diff --git a/docs/README.md b/docs/README.md index 852fa3d8a..e45e71f61 100644 --- a/docs/README.md +++ b/docs/README.md @@ -73,8 +73,8 @@ Firezone is: establishes tunnels on-the-fly at the time of access. - **Open:** Our entire product is open-source, allowing anyone to audit the codebase. -- **Flexible:** Authenticate users via email, Google Workspace, or OIDC and sync - users and groups automatically. +- **Flexible:** Authenticate users via email, Google Workspace, Okta, Entra ID, + or OIDC and sync users and groups automatically. - **Simple:** Deploy gateways and configure access in minutes with a snappy admin UI. diff --git a/website/public/images/blog/mar-2024-product-update/release-1.0.0-pre.9.png b/website/public/images/blog/mar-2024-product-update/release-1.0.0-pre.9.png new file mode 100644 index 000000000..fec3351c4 Binary files /dev/null and b/website/public/images/blog/mar-2024-product-update/release-1.0.0-pre.9.png differ diff --git a/website/src/app/blog/jan-2024-product-update/readme.mdx b/website/src/app/blog/jan-2024-product-update/readme.mdx index 41e34f12d..6bfeeab5c 100644 --- a/website/src/app/blog/jan-2024-product-update/readme.mdx +++ b/website/src/app/blog/jan-2024-product-update/readme.mdx @@ -1,7 +1,9 @@ -_This is the first post of our new product newsletter aimed at providing regular -updates on the Firezone product. We'll use these posts going forward to announce -new features, major updates to existing features, and any other product-related -news._ +

+ _This is the first post of our new product newsletter aimed at providing + regular updates on the Firezone product. We'll use these posts going forward + to announce new features, major updates to existing features, and any other + product-related news._ +

Happy new year from the Firezone team! diff --git a/website/src/app/blog/mar-2024-product-update/_page.tsx b/website/src/app/blog/mar-2024-product-update/_page.tsx new file mode 100644 index 000000000..86dceb9c5 --- /dev/null +++ b/website/src/app/blog/mar-2024-product-update/_page.tsx @@ -0,0 +1,17 @@ +"use client"; +import Post from "@/components/Blog/Post"; +import Content from "./readme.mdx"; + +export default function _Page() { + return ( + + + + ); +} diff --git a/website/src/app/blog/mar-2024-product-update/page.tsx b/website/src/app/blog/mar-2024-product-update/page.tsx new file mode 100644 index 000000000..0a2f8cdc4 --- /dev/null +++ b/website/src/app/blog/mar-2024-product-update/page.tsx @@ -0,0 +1,11 @@ +import { Metadata } from "next"; +import _Page from "./_page"; + +export const metadata: Metadata = { + title: "March 2024 Product Update • Firezone Blog", + description: "March 2024 Product Update", +}; + +export default function Page() { + return <_Page />; +} diff --git a/website/src/app/blog/mar-2024-product-update/readme.mdx b/website/src/app/blog/mar-2024-product-update/readme.mdx new file mode 100644 index 000000000..12beddd42 --- /dev/null +++ b/website/src/app/blog/mar-2024-product-update/readme.mdx @@ -0,0 +1,169 @@ +import Image from "next/image"; + +

+ _This is the second post of our semi-monthly product newsletter aimed at + providing regular updates on the Firezone product. [Subscribe to future + updates](/product/newsletter)_. +

+ +Release 1.0.0-pre.9 + +Another month, another product update! We've got a lot to cover in this update, +so let's dive right in. + +## In this update + +This update sees the release of Firezone +[1.0.0-pre.9](https://github.com/firezone/firezone/releases/tag/1.0.0-pre.9), +containing dozens of bug features, improvements, and a few new features. Here's +a summary of what's new: + +- The [Windows](#windows-client-beta) and [Linux](#linux-client-beta) clients + are now available for beta testing. +- Directory sync is [now available](#directory-sync-for-entra-id-and-okta) for + Microsoft Entra ID and Okta. +- An all-new [connectivity engine](#new-connectivity-engine) that establishes + faster and more reliable connections. + +Continue reading below for more details. + +### Windows Client beta + +The Firezone Windows client is now available for beta testing! + +You'll need Windows 10 or higher and an x86-64 CPU to run the client. +[See the docs](/kb/user-guides/windows-client) for more information and download +links, or use +[this direct link](https://github.com/firezone/firezone/releases/latest/download/firezone-windows-client-x64.msi) +to get started right away. + +**Note**: Be sure to click **Allow** when prompted by the User Account Control +dialog. If that dialog does not appear, you may need to manually run Firezone as +an administrator by right-clicking the Firezone icon and select **Run as +administrator**. + +### Linux Client beta + +The Firezone Linux client is also available for beta testing! + +This initial release operates exclusively in headless mode, which means you'll +need a [Service Account](/kb/authenticate/service-accounts) token to +authenticate it. + +[Read the docs](https://www.firezone.dev/kb/user-guides/linux-client) for more +instructions and download links for your architecture. + +Here's an quick example of how to connect to Firezone with it: + +```bash +# sudo is needed to manage DNS and open a tun interface +sudo ./firezone-linux-x64 --token +``` + +Interested the Linux GUI client? It's coming! Track its progress on our +[public roadmap](https://github.com/orgs/firezone/projects/9/views/1?pane=issue&itemId=44218273). +The GUI client will allow regular users to authenticate instead of requiring a +Service Account to do so. + +### Directory sync for Entra ID and Okta + +We've added support for directory sync with Microsoft Entra ID and Okta. + +Similar to the existing Google Workspace directory sync, this allows businesses +to automatically sync their users and groups from Entra ID and Okta into +Firezone, making it easier to manage policies to control access to resources. + +How it works: + +1. Every few minutes, Firezone requests user and group information from Entra ID + and Okta using their respective identity APIs. +1. New users and groups are automatically added to Firezone, existing users and + groups will be updated with the latest information, and deleted users and + groups will be **disabled** in Firezone _but not deleted_ -- this preserves + historical data. +1. Any affected policies are updated immediately to reflect the changes. + +This means whenever a user is deleted or removed from a Group, their access to +affected resources in Firezone is revoked automatically within a few minutes. + +#### What about nested groups? + +Have a nested org structure? We've got you covered -- Firezone handles that too. + +Let's say you had the following group membership structure in your IdP: + +```yaml +Everyone: + - steve@company.com + Support: + - patrick@company.com + Engineering: + - bob@company.com + - alice@company.com + Devops: + - john@company.com +``` + +You would see the following group memberships in Firezone after sync: + +```yaml +Group:Everyone: + - steve@company.com + - patrick@company.com + - bob@company.com + - alice@company.com + - john@company.com +Group:Engineering: + - bob@company.com + - alice@company.com + - john@company.com +Group:Support: + - patrick@company.com +Group:DevOps: + - john@company.com +``` + +By syncing group memberships recursively (known as "transitive memberships"), +Firezone allows you to assign broad policies that include all the members of a +group, not just the direct ones. This means fewer overall groups are needed to +define your access controls, and fewer overall policies to manage. + +[Read more](/kb/authenticate/directory-sync) about how directory sync works in +Firezone. + +### New connectivity engine + +We've overhauled our connectivity engine that powers all NAT traversal in +Firezone to establish connections faster and more reliably. + +As you may recall, Firezone 1.0 features automatic NAT holepunching, which means +you don't need to open any ports on your firewall to use Firezone. This is +achieved by implementing a collection of industry-standard techniques known +collectively as [ICE](https://www.rfc-editor.org/info/rfc8445). Details of how +ICE works are beyond the scope of this update, but the important thing to know +is that it's a battle-tested method for establishing peer-to-peer connections in +even the most challenging network environments. + +Our first implementation, while functional, suffered from several architectural +issues that made it difficult to maintain and extend. Our new implementation, +aptly named +"[snownet](https://github.com/firezone/firezone/tree/main/rust/connlib/snownet)" +(sorry, we couldn't resist), is a ground-up rewrite that addresses these issues +and provides a solid foundation for future improvements. + +### Conclusion + +Like what you see and want to give Firezone a try? We're still accepting early +access sign ups for a while longer, so go here to +[apply for early access](/product/early-access) and we'll be in touch. + +Want to see Firezone in action? [Request a demo](/product/demo) if you'd like a +first-hand look at how Firezone can help your organization. + +That's all for this update! diff --git a/website/src/app/blog/page.tsx b/website/src/app/blog/page.tsx index c9274413d..580c2f221 100644 --- a/website/src/app/blog/page.tsx +++ b/website/src/app/blog/page.tsx @@ -23,6 +23,30 @@ export default function Page() {

+ +

+ Firezone{" "} + + 1.0.0-pre.9 is released + + ! In this update: +

+
    +
  • Windows and Linux betas
    • +
  • Directory sync for Microsoft Entra ID and Okta
    • +
  • Improved performance and stability
    • +
+ -

Happy new year from the Firezone team!

+

Happy new year from the Firezone team!

After a long year of building, we're incredibly excited to diff --git a/website/src/app/kb/authenticate/directory-sync/readme.mdx b/website/src/app/kb/authenticate/directory-sync/readme.mdx index 41e54df55..abe3f2c60 100644 --- a/website/src/app/kb/authenticate/directory-sync/readme.mdx +++ b/website/src/app/kb/authenticate/directory-sync/readme.mdx @@ -57,7 +57,7 @@ Everyone: - john@company.com ``` -You would see the following group memberships in Firezone: +You would see the following group memberships in Firezone after sync: ```yaml Group:Everyone: diff --git a/website/src/app/kb/deploy/clients/readme.mdx b/website/src/app/kb/deploy/clients/readme.mdx index 35cf4cd14..e682f1d8d 100644 --- a/website/src/app/kb/deploy/clients/readme.mdx +++ b/website/src/app/kb/deploy/clients/readme.mdx @@ -17,8 +17,8 @@ protected Resources. See our [end-user instructions](/kb/user-guides/) for basic installation and usage instructions for the Firezone Client that are appropriate for all Firezone users. Or continue reading below for [MDM](#deploy-with-mdm) deployment and -[headless mode](#headless-mode-operation) instructions suited Firezone admins -wishing to deploy the clients at scale across their organization. +[headless mode](#headless-mode-operation) instructions suited for Firezone +admins wishing to deploy the clients at scale across their organization. ## Provision with MDM diff --git a/website/src/app/kb/user-guides/linux-client/readme.mdx b/website/src/app/kb/user-guides/linux-client/readme.mdx index 4b929e40e..b24e5e521 100644 --- a/website/src/app/kb/user-guides/linux-client/readme.mdx +++ b/website/src/app/kb/user-guides/linux-client/readme.mdx @@ -25,7 +25,7 @@ Alternatively, download the latest Client binary using one of the links below: - [Download the Linux Client for `ARMv7l`](https://github.com/firezone/firezone/releases/latest/download/linux-client-arm) - [Download the Linux Client for `ARM64`](https://github.com/firezone/firezone/releases/latest/download/linux-client-arm64) -## Running the Linux Client +## Usage The Linux Client requires a Service Account token to authenticate to Firezone. If you don't already have a token generated, follow the instructions in the diff --git a/website/src/app/kb/user-guides/windows-client/readme.mdx b/website/src/app/kb/user-guides/windows-client/readme.mdx index ac5e1ae5e..e3d0cfaa4 100644 --- a/website/src/app/kb/user-guides/windows-client/readme.mdx +++ b/website/src/app/kb/user-guides/windows-client/readme.mdx @@ -14,3 +14,13 @@ The Windows Client is currently in beta and can be downloaded from the following links: - [Download the MSI installer package](https://github.com/firezone/firezone/releases/latest/download/firezone-windows-client-x64.msi) + +## Usage + +The Windows Client must be run as an administrator to function correctly. + +**Be sure to click "Allow" when prompted by the User Account Control dialog.** + +If that dialog does not appear, you may need to manually run Firezone as an +administrator. To do so, right-click the Firezone icon and select "Run as +administrator."