Deploying Tailscale for a remote only company

One of my first jobs included managing on premise infrastructure for businesses and configuring VPN systems were a constant hassle. When I moved to Puppet I was glad that VPN services were someone elses problem and that my role didn’t need access to services in the datacenter. The purpose of the VPN was to extend the old school hard candy shell of physical network security to remote employees and offices. There was a luxury to know that to access specific systems you needed physical presence in a location that could have security controls involving badged access and 802.11x radius authentication on network ports.

Fast forward to 2022 and I’m deploying Tailscale for a company with no physical office and all their resources are hosted on someone else’s computers (aka “the cloud”). How would very smart and well managed wireguard tunnels be useful for them? They’re developing a cloud based SaaS, source code is hosted on Github, meetings done in Zoom, chat done in Slack, the CRM is Salesforce, the very standard startup stack of tools.

The first use of Tailscale by the company, was for using the exit-node service. They replaced individuals Surfshark and similar personal VPN solutions with a handful small compute instances acting as VPN endpoints in different regions. Employees could select a local exit node while at the coffee shop and know they had a secure tunnel in a suspect network.

Leave a Comment