think about the direction of DN? What challenges are you hoping it might be able to help solve? Send an email to firstname.lastname@example.org.
On behalf of the entire Defined team, thank you. We sincerely appreciate your interest and support. More to come!
Director of Product Marketing