Defguard offers a unique combination of security-related functionalities from identity management (OpenID/OAuth2/LDAP) to VPN (Wireguard) to other features (Multi-Factor Authentication, Yubikey provisioning, Web3, Webhooks, etc.). It doesn’t matter if you are looking for an on-premise security infrastructure for your home, a small office, or a large enterprise – most likely Defguard has all the features you need and is very easy to set up. It also has a great and clean UI that business owners can and like to use (not only admins).
When you take into consideration that we have put much effort into its architecture, documentation, and lots of integration examples, and have a professional and experienced security partner ISEC, who already has done a thorough and comprehensive audit of Defguard, you’ll understand there's nothing like this on the market...
And yes, it's completely free and open-source.
In my heart, I'm a hardcore Unix and Linux user (since kernel 1.x.x and Slackware 3.x) and have been developing my first open-source project in the early 2000s, but as life goes on I’ve switched my career to more business-oriented soon after – but still heavily relying and building upon open-source software.
When in 2009 I founded teonite I made a promise to myself that one day I will repay my debt to the open-source community, since I truly believe my career would not exist if not for the open-source community (my belief is that no tech company would exist today without it too).
Real unique value and need
Building organizations (startups and large-scale enterprises), for over 20 years, I always kept seeing the same questions, challenges, and problems:
- Where should we have the user directory (identity)?
- How to enable logging to all our systems and services with this directory?
- How will those users connect to our infrastructure, services, applications, and servers?
- How to secure all those services (with Multi-Factor Authentication, YubiKeys)?
The answer was always the same (and – caring for privacy – I'm deliberately skipping cloud-based solutions; my only choice has always been on-premise):
a) either we choose proprietary, commercial solutions or
b) we take a large number of open-source solutions, integrate them, and build a custom UI
We have gone for the latter and created Defguard which I’d like to proudly present: https://defguard.net
Rarely does a startup/software house/agency think about the overall infrastructure
Building my 3rd software development studio (well, teonite is a venture builder now more than a studio) and working 20+ years in the technological services & consulting industry, I see over and over again that the mentioned companies very rarely think outside of the "product", meaning infrastructure, security, identity for all services, VPN access, etc., leaving users with either unsecured infrastructure (i.e., all services available publicly) or multiple systems with non-integrated access control mechanisms (i.e., different usernames & passwords for different systems).
Defguard is a 3rd iteration of the system I've built over the years, trying to find an optimal architecture and approach to tackle these kinds of challenges.
Admin/Back Office tools are unintuitive and ugly
I value beautiful design and ease of use. That's why I love the Unix way which is simple and beautiful by design.
In my opinion, when you want to accomplish the same in the graphical UI it's much harder.
I think it is for that reason a lot of admin/devops/security and back-office tools designed by software developers (“Why should we put the effort in a nice UI if it's for back office?”) are so... let's face it – unintuitive, ugly and not well thought through.
I have always been jealous that so many very simple apps have great and beautiful UIs and I could never understand why core-organizational tools are so damn ugly.
Defguard is not perfect either as it evolved over the years while we've been using it internally and deploying it in our clients' infrastructures. But it's our best shot at being easy and useful. And nice at the same time. And from our first impressions its business users seem to like it.
We have a huge and challenging roadmap ahead of us with features we feel will further evolve the approach to the security of on-premise organizational tools. We can't wait to deliver them and do further development – and we will – since we have a dedicated team for Defguard and we are deploying it as a core fundament in every product we're building.
I feel now is as good a time as ever to give back to the community and see if anyone else sees the same value in this solution as we do.
Since I'm still working with our team and our current users on the roadmap (will publish it in a week or two) for now I can share the further vision of Defguard:
Simple user onboarding
It's always a problem in an organization to onboard users and share their login/passwords as well as VPN access credentials. We have a cool idea for that.
User activity & Log integrity
Since Defguard is a security platform we want to put much effort into building a unique secure user activity and log integrity solutions – so that even if there is a security incident (and sooner or later there will be) you should have at least a great chance of knowing about it...
Multiple VPN sites support
The core architecture was initially done to have multiple VPN sites, but we still need to finish it.
Think of it this way: when this feature is done, you can deploy your own VPN provider (since we have an internal identity and onboarding soon) like ExpressVPN or similar (with multiple sites/locations). In just a few minutes and on your own infrastructure where you will know that no one is logging your activity. Except yourself.
How to get involved
To be honest, this is our first (proper) approach to an open-source product, and from what I've read we're somewhat stressed/worried that even though we've put years and years of knowledge, experience, and thousands of hours in development and testing, not everyone will appreciate the value we're trying to give...
But Defguard is so close to my heart that I need to put it on the map of the open-source community and hope for the best.
How to contact us and get involved
- The source code is available on GitHub
- For updates and news go to Defguard Twitter: https://twitter.com/defguard_net
- General and Support discussion is on Matrix: https://matrix.to/#/#defguard:teonite.com
- If you publish a pull request you will be invited to the developer's channel
Or you can talk to me directly:
- by email: robert _A _T_ teonite.com
- Matrix: @robert:teonite.com