Company: qwertiko GmbH
Headquarters: Karlsruhe, Germany
Industry: Managed Hosting and Platform-as-a-Service (PaaS)
Challenges:
- Persistent and overly broad VPN access that conflicted with zero-trust principles.
- Firewall not designed for fast and continuous API management.
- Safeguarding systems from risks introduced by compromised devices or networks.
The Solution:
qwertiko adopted NetBird to introduce identity-based, time-limited access, streamline network policy automation via API, and eliminate the need for persistent VPN connections across their infrastructure.
Key Results:
- Stronger internal security posture with scoped, temporary access policies.
- Improved operational agility through API-driven automation and reduced IT overhead.
- Reduced attack surface and eliminated firewall rule complexity.
In today’s digital landscape, organizations are facing increasingly sophisticated threats and regulatory demands. The traditional network security model, once reliant on static perimeters and unrestricted internal access, is rapidly becoming obsolete. Recent guidance, particularly the NIST Special Publication 800-207, emphasises the necessity of adopting a Zero Trust Architecture (ZTA) to mitigate evolving security threats. qwertiko, a specialized managed hosting and platform-as-a-service provider in Germany, exemplifies the transition from legacy systems to robust Zero Trust solutions through their strategic adoption of NetBird.
The Struggle with Complex Networks
qwertiko, operating independently of major hyperscalers, has built a robust reputation serving demanding clients like ABUS, Leiden University, and L-SHOP-TEAM, Germany’s largest textile wholesaler. High availability, stringent security, and optimal performance form the foundation of their operations.
Historically, qwertiko relied on OpenVPN to manage access and enforce network policies for their remote staff. While this setup initially met their needs, it presented growing limitations security granularity and safeguarding from risks introduced by compromised devices or networks. Moreover, the inherent nature of OpenVPN granted administrators persistent and overly broad access to internal resources, creating significant security concerns. Automation via API, intended to simplify management, has the potential to cause firewall rule collisions due to the nature of the complex network architecture resulting in intricate firewall rule sets of the centralised, highly available firewall cluster.
Modernizing Secure Access with NetBird
Driven by the imperative to further safeguard customer and internal management network access and streamline the remote access process for staff, qwertiko evaluated several Zero Trust solutions. Ultimately, they chose NetBird due to its comprehensive API capabilities, native integration with Keycloak for seamless identity management, and robust WireGuard-based architecture, known for performance and reliability. Additionally, the open-source nature of NetBird aligned perfectly with qwertiko’s transparency ethos and the strict GDPR compliance demands typical of German businesses.
Rapid and Effective Implementation
Guided by Zero Trust principles, qwertiko implemented NetBird swiftly and thoroughly. The initial proof of concept was completed in just two weeks, followed by a full administrative rollout in under a month. Central to their approach was the deployment of two highly available routing peers using virtual machines, designed with redundancy and affinity rules to ensure continuous access.
qwertiko’s successful adoption was also driven by NetBird’s dedicated support and engineering team. According to Nathanael Rebsch, Managing Director at qwertiko, "The NetBird team is highly skilled and proficient in supporting even the most complex technical topics. They are also very involved in finding solutions and workarounds tailored to the use case. In terms of response times to support cases, NetBird's team was consistently prompt and eager to solve problems in order to facilitate timely onboarding." This high level of support enabled qwertiko to quickly and confidently transition to their new Zero Trust environment.
Leveraging NetBird’s extensive API, qwertiko automated their network segmentation and policy management processes through integration with NetBox Labs, which they wrote themselves. A significant portion of the VLANs were dynamically mapped into NetBird groups, facilitating granular and efficient control. Furthermore, a custom-built dashboard empowered administrators to easily manage temporary, policy-driven access in relation to the tasks they are working on.
Integration with Keycloak enabled secure Single Sign-On (SSO), device verification, and session management, which are key elements emphasized in NIST guidelines for robust Zero Trust adoption. In parallel, detailed monitoring was achieved through integrated audit logs and tailored logging solutions, providing qwertiko with unprecedented visibility into their network operations.
Realizing Tangible Benefits
qwertiko’s adoption of NetBird has led to measurable improvements in both security and operational efficiency. The Zero Trust implementation effectively eliminated persistent internal access, significantly reducing their attack surface and enhancing internal security posture. The streamlined automation greatly improved operational efficiency, eliminating the previous firewall rule bottlenecks and simplifying troubleshooting.
Looking ahead, qwertiko expects their transparent Zero Trust approach to strengthen customer confidence and serve as a competitive advantage. qwertiko’s transparent implementation of robust Zero Trust practices has become a compelling selling point, positioning them favorably in a market increasingly sensitive to cybersecurity threats and data protection regulations.
Strategic Vision for the Future
As a next step, qwertiko plans to extend their Zero Trust model across all internal operations and is exploring secure access solutions that could extend these benefits to customers in the future. Further, they are committed to sharing their experiences through newsletters and industry roundtables. Their intent to collaborate on open-source projects, like developing a NetBox plugin, reflects a broader industry shift toward transparent and interoperable security tooling.
Insight and Guidance from the Journey
Reflecting on their experience, Managing Director Nathanael Rebsch highlights the simplicity and security advantages of adopting NetBird:
"We didn’t want just another VPN where you connect and then you have access to everything. We wanted time-limited, controlled access. NetBird really reflects our view on trust, access should always be deliberate and scoped."
This perspective underscores the value of peer-to-peer Zero Trust models, open-source flexibility, and sustained operational alignment. These principles reflect widely accepted best practices for building secure and adaptable infrastructure. qwertiko’s decisive and focused rollout of NetBird resulted in immediate operational and security gains, showcasing how well-planned transitions can yield substantial benefits without the delays typically associated with major infrastructure changes.
Through qwertiko’s strategic shift to NetBird, aligned closely with NIST’s latest standards, the company has set a benchmark for secure, agile, and transparent network management. This move highlights NetBird as a viable path forward for organizations navigating the complex and dynamic landscape of modern cybersecurity.