This is the story of how we utilized free software to create a network overlay that enforces identity-based access to services and monitors device posture. This overlay empowers users to access services according to their identity and device status while providing IT admins with visibility and control over all end-user devices utilizing their services.

Leveraging excellent FOSS tools like WireGuard, Keycloak, OpenResty, Guacamole, Osquery,  Ansible AWX and ClickHouse, this implementation empowered the organisation to efficiently handle user and device management (both windows and linux based) at scale.

My plan is to guide you through the fundamental components of this implementation and offer insights gained from our experience with the project.