feat(website): March Product Update (#3886)

March newsletter

docs/README.md

@@ -73,8 +73,8 @@ Firezone is:
   establishes tunnels on-the-fly at the time of access.
 - **Open:** Our entire product is open-source, allowing anyone to audit the
   codebase.
-- **Flexible:** Authenticate users via email, Google Workspace, or OIDC and sync
-  users and groups automatically.
+- **Flexible:** Authenticate users via email, Google Workspace, Okta, Entra ID,
+  or OIDC and sync users and groups automatically.
 - **Simple:** Deploy gateways and configure access in minutes with a snappy
   admin UI.
 

website/src/app/blog/jan-2024-product-update/readme.mdx

@@ -1,7 +1,9 @@
-_This is the first post of our new product newsletter aimed at providing regular
-updates on the Firezone product. We'll use these posts going forward to announce
-new features, major updates to existing features, and any other product-related
-news._
+<p className="text-sm">
+  _This is the first post of our new product newsletter aimed at providing
+  regular updates on the Firezone product. We'll use these posts going forward
+  to announce new features, major updates to existing features, and any other
+  product-related news._
+</p>
 
 Happy new year from the Firezone team!
 

website/src/app/blog/mar-2024-product-update/_page.tsx

@@ -0,0 +1,17 @@
+"use client";
+import Post from "@/components/Blog/Post";
+import Content from "./readme.mdx";
+
+export default function _Page() {
+  return (
+    <Post
+      authorName="Jamil Bou Kheir"
+      authorTitle="Founder"
+      authorEmail="jamil@firezone.dev"
+      title="March 2024 Product Update"
+      date="2024-03-01"
+    >
+      <Content />
+    </Post>
+  );
+}

website/src/app/blog/mar-2024-product-update/page.tsx

@@ -0,0 +1,11 @@
+import { Metadata } from "next";
+import _Page from "./_page";
+
+export const metadata: Metadata = {
+  title: "March 2024 Product Update • Firezone Blog",
+  description: "March 2024 Product Update",
+};
+
+export default function Page() {
+  return <_Page />;
+}

website/src/app/blog/mar-2024-product-update/readme.mdx

@@ -0,0 +1,169 @@
+import Image from "next/image";
+
+<p className="text-sm">
+  _This is the second post of our semi-monthly product newsletter aimed at
+  providing regular updates on the Firezone product. [Subscribe to future
+  updates](/product/newsletter)_.
+</p>
+
+<Image
+  src="/images/blog/mar-2024-product-update/release-1.0.0-pre.9.png"
+  alt="Release 1.0.0-pre.9"
+  width={500}
+  height={500}
+  className="mx-auto rounded shadow"
+/>
+
+Another month, another product update! We've got a lot to cover in this update,
+so let's dive right in.
+
+## In this update
+
+This update sees the release of Firezone
+[1.0.0-pre.9](https://github.com/firezone/firezone/releases/tag/1.0.0-pre.9),
+containing dozens of bug features, improvements, and a few new features. Here's
+a summary of what's new:
+
+- The [Windows](#windows-client-beta) and [Linux](#linux-client-beta) clients
+  are now available for beta testing.
+- Directory sync is [now available](#directory-sync-for-entra-id-and-okta) for
+  Microsoft Entra ID and Okta.
+- An all-new [connectivity engine](#new-connectivity-engine) that establishes
+  faster and more reliable connections.
+
+Continue reading below for more details.
+
+### Windows Client beta
+
+The Firezone Windows client is now available for beta testing!
+
+You'll need Windows 10 or higher and an x86-64 CPU to run the client.
+[See the docs](/kb/user-guides/windows-client) for more information and download
+links, or use
+[this direct link](https://github.com/firezone/firezone/releases/latest/download/firezone-windows-client-x64.msi)
+to get started right away.
+
+**Note**: Be sure to click **Allow** when prompted by the User Account Control
+dialog. If that dialog does not appear, you may need to manually run Firezone as
+an administrator by right-clicking the Firezone icon and select **Run as
+administrator**.
+
+### Linux Client beta
+
+The Firezone Linux client is also available for beta testing!
+
+This initial release operates exclusively in headless mode, which means you'll
+need a [Service Account](/kb/authenticate/service-accounts) token to
+authenticate it.
+
+[Read the docs](https://www.firezone.dev/kb/user-guides/linux-client) for more
+instructions and download links for your architecture.
+
+Here's an quick example of how to connect to Firezone with it:
+
+```bash
+# sudo is needed to manage DNS and open a tun interface
+sudo ./firezone-linux-x64 --token <your-service-account-token>
+```
+
+Interested the Linux GUI client? It's coming! Track its progress on our
+[public roadmap](https://github.com/orgs/firezone/projects/9/views/1?pane=issue&itemId=44218273).
+The GUI client will allow regular users to authenticate instead of requiring a
+Service Account to do so.
+
+### Directory sync for Entra ID and Okta
+
+We've added support for directory sync with Microsoft Entra ID and Okta.
+
+Similar to the existing Google Workspace directory sync, this allows businesses
+to automatically sync their users and groups from Entra ID and Okta into
+Firezone, making it easier to manage policies to control access to resources.
+
+How it works:
+
+1. Every few minutes, Firezone requests user and group information from Entra ID
+   and Okta using their respective identity APIs.
+1. New users and groups are automatically added to Firezone, existing users and
+   groups will be updated with the latest information, and deleted users and
+   groups will be **disabled** in Firezone _but not deleted_ -- this preserves
+   historical data.
+1. Any affected policies are updated immediately to reflect the changes.
+
+This means whenever a user is deleted or removed from a Group, their access to
+affected resources in Firezone is revoked automatically within a few minutes.
+
+#### What about nested groups?
+
+Have a nested org structure? We've got you covered -- Firezone handles that too.
+
+Let's say you had the following group membership structure in your IdP:
+
+```yaml
+Everyone:
+  - steve@company.com
+  Support:
+    - patrick@company.com
+  Engineering:
+    - bob@company.com
+    - alice@company.com
+    Devops:
+      - john@company.com
+```
+
+You would see the following group memberships in Firezone after sync:
+
+```yaml
+Group:Everyone:
+  - steve@company.com
+  - patrick@company.com
+  - bob@company.com
+  - alice@company.com
+  - john@company.com
+Group:Engineering:
+  - bob@company.com
+  - alice@company.com
+  - john@company.com
+Group:Support:
+  - patrick@company.com
+Group:DevOps:
+  - john@company.com
+```
+
+By syncing group memberships recursively (known as "transitive memberships"),
+Firezone allows you to assign broad policies that include all the members of a
+group, not just the direct ones. This means fewer overall groups are needed to
+define your access controls, and fewer overall policies to manage.
+
+[Read more](/kb/authenticate/directory-sync) about how directory sync works in
+Firezone.
+
+### New connectivity engine
+
+We've overhauled our connectivity engine that powers all NAT traversal in
+Firezone to establish connections faster and more reliably.
+
+As you may recall, Firezone 1.0 features automatic NAT holepunching, which means
+you don't need to open any ports on your firewall to use Firezone. This is
+achieved by implementing a collection of industry-standard techniques known
+collectively as [ICE](https://www.rfc-editor.org/info/rfc8445). Details of how
+ICE works are beyond the scope of this update, but the important thing to know
+is that it's a battle-tested method for establishing peer-to-peer connections in
+even the most challenging network environments.
+
+Our first implementation, while functional, suffered from several architectural
+issues that made it difficult to maintain and extend. Our new implementation,
+aptly named
+"[snownet](https://github.com/firezone/firezone/tree/main/rust/connlib/snownet)"
+(sorry, we couldn't resist), is a ground-up rewrite that addresses these issues
+and provides a solid foundation for future improvements.
+
+### Conclusion
+
+Like what you see and want to give Firezone a try? We're still accepting early
+access sign ups for a while longer, so go here to
+[apply for early access](/product/early-access) and we'll be in touch.
+
+Want to see Firezone in action? [Request a demo](/product/demo) if you'd like a
+first-hand look at how Firezone can help your organization.
+
+That's all for this update!

website/src/app/blog/page.tsx

@@ -23,6 +23,30 @@ export default function Page() {
           </p>
         </div>
         <div className="grid divide-y">
+          <SummaryCard
+            title="March 2024 Product Update"
+            date="March 1, 2024"
+            href="/blog/mar-2024-product-update"
+            authorName="Jamil Bou Kheir"
+            authorAvatarSrc={gravatar("jamil@firezone.dev")}
+            type="Announcement"
+          >
+            <p className="mb-2">
+              Firezone{" "}
+              <Link
+                href="/blog/mar-2024-product-update"
+                className="text-accent-500 underline hover:no-underline"
+              >
+                1.0.0-pre.9 is released
+              </Link>
+              ! In this update:
+            </p>
+            <ul className="list-inside list-disc ml-4">
+              <li>Windows and Linux betas</li>
+              <li>Directory sync for Microsoft Entra ID and Okta</li>
+              <li>Improved performance and stability</li>
+            </ul>
+          </SummaryCard>
           <SummaryCard
             title="Jaunary 2024 Product Update"
             date="January 1, 2024"
@@ -31,7 +55,7 @@ export default function Page() {
             authorAvatarSrc={gravatar("jamil@firezone.dev")}
             type="Announcement"
           >
-            <p>Happy new year from the Firezone team!</p>
+            <p className="mb-2">Happy new year from the Firezone team!</p>
 
             <p>
               After a long year of building, we're incredibly excited to

website/src/app/kb/authenticate/directory-sync/readme.mdx

@@ -57,7 +57,7 @@ Everyone:
       - john@company.com
 ```
 
-You would see the following group memberships in Firezone:
+You would see the following group memberships in Firezone after sync:
 
 ```yaml
 Group:Everyone:

website/src/app/kb/deploy/clients/readme.mdx

@@ -17,8 +17,8 @@ protected Resources.
 See our [end-user instructions](/kb/user-guides/) for basic installation and
 usage instructions for the Firezone Client that are appropriate for all Firezone
 users. Or continue reading below for [MDM](#deploy-with-mdm) deployment and
-[headless mode](#headless-mode-operation) instructions suited Firezone admins
-wishing to deploy the clients at scale across their organization.
+[headless mode](#headless-mode-operation) instructions suited for Firezone
+admins wishing to deploy the clients at scale across their organization.
 
 ## Provision with MDM
 

website/src/app/kb/user-guides/linux-client/readme.mdx

@@ -25,7 +25,7 @@ Alternatively, download the latest Client binary using one of the links below:
 - [Download the Linux Client for `ARMv7l`](https://github.com/firezone/firezone/releases/latest/download/linux-client-arm)
 - [Download the Linux Client for `ARM64`](https://github.com/firezone/firezone/releases/latest/download/linux-client-arm64)
 
-## Running the Linux Client
+## Usage
 
 The Linux Client requires a Service Account token to authenticate to Firezone.
 If you don't already have a token generated, follow the instructions in the

website/src/app/kb/user-guides/windows-client/readme.mdx

@@ -14,3 +14,13 @@ The Windows Client is currently in beta and can be downloaded from the following
 links:
 
 - [Download the MSI installer package](https://github.com/firezone/firezone/releases/latest/download/firezone-windows-client-x64.msi)
+
+## Usage
+
+The Windows Client must be run as an administrator to function correctly.
+
+**Be sure to click "Allow" when prompted by the User Account Control dialog.**
+
+If that dialog does not appear, you may need to manually run Firezone as an
+administrator. To do so, right-click the Firezone icon and select "Run as
+administrator."