WZ-IT designs, integrates and operates secure network access for companies: remote access, site-to-site connectivity, cloud and private-cloud integration, customer access and access to internal systems - with NetBird, WireGuard, SSO, policies, monitoring and operations.
Roles, groups and granular access rules instead of full access.
Secure connections for sites, cloud, Proxmox, Kubernetes and internal systems.
Self-hosted or operated in Europe - with monitoring, updates and support.
Leading companies worldwide trust WZ-IT
Remote work, distributed sites, cloud resources, external service providers and internal platforms all need secure access. Classic VPN setups often grow uncontrolled: too many exceptions, unclear permissions, central bottlenecks and little transparency.
A VPN account often opens more network segments than necessary. Roles, groups, devices and specific services are not cleanly separated.
On-premise, public cloud, private cloud, Proxmox, Kubernetes and individual sites have grown historically and are hard to secure consistently.
Central gateways, manual firewall rules and poorly documented routes make operations, performance and troubleshooting difficult.
Who can access what? Which devices are connected? Which routes exist? Without monitoring, logs and clear policies, you are flying blind on secure access.
We treat network access not as a single tool, but as a layer of your infrastructure. What matters are identity, devices, routes, policies, monitoring and operations. Depending on the environment, we use NetBird, WireGuard, classic VPNs, firewalls, routing and zero-trust concepts so they fit your systems.
SSO, groups, roles, device management and access by user, team or purpose.
Remote access, site-to-site, network routes, cloud connectivity, internal services and segmentation.
Least privilege, access to specific systems, MFA, admin access, customer access and auditability.
Monitoring, updates, logs, incident response, documentation and regular review processes.
Concrete secure access projects at the intersection of networking, infrastructure and operations.
Secure access to internal systems, admin interfaces, servers, Proxmox, Kubernetes, databases or business applications.
Connect multiple offices, sites, plants or edge systems securely via controlled routes.
Bring public cloud, private cloud, Proxmox, Kubernetes and on-premise systems into a clean access concept.
Provide external access to selected systems, portals or plants - without opening the entire network.
Secure access to distributed plants, HMIs, gateways or service systems for operations, maintenance and support.
Gradually move existing VPN gateways, firewall rules and manual access into a more modern secure access model.
NetBird with your own control plane, SSO, policies, relay/signal servers, monitoring and operations on controlled infrastructure.
Review existing access, routes, firewall rules, user groups and operating processes and derive prioritized measures.
We do not just set up a VPN tool. We design, integrate and operate secure access as part of your infrastructure.
We clarify which users, devices, sites, services and networks need to be connected - and which model fits technically and organizationally.
We set up NetBird self-hosted or on European infrastructure, including management service, signal/relay, TLS, DNS and base configuration.
Integration with existing identity providers via OAuth/OIDC, groups, roles, MFA and access by teams or responsibilities.
We connect existing networks, cloud resources, sites and legacy systems via controlled routes and routing peers.
Granular access rules by user, device, group, service or network segment - instead of blanket full access to the internal network.
Gradual rollout for employees, administrators, service providers or sites with test phases, documentation and a transition concept.
Monitoring of control plane, relays, routes, availability, updates, certificates and critical access paths.
Review of firewall rules, access paths, groups, admin permissions, logs, emergency access and operating processes.
NetBird is an excellent building block for many secure access scenarios: WireGuard-based, self-hostable, with peer-to-peer connections, NAT traversal, central management, policies and network routes. We use NetBird where it fits the security, operations and infrastructure model - and combine it with firewalls, routing, SSO, monitoring and existing network components where needed.
Management stays under your control - on your own infrastructure or hosted in Europe.
Modern, high-performance tunnels for devices, sites and internal services.
Connect existing networks without installing a client on every system.
Structure access by teams, roles and services.
Enable connections even in more complex network environments.
Keep updates, availability, routes, certificates and critical components in view.
NetBird architecture: management, signal and relay as a self-hosted control plane, WireGuard connections between peers.
Five models we implement again and again in projects - individually or combined.
Employees and administrators access internal services, servers, dashboards or admin interfaces - with SSO, groups and device context.
Sites, cloud resources and on-premise networks are connected via routing peers and controlled routes.
Admin access to Proxmox, Kubernetes, databases, firewalls or internal systems is deliberately restricted and made traceable.
External users get access to selected services or plants without opening your entire network.
AWS, Azure, European cloud, private cloud and on-premise systems are connected via unified access and routing concepts.
We only recommend NetBird or a comparable mesh VPN when it fits the infrastructure, the team and the operating model.
Our goal is not to introduce NetBird everywhere - but to choose the right access layer for your infrastructure.
A working tunnel is not yet a secure access concept. Production secure access needs ongoing operations: user and group maintenance, updates, monitoring, policy reviews, documentation, incident response and adjustments for new systems.
We pay attention to:
For companies that want NetBird or a comparable secure access solution not just set up, but operated long-term.
Included depending on setup:
Price
on request
depending on devices, sites, operating model and SLA - no per-user fees.
Answers to the most important questions about architecture, NetBird, operations and fit.
Classic VPNs route all traffic through central gateways - with bottlenecks, single points of failure and blanket access rights. A mesh VPN like NetBird establishes direct WireGuard connections between devices and controls access centrally via policies, groups and roles. That improves performance, resilience and control.
No. We assess what stays and what gets replaced. We often combine NetBird with existing firewalls, routing and SSO - and phase out legacy access step by step without interrupting operations.
Yes. The entire control plane - management, signal and relay - can run on your own or European infrastructure. That keeps data, access and availability under your control. We handle setup, SSO integration and operations.
Via network routes: a routing peer in the respective network makes servers, plants or entire subnets reachable without installing a client on every system. This is particularly suitable for legacy systems, HMIs and site-to-site connectivity.
With granular policies: external users get access to exactly the systems they need - by user, group, device or service, traceable and revocable at any time. The rest of the network stays closed.
Yes. With Managed Secure Access we take over updates, security patches, monitoring, alerting, policy maintenance, client rollouts and incident response - with clear responsibilities and an SLA.
That depends on devices, sites, operating model and SLA. After a short architecture call you receive a concrete offer with a fixed monthly price - no per-user fees.
Whether it's an existing VPN, new site-to-site connectivity or NetBird operations: in an architecture call we clarify which access model fits your infrastructure - and what an operable setup can look like.
Send us the context. We will respond with a pragmatic view on access concept, architecture and operations.
14.06.2026
NetBird is our preferred tool for secure, WireGuard-based network access following zero-trust principles: lean, open source and without classic VPN gateways. Recent releases brought several...
11.05.2026
A Cisco ASA vulnerability from September 2025 is still being actively exploited in May 2026. Seven months after the patch, CrowdSec counts 292 source IPs...
17.02.2026
NetBird has released the Reverse Proxy – a feature that fundamentally changes self-hosted setups: Internal services can now be exposed directly to the internet through...
07.12.2025
Many modern business VPN and ZTNA tools feel cheap at first: quick setup, SSO/policies, "easy" remote access. The problem: The bill scales linearly with your...
Whether a specific IT challenge or just an idea - we look forward to the exchange. In a brief conversation, we'll evaluate together if and how your project fits with WZ-IT.
Leading companies trust WZ-IT
Timo Wevelsiep & Robin Zins
Managing Directors of WZ-IT
