DocsAPI

About

Netmaker Architecture Diagram

What is Netmaker?Copied!

Netmaker lets you create, manage, and automate virtual overlay networks using WireGuard. If you have two or more devices that need to communicate securely, Netmaker will help you forge the connection, allowing you to scale up to hundreds, or thousands, of devices, environments, networks, and users.

WireGuard Mesh

Netmaker takes these devices and creates a flat network wher they can communicate securely. If you’re familiar with AWS, it’s like a VPC but made up of arbitrary computers. From the machine’s perspective, all these other machines are in the same neighborhood, even if they’re spread all over the world.

Netmaker also enables you to control of traffic flowing into and out of the network using gateways and ACL policies. The end result is you can create much more complex networks than a simple mesh, and create some more common patterns like remote access.


Netmaker has many similarities to Tailscale, ZeroTier, and Nebula. What makes Netmaker different is the speed and flexibility. Netmaker is faster because it uses kernel WireGuard. It is more flexible because it lets you build many different types and patterns of networks, and also gives you the choice of how endpoints are added to the network, with three different client-side applications. And, of course, you can also self-host Netmaker, to give you complete control of your network traffic.

How Does Netmaker Work?Copied!

Netmaker relies on WireGuard to create tunnels between machines. At its core, Netmaker is managing WireGuard across machines to create sensible networks. Netmaker is the management server, which manages three different types of client-side applications.

The configuration server: Netmaker is the configuration server, which can be either self-hosted, or deployed using our cloud-hosted SaaS. There is a fully open source version, as well as a Professional version.

The Clients: Netmaker manages three different types of clients -

  • Netclient: A headless agent that manages WireGuard and is meant primarily for the “worker nodes” of your network, e.g. server endpoints, and devices that will route traffic for your network. It runs on Windows, Linux, Mac, and Docker.

  • WireGuard: Netmaker can add pure WireGuard tunnels to the network, allowing you to deploy endpoints on any WireGuard compatible device.

  • Remote Access Client: A user-centric application meant for end-users, primarily for remote access, with authentication and authorization via identity, and session expiry.

As the network manager, you interact with the server to create and manage networks and devices. The server holds configurations for these networks and devices and pushes updates to the agents (netclient) over a message queue.

The client will let the server know when any local changes (like ip address, port) should be pushed out to the other clients. By doing this across many machines simultaneously, we create fully dynamic and configurable virtual networks.

Netmaker OfferingsCopied!

Netmaker provides a range of options tailored to suit different use cases and organizational needs. Whether you’re a small team, a growing business, or a large enterprise, Netmaker provides the right tools to improve security, efficiency, and scalability

Open-Source (Community Edition)Copied!

Built for developers and small teams, the Community Edition provides core networking features with the flexibility of open-source customization.

  • Technical Highlights:

    • Integrated DNS server to manage private network resources seamlessly.

    • Egress traffic capabilities for external network access.

    • Simplified setup with full control over configurations and deployment.

    • Limited advanced features, but capable of handling lightweight networking needs.

  • Use Case: Best for developers and teams starting with small-scale or non-critical networking setups.

SaaS (Professional Edition)Copied!

Hosted in the cloud and managed entirely by the Netmaker team, the SaaS edition provides enterprise-grade networking with minimal setup.

  • Technical Highlights:

    • Automatic scaling of resources based on network usage.

    • Built-in redundancy and high availability for reliable performance.

    • Seamless updates and patches, ensuring you’re always on the latest version.

    • Managed security configurations to safeguard your data.

  • Use Case: Ideal for businesses that need rapid deployment and scalable solutions without handling infrastructure.

On-Premises (Professional Edition)Copied!

Designed for complete control, the On-Premises edition allows you to run Netmaker in your private infrastructure, whether on physical servers or in your private cloud.

  • Technical Highlights:

    • Full control over deployment and configurations.

    • Integration with custom authentication systems, such as OAuth providers.

    • Enhanced privacy with data stored within your infrastructure.

    • Ability to use advanced features like failover servers, relays, and custom ACLs.

  • Use Case: Perfect for organizations with strict compliance needs or those wanting a self-managed network.

For a detailed list of features in both the Pro and Community Editions, check it out here.

Use Cases for NetmakerCopied!

There are many use cases for Netmaker. In fact, you could probably be using it right now. Because of Netmaker’s extreme speed, there is almost no cost to putting a Netmaker overlay network on top of any existing Network.

This is a sample of how some users use Netmaker in production today. Guided setup for many of these use cases can be found in the How-To Guides or on our Blog or YouTube channel.

  1. Automation and management of large WireGuard-based networks

  2. Secure access to a home or office network

  3. Remote management of edge sites, servers, robots, and drones

  4. Site-to-site access from customer environments to cloud endpoints

  5. Secure network for IoT device data transfer