New user of ZT and setting up a small POC. Really enjoying the learning curve!
One of the things i have been struggling to find information on is how/if it is possible to set multiple tags/groups to devices. For example, i have a range of hosts or users and i want to setup tags - eg - sales, it, management etc. Based on those i will setup rules to suit:
sales: allow access to server A on service 1
management: allow access to server B on service 2
In this simple case, some users could belong to both groups.
I suppose the other option i may be seeing to achieve this is through capabilities but interested to hear how others may have achieved similar outcomes.
Although it is a bit counterintuitive, you can set up individual ZT networks for each group, and join each client machine to the respective network. There’s nothing preventing you joining one machine to multiple Zerotier networks after all; yes, I have done this, it works quite well for segregating servers to specific machines.
From another perspective, you can consider a ZT network to be a VLAN, and you are tagging allowed traffic; except the tag exists as a distinct individual interface on each machine.
Hmmm interesting, hadn’t thought about that… will give it some thought, but agree, it does seem counterintuitive.
Definitely not where my thought started, but could work…