chore: Bump versions to link 1.0.3 packages (#4924)

Link to latest binaries

Generated with `make -f scripts/Makefile`.

Just need a rubber-stamp, changes should be GTG

.github/workflows/_build_artifacts.yml

@@ -40,7 +40,7 @@ on:
 
 env:
   # mark:automatic-version
-  VERSION: "1.0.3"
+  VERSION: "1.0.4"
 
 permissions:
   # write permission is required to create a github release
@@ -175,7 +175,7 @@ jobs:
             image_name: http-test-server
     env:
       # mark:automatic-version
-      BINARY_DEST_PATH: ${{ matrix.name.artifact }}_1.0.3_${{ matrix.arch.shortname }}
+      BINARY_DEST_PATH: ${{ matrix.name.artifact }}_1.0.4_${{ matrix.arch.shortname }}
     outputs:
       client_image: ${{ steps.image-name.outputs.client_image }}
       relay_image: ${{ steps.image-name.outputs.relay_image }}

.github/workflows/_deploy_production.yml

@@ -11,7 +11,7 @@ on:
 
 env:
   # mark:automatic-version
-  VERSION: "1.0.3"
+  VERSION: "1.0.4"
 
 concurrency:
   group: "production-deploy"

.github/workflows/_tauri.yml

@@ -14,7 +14,7 @@ permissions:
 
 env:
   # mark:automatic-version
-  VERSION: "1.0.3"
+  VERSION: "1.0.4"
 
 defaults:
   run:
@@ -30,26 +30,26 @@ jobs:
         include:
           - runs-on: ubuntu-20.04
             # mark:automatic-version
-            binary-dest-path: firezone-client-gui-linux_1.0.3_x86_64
+            binary-dest-path: firezone-client-gui-linux_1.0.4_x86_64
             rename-script: ../../scripts/build/tauri-rename-ubuntu.sh
             upload-script: ../../scripts/build/tauri-upload-ubuntu.sh
             # mark:automatic-version
-            exe-artifact: rust/gui-client/firezone-client-gui-linux_1.0.3_x86_64
+            exe-artifact: rust/gui-client/firezone-client-gui-linux_1.0.4_x86_64
             # mark:automatic-version
-            syms-artifact: rust/gui-client/firezone-client-gui-linux_1.0.3_x86_64.dwp
+            syms-artifact: rust/gui-client/firezone-client-gui-linux_1.0.4_x86_64.dwp
             # mark:automatic-version
-            pkg-artifact: rust/gui-client/firezone-client-gui-linux_1.0.3_x86_64.deb
+            pkg-artifact: rust/gui-client/firezone-client-gui-linux_1.0.4_x86_64.deb
           - runs-on: windows-2019
             # mark:automatic-version
-            binary-dest-path: firezone-client-gui-windows_1.0.3_x86_64
+            binary-dest-path: firezone-client-gui-windows_1.0.4_x86_64
             rename-script: ../../scripts/build/tauri-rename-windows.sh
             upload-script: ../../scripts/build/tauri-upload-windows.sh
             # mark:automatic-version
-            exe-artifact: rust/gui-client/firezone-client-gui-windows_1.0.3_x86_64.exe
+            exe-artifact: rust/gui-client/firezone-client-gui-windows_1.0.4_x86_64.exe
             # mark:automatic-version
-            syms-artifact: rust/gui-client/firezone-client-gui-windows_1.0.3_x86_64.pdb
+            syms-artifact: rust/gui-client/firezone-client-gui-windows_1.0.4_x86_64.pdb
             # mark:automatic-version
-            pkg-artifact: rust/gui-client/firezone-client-gui-windows_1.0.3_x86_64.msi
+            pkg-artifact: rust/gui-client/firezone-client-gui-windows_1.0.4_x86_64.msi
     env:
       BINARY_DEST_PATH: ${{ matrix.binary-dest-path }}
       AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }}

.github/workflows/_terraform.yml

@@ -4,7 +4,7 @@ on:
 
 env:
   # mark:automatic-version
-  VERSION: "1.0.3"
+  VERSION: "1.0.4"
 
 jobs:
   plan-deploy:

.github/workflows/cd.yml

@@ -14,7 +14,7 @@ on:
 
 env:
   # mark:automatic-version
-  VERSION: "1.0.3"
+  VERSION: "1.0.4"
 
 jobs:
   # Builds images that match what's default in docker-compose.yml for

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ on:
 
 env:
   # mark:automatic-version
-  VERSION: "1.0.3"
+  VERSION: "1.0.4"
 
 # Cancel old workflow runs if new code is pushed
 concurrency:

.github/workflows/publish.yml

@@ -7,7 +7,7 @@ on:
 
 env:
   # mark:automatic-version
-  VERSION: "1.0.3"
+  VERSION: "1.0.4"
 
 concurrency:
   group: "publish-production-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}"

elixir/VERSION

@@ -1 +1 @@
-1.0.3
+1.0.4

rust/Cargo.lock

@@ -1088,7 +1088,7 @@ dependencies = [
 
 [[package]]
 name = "connlib-client-android"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "connlib-client-shared",
  "ip_network",
@@ -1107,7 +1107,7 @@ dependencies = [
 
 [[package]]
 name = "connlib-client-apple"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "connlib-client-shared",
  "ip_network",
@@ -1126,7 +1126,7 @@ dependencies = [
 
 [[package]]
 name = "connlib-client-shared"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -1153,7 +1153,7 @@ dependencies = [
 
 [[package]]
 name = "connlib-shared"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "atomicwrites",
@@ -1845,7 +1845,7 @@ dependencies = [
 
 [[package]]
 name = "firezone-cli-utils"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "clap",
  "tracing",
@@ -1856,7 +1856,7 @@ dependencies = [
 
 [[package]]
 name = "firezone-gateway"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -1889,7 +1889,7 @@ dependencies = [
 
 [[package]]
 name = "firezone-gui-client"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "arboard",
@@ -1943,7 +1943,7 @@ dependencies = [
 
 [[package]]
 name = "firezone-headless-client"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "clap",
@@ -1969,7 +1969,7 @@ dependencies = [
 
 [[package]]
 name = "firezone-linux-client"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "firezone-headless-client",
@@ -1977,7 +1977,7 @@ dependencies = [
 
 [[package]]
 name = "firezone-relay"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "backoff",
@@ -2018,7 +2018,7 @@ dependencies = [
 
 [[package]]
 name = "firezone-tunnel"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "async-trait",
  "bimap",
@@ -2849,7 +2849,7 @@ dependencies = [
 
 [[package]]
 name = "http-health-check"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "axum 0.7.5",
  "clap",
@@ -2864,7 +2864,7 @@ checksum = "21dec9db110f5f872ed9699c3ecf50cf16f423502706ba5c72462e28d3157573"
 
 [[package]]
 name = "http-test-server"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "axum 0.7.5",
@@ -3123,7 +3123,7 @@ dependencies = [
 
 [[package]]
 name = "ip-packet"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "pnet_packet",
 ]
@@ -4458,7 +4458,7 @@ dependencies = [
 
 [[package]]
 name = "phoenix-channel"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "backoff",
  "base64 0.22.0",
@@ -5722,7 +5722,7 @@ dependencies = [
 
 [[package]]
 name = "snownet"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "backoff",
  "boringtun",
@@ -5743,7 +5743,7 @@ dependencies = [
 
 [[package]]
 name = "snownet-tests"
-version = "1.0.3"
+version = "1.0.4"
 dependencies = [
  "anyhow",
  "boringtun",

rust/connlib/clients/android/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "connlib-client-android"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 [lib]

rust/connlib/clients/apple/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "connlib-client-apple"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 [features]

rust/connlib/clients/shared/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "connlib-client-shared"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 [features]

rust/connlib/shared/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "connlib-shared"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

rust/connlib/snownet/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "snownet"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 [dependencies]

rust/connlib/tunnel/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "firezone-tunnel"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 [dependencies]

rust/firezone-cli-utils/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "firezone-cli-utils"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

rust/gateway/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "firezone-gateway"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

rust/gui-client/src-tauri/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "firezone-gui-client"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 description = "Firezone"
 edition = "2021"
 default-run = "firezone-gui-client"

rust/headless-client/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "firezone-headless-client"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 authors = ["Firezone, Inc."]
 

rust/http-health-check/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "http-health-check"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

rust/http-test-server/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "http-test-server"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

rust/ip-packet/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "ip-packet"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 authors = ["Firezone, Inc."]
 publish = false

rust/linux-client/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "firezone-linux-client"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 authors = ["Firezone, Inc."]
 

rust/phoenix-channel/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "phoenix-channel"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

rust/relay/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "firezone-relay"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 [dependencies]

rust/snownet-tests/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "snownet-tests"
 # mark:automatic-version
-version = "1.0.3"
+version = "1.0.4"
 edition = "2021"
 
 [dependencies]

scripts/Makefile

@@ -1,12 +1,19 @@
 # Format: Semver
 # See discussion here: https://github.com/firezone/firezone/issues/2041
 # and PR changing it here: https://github.com/firezone/firezone/pull/2949
+
+# These should track the upcoming release for Apple/Android
 apple-version = 1.0.5
 android-version = 1.0.3
-cargo-version = 1.0.3
-website-version = 1.0.2
-elixir-version = 1.0.3
-ci-version = 1.0.3
+
+# Set this to the current latest published release for the Windows/Linux/Gateway packages so
+# that links from the website will work
+website-version = 1.0.3
+
+# Set this to the upcoming release for the Windows/Linux/Gateway packages
+cargo-version = 1.0.4
+elixir-version = 1.0.4
+ci-version = 1.0.4
 
 .PHONY: version apple-version android-version cargo-version ci-version elixir-version
 

website/redirects.js

@@ -11,7 +11,7 @@ module.exports = [
     source: "/dl/firezone-client-gui-windows/latest/x86_64",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-client-gui-windows_1.0.2_x86_64.msi",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-client-gui-windows_1.0.3_x86_64.msi",
     permanent: false,
   },
   // versioned
@@ -31,35 +31,35 @@ module.exports = [
     source: "/dl/firezone-client-gui-linux/latest/x86_64",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-client-gui-linux_1.0.2_x86_64.deb",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-client-gui-linux_1.0.3_x86_64.deb",
     permanent: false,
   },
   {
     source: "/dl/firezone-client-gui-linux/latest/aarch64",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-client-gui-linux_1.0.2_aarch64.deb",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-client-gui-linux_1.0.3_aarch64.deb",
     permanent: false,
   },
   {
     source: "/dl/firezone-client-headless-linux/latest/x86_64",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-client-headless-linux_1.0.2_x86_64",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-client-headless-linux_1.0.3_x86_64",
     permanent: false,
   },
   {
     source: "/dl/firezone-client-headless-linux/latest/aarch64",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-client-headless-linux_1.0.2_aarch64",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-client-headless-linux_1.0.3_aarch64",
     permanent: false,
   },
   {
     source: "/dl/firezone-client-headless-linux/latest/armv7",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-client-headless-linux_1.0.2_armv7",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-client-headless-linux_1.0.3_armv7",
     permanent: false,
   },
   // versioned
@@ -103,21 +103,21 @@ module.exports = [
     source: "/dl/firezone-gateway/latest/x86_64",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-gateway_1.0.2_x86_64",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-gateway_1.0.3_x86_64",
     permanent: false,
   },
   {
     source: "/dl/firezone-gateway/latest/aarch64",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-gateway_1.0.2_aarch64",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-gateway_1.0.3_aarch64",
     permanent: false,
   },
   {
     source: "/dl/firezone-gateway/latest/armv7",
     destination:
       // mark:automatic-version
-      "https://www.github.com/firezone/firezone/releases/download/1.0.2/firezone-gateway_1.0.2_armv7",
+      "https://www.github.com/firezone/firezone/releases/download/1.0.3/firezone-gateway_1.0.3_armv7",
     permanent: false,
   },
   // versioned

website/src/app/blog/may-2024-update/_page.tsx

@@ -0,0 +1,17 @@
+"use client";
+import Post from "@/components/Blog/Post";
+import Content from "./readme.mdx";
+
+export default function _Page() {
+  return (
+    <Post
+      authorName="Jamil Bou Kheir"
+      authorTitle="Founder"
+      authorEmail="jamil@firezone.dev"
+      title="May 2024 Update"
+      date="2024-05-01"
+    >
+      <Content />
+    </Post>
+  );
+}

website/src/app/blog/may-2024-update/page.tsx

@@ -0,0 +1,11 @@
+import { Metadata } from "next";
+import _Page from "./_page";
+
+export const metadata: Metadata = {
+  title: "May 2024 Update • Firezone Blog",
+  description: "May 2024 Update: GA",
+};
+
+export default function Page() {
+  return <_Page />;
+}

website/src/app/blog/may-2024-update/readme.mdx

@@ -0,0 +1,270 @@
+import Image from "next/image";
+
+<Image
+  src="/images/blog/may-2024-update/traffic-restrictions.png"
+  alt="Traffic restrictions"
+  width={800}
+  height={800}
+  className="mx-auto rounded shadow"
+/>
+
+---
+
+## In this update:
+
+- Restrict access to specific ports and protocols
+
+### Firezone 1.0 GA
+
+After months of beta testing with our early adopters, today we're announcing
+that Firezone 1.0 is now generally available. We couldn't be more excited for
+you to try it.
+
+[Sign up now](https://app.firezone.dev/sign_up) to get started.
+
+#### The road to 1.0
+
+This release marks a significant milestone for Firezone.
+
+When we [announced](/blog/firezone-1-0) Firezone 1.0 was coming last July, we
+knew we had our work cut out for us. Until that point, Firezone was a simple web
+app into a single Docker image. Although a great fit for homelabbers and small
+groups, it wasn't suited to address the remote access needs of larger
+organizations.
+
+It was easy to get up and running quickly with Firezone, but as the number of
+users, devices, and networks to protect grew within an organization, so did the
+complexity of managing it all.
+
+So we went back to the whiteboard to reimagine how Firezone would look if we
+rebuilt it from the ground up The Right Way™ -- with scalability and ease of
+use in mind.
+
+<div class="grid grid-cols-1 sm:grid-cols-2 gap-4">
+  <Image
+    src="/images/blog/apr-2024-update/whiteboard1.jpeg"
+    alt="Whiteboard 1"
+    width={320}
+    height={320}
+    className="rounded shadow"
+  />
+  <Image
+    src="/images/blog/apr-2024-update/whiteboard2.jpeg"
+    alt="Whiteboard 2"
+    width={320}
+    height={320}
+    className="rounded shadow"
+  />
+</div>
+
+{/* Wrapping in JSX to avoid MDX from inserting p tags */}
+
+{(<div className="text-center italic text-sm p-0">
+
+  <span>
+    We don't always work together IRL, but when we do, we rearchitect
+    everything.
+  </span>
+</div>)}
+
+We spent the next several months prototyping, testing, and iterating on a new
+architecture that would allow Firezone to scale to hundreds of thousands of
+users and millions of devices.
+
+#### The stack
+
+We weren't going to squander a good opportunity to rethink our stack choice, but
+it remained largely the same: the new Firezone would be built with Elixir for
+the control plane and Rust for the data plane.
+
+Why?
+
+Elixir has been getting lots of acclaim in recent years for its concurrency
+model and fault-tolerance features. And for good reason: it runs on Erlang's
+BEAM VM, the same technology that powers the telecom industry's most reliable
+systems. There's a good chance the device you're reading this on has an IP
+address handed out by an Erlang-powered telecom switch.
+
+As it turns out, managing connections for a remote access product is _a lot_
+like managing messages across a telecom network:
+
+```
+1. Peer A wants to connect to Peer B.
+2. Is it allowed?
+  Yes: here are their addresses and keys to secure the connection.
+  No: drop the connection.
+```
+
+And Elixir's concurrency model makes it easy to manage thousands of these
+connection "intents" on very little hardware -- just a few tiny VMs orchestrate
+all connections across all our customers, globally.
+
+And what about the data plane? For that, we turned to Rust.
+
+Rust forms the network backbone of Firezone, handling all the heavy lifting of
+encrypting and decrypting packets as they flow between Clients and Gateways. As
+far as systems languages go, Rust couldn't be a better fit for the job. Its
+memory safety guarantees eliminate entire classes of bugs that plague other
+systems languages, making it a great choice for a security-critical application
+like Firezone.
+
+And it has build targets for just about every platform under the sun. Our
+[core connectivity library](https://github.com/firezone/firezone/tree/main/rust/connlib),
+for example, runs reliably on iOS, Android, Windows, Linux, and macOS.
+
+We'll be sharing more about our stack choices in future blog posts, but suffice
+to say, we're very happy with the results so far.
+
+### What's unique about Firezone?
+
+There are a lot of remote access solutions out there, so what makes Firezone
+different?
+
+For starters, Firezone uses [WireGuard®](https://www.wireguard.com/) under the
+hood -- a new VPN protocol that's
+[faster](https://www.wireguard.com/performance) and
+[more secure](https://www.wireguard.com/formal-verification/) than traditional
+VPNs. But that's just the start.
+
+We learned from Firezone 0.x that organizations grappling with remote access at
+scale needed things like integrations with identity providers that keep
+directory information in sync, high availability features, and an easier way to
+manage access policies that don't require a PhD in network security.
+
+Firezone 1.0 delivers on all of that and more.
+
+#### Core concepts in 1.0
+
+Before we dive into the new features, let's first cover some core concepts new
+to Firezone:
+
+- **Resource**: A [Resource](/kb/deploy/resources) is any DNS name, IP, or
+  network (CIDR range) you wish to manage access for. DNS-based Resources can be
+  used to manage access to internal or external applications and optionally be
+  configured to match all subdomains as well. CIDR-based Resources can be used
+  to manage access for an entire subnets, similar to a traditional VPN.
+- **Gateway**: [Gateways](/kb/deploy/gateways) are Firezone servers that run on
+  your infrastructure. Gateways must be defined within a Site, and any traffic
+  to/from Resources associated with a Site will pass through one of that Site’s
+  Gateways. Gateways are designed to be lightweight and don't require persistent
+  storage to function.
+- **Site**: [Sites](/kb/deploy/sites) are user-created environments where admins
+  can manage Resources and the Gateways that enable access to those Resources. A
+  typical Site name might be `SJC lab 1`, `Chicago office`, or
+  `Testbench subnet`. All Gateways and Resources in a Site are assumed to be
+  able to reach each other in a shared network context such as a VPC or LAN.
+
+For a more detailed overview of these concepts, check out the
+[FAQ](/kb/reference/faq) and [glossary](/kb/reference/glossary) sections of our
+documentation.
+
+#### High availability
+
+The first major feature in 1.0 we should discuss is high availability. Firezone
+achieves high availability by allowing you to deploy multiple Gateways within a
+given Site.
+
+Each Firezone Gateway is a tiny, self-contained binary that needs
+[only a single environment](/kb/deploy/gateways) variable to function. Throw it
+in a VM, a container, or on an IoT device -- it's lightweight enough to run
+everywhere. Its sole purpose is to shuttle encrypted packets between Clients and
+Resources.
+
+After you [create a Site](/kb/deploy/sites), you can deploy as many Gateways
+into that Site as you'd like. All Gateways in the Site will work in unison to
+provide load balancing and automatic failover for all connections to Resources
+in the Site.
+
+If a Gateway goes offline or becomes overloaded, any Clients connected to it
+will automatically migrate their connections to a healthy Gateway in the Site.
+This process is completely transparent to the user and happens in most cases
+within a few seconds.
+
+Armed with this ability, admins can now enjoy a simple maintenance process: (1)
+take a Gateway down, (2) upgrade it, and (3) bring it back up. _That's it_. No
+more lengthy maintenance windows, backing up configurations, or worrying about
+extended downtime.
+
+A nice side effect of this architecture is that it provides near infinite
+horizontal scalability, which works as follows:
+
+When a Client wants to connect to a protected resource, it sends a connection
+intent message to the control plane API. If the intent is approved, the control
+plane responds with a healthy Gateway to connect to. If there are multiple
+healthy Gateways, the control plane will round-robin between them, effectively
+splitting the load across all Gateways in the Site.
+
+Need more throughput? Simple: deploy more Gateways. The control plane will
+automatically distribute the load across all of them.
+
+We think high availability is such a core feature in a remote access solution
+that we made failover and load balancing available **on all plans**, including
+the Starter tier. [Read more](/kb/deploy/gateways) about how it works in our
+documentation.
+
+#### Firewall hole-punching
+
+You know what's not fun? Configuring firewalls.
+
+More precisely, configuring your organization's cloud or corporate firewalls to
+allow incoming connections from the internet. Not only is it a pain to manage at
+scale, it also exposes your organization to all kinds of security risks.
+
+So we rearchitected Firezone to include the same NAT traversal techniques that
+WebRTC applications have enjoyed for years now:
+[STUN](https://www.rfc-editor.org/rfc/rfc8489.html) and
+[TURN](https://www.rfc-editor.org/rfc/rfc8553), known collectively as
+[ICE](https://datatracker.ietf.org/doc/html/rfc8445).
+
+As you can probably surmise from the above links, these are well-established
+standards for doing reliable NAT traversal. These have been battle-tested in the
+field for years across all kinds of products -- Firezone is only the latest to
+benefit from them.
+
+What does this mean for you? It means you can deploy Firezone without touching a
+single firewall configuration and still enjoy the same level of performance as
+if you did. Attack surface is minimized and connections are direct. It's a
+win-win.
+
+For the curious readers, you can find our implementation of ICE, aptly named
+"snownet", in our repository
+[here](https://github.com/firezone/firezone/tree/main/rust/connlib/snownet).
+
+#### Directory sync
+
+The last feature we want to highlight in this announcement is directory sync.
+Firezone currently supports directory sync for [Okta](https://www.okta.com/),
+[Entra ID](https://azure.microsoft.com/en-us/services/active-directory/), and
+[Google Workspace](https://workspace.google.com/), with more providers on the
+way.
+
+Anyone who's ever managed a large organization knows the pain of keeping user
+and group information in sync across multiple systems. It's a nightmare to
+manage manually. And it's error-prone, leading to security risks and compliance
+issues.
+
+Experienced admins will now be thinking, "But what about
+[SCIM](https://datatracker.ietf.org/doc/html/rfc7644)? Doesn't that make this
+easy?". Sadly, SCIM today is one of those standards that isn't. Entire
+[business models](https://www.workos.com) have been optimized to leverage
+inconsistencies in SCIM implementations across different identity providers.
+
+So Firezone doesn't use SCIM. Instead, we
+[built our very own directory sync engine](https://github.com/firezone/firezone/tree/main/elixir/apps/domain/lib/domain/auth)
+that can be extended to virtually any source of identity data, regardless of
+whether they support SCIM. If it has a REST API, we can probably sync with it.
+
+Directory sync is available only for the Enterprise plan so we can be sure it'll
+work reliably for your organization.
+[Read more](/kb/authenticate/directory-sync) about how it works or
+[contact sales](/contact/sales) if you'd like a first-hand demo.
+
+### What's next?
+
+We covered only a fraction of what's new in Firezone in this post. Go
+[sign up](https://app.firezone.dev/sign_up) and see what else is new for
+yourself, or [request a demo](/contact/sales) if you'd like to better understand
+how Firezone can help your organization.
+
+We have more to announce in the coming weeks, so
+[subscribe to our newsletter](/product/newsletter) below to stay in the loop.