Product capabilities

Infrastructure features mapped to real operator workflows.

Nanami focuses on clarity: predictable control-plane objects, observable gateway topology, and secure WireGuard-based transport.

Feature map

Alternating text and schematic views

Each capability area is paired with a diagram for faster scanning.

WireGuard-first transport with explicit policy

Nanami keeps encrypted transport simple while giving operators a clear control-plane for identity, ownership, and routing intent.

  • Generated peer configuration for enrolled nodes
  • Ingress and egress gateway controls
  • Tenant and group scoped boundaries

Policy application path

Intent rolls from tenant policy to concrete gateway behavior.

Tenant policyRule compilerIngress gatewayapidbinternal-ui

Gateway-aware topology for distributed teams

Gateway manager and gateway daemon components provide stable paths and runtime feedback, especially in NAT-heavy environments.

  • Regional gateway inventory with observed state
  • Operational visibility for gateway health and endpoints
  • Clear direct-versus-gateway path behavior

Gateway path stability

Regional gateways preserve connectivity when peer-to-peer links fail.

node-westgateway-westgateway-coregateway-eastnode-eastmobile-node

Identity model built for team ownership

Roles, sessions, and enrollment keys align with tenant and group responsibilities so access workflows stay auditable.

  • Role and membership controls tied to tenant context
  • Session and MFA settings in WebUI
  • Scoped join credentials for gateway components

Identity and access chain

Role scope and session state gate every network action.

OperatorRole bindingTenant scopeNetwork policyNode accessSession + MFA
UI

Control-plane screenshots

Common views teams use during day-two operations.

Network inventory
Network inventory
Node and gateway visibility across regions.
Policy workspace
Policy workspace
Route and access policy editing in one surface.
Session analytics
Session analytics
Telemetry to troubleshoot routing behavior quickly.

Available now

  • Tenants, groups, networks, nodes, and gateways as first-class resources
  • Join-key enrollment for gateway manager and gateway daemon
  • WireGuard config generation and control-plane API workflows
  • Community and hosted operating models

Coming soon

Active roadmap areas.

  • Shared transport gateways (DERP-like) for fallback connectivity
  • Multi-hop routing chains and policy-based paths
  • Gateway high-availability redundancy policies (2+ per network)
  • Expanded managed client coverage
  • Deeper traffic analytics and historical drill-down
  • Richer role templates and policy assignment UX