A Complete, Scalable, Self-Hosted, Secure Remote Access Solution for Developers and Teams to Access any Internal Resource of any Type Running behind NAT Anywhere

A Unified Architecture to Provide Identity-aware, Context-based, L7-aware Zero Trust Access for Humans and Workloads to your Resources as well as Public Anonymous Access that can be used for Hosting and Testing your Web Apps and APIs

A Unified Zero Trust Architecture that Supports both the Private VPN-like Client-based Mode over WireGuard/QUIC Tunnels as well as the Client-less Public BeyondCorp Mode via Browsers.

Seamlessly Deploy Containers via Octelium and Provide Secure as well as Public Anonymous Access for your Containerized Microservices such as APIs, Blogs and Development as well as Production Web Applications.

Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2 and Provide Secure Access to all your Resources for your Teams at Scale.

Provide Secret-less Access to SSH Servers, HTTP-based APIs, Databases and mTLS-based Applications without the need for Sharing and Distributing L7 Credentials to Users

Application-layer Aware Access Control via Identity-based Context-aware ABAC and Policy-as-Code via CEL and Open Policy Agent (OPA)

Unified, Stable Access for your Workloads written in any Programming Language to all your HTTP-based Resources via Standard OAuth2 Client-Credentials Flow and Bearer Authentication without having to use Special SDKs

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.