In order to streamline our colleague’s experiences, we are excited to announce that we have moved to Tailscale for secure remote access to our managed environments. Tailscale is a Zero Trust network that provides a lightweight, seamless yet secure experience for connecting to all the different networks and services we manage. This replaces the use of Teleport and OpenVPN for internal Skyscrapers’ use. Next up, we plan to evaluate replacement options for our customers’ VPN offering in the coming months.
This change will not affect any of our customers’ environments, as it is only related to our internal tooling. If you have any questions or feedback, please don’t hesitate to reach out to us. We are always happy to hear from you.
The reason for this change is to simplify the setup and maintenance of our internal tooling. Before we were relying on both Teleport and OpenVPN for different infra-access use cases. This led to a more complex setup and maintenance process. Furthermore, we re-used the same (site to site) OpenVPN setup offered to our customers for our own internal use, which was not ideal as it was not tailored to our specific needs as a fully remote team needing access to the many different environments we are responsible for. Lastly, the recent changes in Teleport’s licensing change forced our hand to look for alternatives. Since then, we’ve been moving the (rare) EC2 instance access towards AWS SSM and started evaluation Tailscale as PoC for all our other use cases.
This PoC covered, and exceeded, our expectations and we are now fully migrated to Tailscale. It also forms a good base for us to built out further regarding access control, alerting, integration with device posture checks (1Password XAM, Crowdstrike ZTA) as we grow as a company. Finally, this experience, together with customer feedback, provides us with a better understanding to re-evaluate our customers’ needs in a VPN offering, which we’re excited to work on in the coming months too.
Practically speaking, the Tailscale Connectors are deployed as small Pods (2) on each EKS cluster in the sks-mgmt namespace. We’re gradually cleaning up our Teleport setups (consisting of an EC2 instance, DynamoDB table and S3 bucket), with the benefit of a small reduction in AWS costs.