How Tailscale's infra team stays small
Tailscale's three-engineer infrastructure team uses its product to simplify network management and security, employing ACLs for access control and an in-house tool for efficient secret management, allowing focus on complex challenges.
Read original article
Tailscale's infrastructure team, consisting of just three engineers, effectively manages its operations by utilizing its own product, which simplifies many security concerns. The team relies on Tailscale to create a programmable network layer that connects resources across various cloud providers without the complexities typically associated with network architecture. This approach allows them to avoid common networking issues, such as managing public and private endpoints, and enables seamless communication between services regardless of their hosting location. Additionally, Tailscale's configuration allows for straightforward access control management through ACLs, reducing the need for intricate security setups. The team also developed an in-house secret management tool, setec, which integrates with Tailscale, allowing for efficient management of access to sensitive information. This setup alleviates the burden of handling secrets and TLS certificates, as Tailscale automates key distribution and certificate management. Despite the small team size, Tailscale's infrastructure team remains busy tackling other challenges, indicating that their reliance on their product has significantly streamlined their operations.
- Tailscale's infrastructure team operates with only three engineers by using their own product.
- The team simplifies network management and security concerns through Tailscale's programmable network layer.
- Access control is managed via ACLs, reducing complexity in network architecture.
- An in-house secret management tool, setec, integrates with Tailscale for efficient access management.
- The team focuses on more complex problems, having alleviated common infrastructure challenges.
Related
How to Use Tailscale VPN to Embrace Remote Work and Explore the World
The rise of remote work has led to increased interest in digital nomadism, with Tailscale recommended for secure, flexible internet access through a self-hosted VPN, enhancing privacy while traveling.
Tailscale SSH
Tailscale SSH manages SSH authentication on a tailnet, encrypts connections, supports re-authentication for high-risk connections, maintains existing configurations, and uses ACLs for user and device access control.
Taildrop lets you send files between your personal devices on Tailscale network
Tailscale's Taildrop, in public alpha, enables secure file transfers between personal devices on a Tailscale network, supporting multiple operating systems and allowing resumption of interrupted transfers.
Tailscale HTTPS Certificate on Synology NAS
Simmo Saan explains how to secure access to a Synology NAS using Tailscale, detailing the use of an undocumented command for HTTPS certificates and automating renewal every 90 days.
Windows Kills SMB Speeds When Using Tailscale
Dan Salmon experienced reduced SMB transfer speeds on Windows using Tailscale, linked to interface metric prioritization. Adjusting the metric restored speeds, and he plans to switch to Linux and upgrade hardware.
3 commentsDealing with software you kind of always see if the software is actually used by developers.
Too many times I'm pained with request that take for ever, asset management tools that just don't click or just mondboggling APIs that need 3 other APIs to function properly.
I think using your own products and iteration over internal feedback early and often is the way to a brilliant product and such cost efficiencies are a nice byproduct.
> For most stuff here, we can rely on the fact that every connection over Tailscale is encrypted and authenticated to an identity
Mm, okay, but you still have the chicken and egg problem of distributing the creds to join your tailnet.
Isn’t it not that different than distributing aws creds to access secrets manager?
that said, I'm not sure the tailscale approach scales well in typical modern corporate environments, where you've got a small army of junior devops often overlooking security or cost implications (don't forget about egress costs!).
the traditional, meticulous approach of segmenting networks into VPCs, subnets, etc., with careful planning of auth, firewall rules and routes, helps limit the blast radius of mistakes.
tailscale's networking & security model feels simple and flat, which is great for usability, but it lacks the comforting "defense in depth" that will be asked in most big corps.
Related
How to Use Tailscale VPN to Embrace Remote Work and Explore the World
The rise of remote work has led to increased interest in digital nomadism, with Tailscale recommended for secure, flexible internet access through a self-hosted VPN, enhancing privacy while traveling.
Tailscale SSH
Tailscale SSH manages SSH authentication on a tailnet, encrypts connections, supports re-authentication for high-risk connections, maintains existing configurations, and uses ACLs for user and device access control.
Taildrop lets you send files between your personal devices on Tailscale network
Tailscale's Taildrop, in public alpha, enables secure file transfers between personal devices on a Tailscale network, supporting multiple operating systems and allowing resumption of interrupted transfers.
Tailscale HTTPS Certificate on Synology NAS
Simmo Saan explains how to secure access to a Synology NAS using Tailscale, detailing the use of an undocumented command for HTTPS certificates and automating renewal every 90 days.
Windows Kills SMB Speeds When Using Tailscale
Dan Salmon experienced reduced SMB transfer speeds on Windows using Tailscale, linked to interface metric prioritization. Adjusting the metric restored speeds, and he plans to switch to Linux and upgrade hardware.