Connecting to remote resources over the internet is something that developers need to do every so often. There are many ways to achieve a secure connection between computers on different networks. Let's take a look at a novel option, ZeroTier, using a practical example.
In the previous article we discussed the available database options for eZ Platform but did not pay much attention on how to connect to them. Getting access to a remote database can be very useful, for example, when the database is too large to run on a lightweight laptop or you need direct access to production data in case of an emergency.
Most commonly developers connect to remote resources like a MySQL server using a Virtual Private Network (VPN) or possibly using an SSH tunnel. Both methods work just fine but can be a chore to set up. SSH tunnels can require setting up additional firewall permissions. VPNs on the other hand are something of a jungle and can be clunky to set up.
Another connectivity option, direct encrypted connections over TLS/SSL to MySQL are something which are often used by cloud service providers. Exposing a properly configured database server directly to the world is technically secure, but it is still something that many shun. This is for good reason as there is some complexity in rotating certificates, etc. and it leaves room for trivial misconfiguration that could expose your data to the world.
What is ZeroTier?
ZeroTier is a new approach to accessing remote resources over the Internet. It dubs itself as a tool for Global Area Networking, their twist on Local Area Networks (LAN) and Wide Area Networks (WAN). In essence ZeroTier works as a virtual network switch that you can connect to from many locations. The virtual network is exposed as a regular network adapter in your Operating System, such as a physical ethernet or WLAN adapter.
The project started as an open source effort in 2013 and has been a funded business entity since 2015. The ZeroTier technology stack continues to be open source, but the company is running a network of servers running virtual networks you can connect to. You can use this infrastructure for free for personal or internal business use for networks up to 100 devices.
Like VPNs, ZeroTier aims to provide a secure transport layer that will extend your physical network over the Internet. It also promises straightforward installation experience and high security. One could argue WireGuard, a lean and mean VPN product, already enables everything that ZeroTier does. That may be, and I'm not for or against either one of them.
As of now, the key difference between the WireGuard and ZeroTier is that the latter allows clients to move to peer to peer (P2P) communication directly. Data transfers between your local workstation and remote the MySQL server (in our use case) will be initiated by the ZeroTier server, but then move to direct communication between the participants.
Connecting to a MySQL server with ZeroTier
So how does ZeroTier work in practice? See the video below for a quick overview of it, and how to set up and run a local eZ Platform installation with a remote MariaDB server:
The networking world is undergoing a shift to Software Defined Networking (SDN). Like server infrastructure before it, network management is moving from physical hardware to software. Transparent access to computing resources regardless of place and time is now taken for granted, and even opening a VPN connection might feel archaic soon.
The next time you're about to open up an SSH tunnel to connect to a server to do some database debugging, maybe you should consider if ZeroTier could work for you. As for eZ Platform, we're not restricting how you run our software or the method you connect to it.
You can choose to run our software on premise, public or private cloud, or fully managed on eZ Platform Cloud. The choice is yours, and we'll support you every step of the way.
If you’d like to learn more about this or want to have a discussion on any other technical aspect of eZ Platform, please don’t hesitate to contact me at firstname.lastname@example.org.