Company: Sport Alliance GmbH
Headquarters: Hamburg, Germany
Industry: Sports and Fitness
Challenges:
- Frequent outages from a centralized VPN single point of failure.
- Cumbersome access management due to lack of native SSO in VPN.
- Difficulty scaling secure access policies and enforcing least privilege across complex disparate environments, including payment infrastructure.
Key Results:
- 100% uptime.
- Reduced operational overhead with streamlined secure access with SSO.
- Rapid network scaling with robust, policy-driven Zero Trust access.
Technologies Used: AWS, Kubernetes, Terraform, NetBird Networks, NetBird Routes, NetBird DNS and NetBird Access Control
The Challenge: Overcoming VPN Fragility and Access Management Complexity
Headquartered in Hamburg, Germany, Sport Alliance is one of the leading software companies in the fitness industry, specializing in providing software solutions for efficient studio management, financial services, and mobile applications. The company serves over 10,000 gyms, including 14 out of Europe’s top 30 chains and 130 international chains in 55 countries – like FitX, Fitness First (LifeFit Group), McFIT (RSG Group), clever fit, and Bodystreet.
Sport Alliance faced significant challenges to ensure robust VPN connectivity in their diverse infrastructure. Relying heavily on a centralized VPN solution, based on OpenVPN, lead to multiple unplanned outages. Centralized VPNs act as a single point of failure. Also, Sport Alliance was growing rapidly, and managing secure access to their distributed team was cumbersome as OpenVPN lacked native support for SSO. This meant that enforcing multi-factor authentication (MFA) for their workforce became complex and brittle.
Sport Alliance’s infrastructure consists of multiple isolated AWS accounts and disparate development, staging, and production environments. The environments required strict segmentation and granular access control. Their existing traditional VPN solution was inadequate for scaling access policies, enforcing least privilege, and enabling secure remote access across these disparate environments and distributed teams. As they grew in the number of services and environments, this inadequacy resulted in a rigid, error-prone, and operationally burdensome access management system. Additionally, there was also a necessity from a payment service provider within their group that required zero-trust network access to the payment infrastructure. This further elevated Sport Alliance’s security requirements for robust network isolation and scalable, secure remote access.
The NetBird Solution: Simple, Secure, Scalable Network Access Rooted on Zero Trust
Given the outages and limitations of their existing VPN solution, Sport Alliance evaluated and adopted NetBird into their enterprise. NetBird is built on the core principles of Zero Trust and is secure by default with frictionless SSO integrations. NetBird was deployed with high-availability routing peers in their centralized AWS network hub to enable seamless secure internal access.
In contrast to traditional VPNs that grant overly broad access with a central chokepoint, NetBird provides a decentralized architecture that’s built on the principle of least privilege. Sport Alliance significantly reduced their attack surface with NetBird’s built in integration with the identity provider (IdP), thereby enabling granular controls ensuring that their teams can only see and access what they need. For critical infrastructure functions requiring tighter control, Sport Alliance uses NetBird’s peer-to-peer capabilities with access restricted to specific user roles. Since NetBird is platform-agnostic, with multi-platform support, they were able to roll out the deployment across their mixed macOS and Windows environments with ease. Sport Alliance manages NetBird at scale by integrating it into their infrastructure-as-code workflows using a custom Terraform provider. This dramatically reduces time-consuming manual operations and super-charges their teams’ efficiency with consistent, auditable configuration.
The Business Impact of Switching to NetBird
Upon deploying NetBird, Sport Alliance now experiences 100% uptime. With NetBird’s scalable network architecture and seamless IdP integration, Sport Alliance realizes simple, secure remote access for their teams and critical infrastructure. Eliminating manual VPN provisioning and complex firewall rules, Sport Alliance creates and enforces policies in minutes that aligns with their IaC workflows. They now enforce the least privilege model with NetBird’s IdP integration ensuring that access is tightly coupled to their user roles and group memberships.
Conclusion
The move to NetBird is a paradigm shift for Sport Alliance, significantly reducing operational overhead and access misconfigurations. "NetBird has fundamentally transformed our network management operations, eliminating outages, simplifying operations, and enabling secure, scalable connectivity through code. What used to be a fragile, error-prone setup is now a robust, policy-driven system that fits the way we structure and secure our infrastructure."
With this foundation in place, Sport Alliance’s platform team is now focused on deeper integration of NetBird into their internal tooling and workflows. NetBird empowers them with the flexibility to move forward with fine-grained access policies and to adopt advanced security features as they are continuously released, all while keeping operational overhead low and integration frictionless.