As modern enterprises migrate to cloud-based services and remote work, fortified corporate walls are deteriorating, and so is the use for a traditional VPN. Network architects are embracing a new “zero trust” approach, which means physical networks cannot be trusted, and every device must always be end-to-end encrypted and authenticated.
People want to be able to connect to private resources from anywhere in a highly secure way, and this is where ZeroTier and Tailscale come in.
ZeroTier is a decentralized network virtualization platform. Their tagline is “decentralize until it hurts, then centralize until it works.” They offer a custom-made protocol that has 2 virtualization layers:
- “Virtual Layer 1” (VL1) is the peer-to-peer network backbone which encrypts communications, ensures endpoint authentication, and verifies credentials using asymmetric keys.
- “Virtual Layer 2” (VL2) is built on top of VL1 and leverages software-defined networking principles to function as a virtual extensible local area network (VX-LAN). VL2 is responsible for creating secure network boundaries, multicast, enforcing rules and capabilities-based security, and certificate-based access control. ZeroTier’s centralized component is a set of 12 root servers which are distributed across the globe in stable, fast locations. These intermediaries help forge peer-to-peer connections and make everything work.
ZeroTier’s hardware-agnostic technology works on most industrial, commercial, or personal devices. They run on Windows, macOS, Android, iOS, Linux, FreeBSD, and several network-attached storage (NAS) appliances. Their product is open source but subject to their Business Source License.
Tailscale’s architecture, in contrast, uses a SaaS central coordination service which is invisible to end users. Nodes are authorized by logging into a central identity system such as Google, Microsoft AzureAD, or Okta. Instead of a custom protocol, Tailscale uses the standard WireGuard VPN protocol for its data transfer.
ZeroTier and Tailscale share a similar purpose, yet they have different underlying structures. Here, we’ll do a head-to-head comparison, outlining their unique strengths and differences.