Site-to-site connectivity

Securely access APIs and databases in customer networks

You need to access resources deployed in customer VPCs and on-prem environments. But your customers and proof-of-concepts (POCs) are blocked, waiting for IT teams to deploy networking changes. Don’t ask your customers to open their firewall ports for your app or container, which is fragile and insecure. Don’t fight with clunky site-to-site VPNs. Instead, your customer can just run a lightweight agent inside their environment, and you are up and running.

Databricks uses ngrok to connect to all of their customers.

How it works

ngrok operates a global network to manage traffic to all your services deployed in customers’ environments
  1. No VPC peering, VPN, private link, or SSH reverse tunnels required
  2. Hassle-free access.
  3. Don’t grapple with time-consuming, error-prone, and complex configurations that are hard to scale and cost you time and effort. ngrok provides secure, hassle-free access to your customer networks at scale.


  1. Never ask customers to open firewall ports
  2. Works like magic.
  3. Skip the complexity and security risks of opening inbound ports required for IP whitelisting on customer firewalls. Reach your customers without involving their IT teams in lengthy change request processes using ngrok.


  1. Scale rapidly across your customer base
  2. No more bespoke configurations.
  3. Ditch cumbersome custom configurations for each customer. ngrok lets you connect to 10, 100, or even 100,000 customers with the same ease. Save time and effort and achieve faster deployments.


  1. Unblock Bring Your Own Cloud architecture
  2. Run your data plane in your customers’ networks
  3. Bring Your Own Cloud (BYOC) is an emerging architecture where software is deployed within the customer's environment — to access their data for instance. BYOC offers greater control over data security and compliance, but can lead to deployment complexities. ngrok simplifies the process enabling you to deploy your BYOC architecture in just a few hours. Minimize review cycles with customers’ IT teams and accelerate customer deployments.


  1. Connect to anywhere: any cloud or on-prem
  2. We’ve got all your platforms covered.
  3. Your customer environments could be on-prem, AWS, Azure, GCP or any other cloud platform. You don’t need to grapple with the intricacies of each environment.


  1. Get your customers up and running in hours, not months
  2. Unlock Faster ROI.
  3. Your customers don’t have to wait for months to realize value. Enable your customers to quickly enjoy the benefits of your solution and ensure high CSAT. Speed up proof of concepts and sales cycles and increase win rates by closing deals faster.


  1. Private label
  2. Get your own custom URLs.
  3. Private label all URLs and get your own dedicated IPs. Your customers will only see and access your hostnames. Dedicated IP addresses allows only authorized traffic from your customer’s environment to your network.

Site-to-site connectivity made easy

ngrok Private Edition is available

Deploy a dedicated instance of the ngrok data place and control plane in your own environment, for added data and security controls.

Batteries included

Typically, you need to stitch together many different solutions and tools or write custom code to handle performance, security, observability, and availability requirements. With ngrok, you get all of that and more out of the box:
Typically, you need to stitch together many different solutions and tools or write custom code to handle performance, security, observability, and availability requirements. With ngrok, you get all of that and more out of the box:
Kubernetes Ingress

Manage traffic to your Kubernetes clusters in customer environments using our Ingress Controller or the new Gateway API that is role-oriented and expressive. Unlike other controllers, when you use ngrok you don’t need to configure any low-level networking primitives like IPs, VPC routing, egress gateways and network interfaces. Just helm install the ngrok k8s operator and you're online.

API Gateway

Oftentimes, you need to access APIs in customer networks. ngrok’s built-in API gateway enables secure and instant connectivity to APIs with zero friction. Configure rate limiting, JWT validation using our simple, flexible, and idiomatic JSON and CEL-based traffic policy engine.


Meet customers’ compliance needs by maintaining a full audit of traffic flows and other events.  Troubleshoot issues in real-time by getting visibility into critical metrics.

Global Acceleration

Your customers will enjoy a speed boost as ngrok pushes traffic policies that you configure to its global network. So authentication, transformations, load balancing and more happen as close to your customers as possible.

Global Load Balancing

Minimize latency for your apps and APIs by relying on ngrok’s intelligent routing that steers both end user and agent traffic to the nearest Point of Presence (PoP). Ensure high availability for your services with geo-aware load balancing and failover.

DDoS Protection

ngrok cloud enforces authentication and authorization, preventing unauthorized traffic from ever reaching your customer’s environment.

With ngrok, we get comprehensive security with a full scope of functionality for all of our use cases.
Ihor Leshko
Director of Engineering

Industry leaders rely on ngrok

Connect securely into your customer or partner networks without friction

Learn how companies use ngrok to deploy BYOC architectures, quickly securing access without requiring any changes to network configurations.