An inside look at how we designed a discovery protocol for Teleport.
SAML is frequently used to implement internal corporate single sign-on (SSO) solutions where the user logs into a service that acts as the single source of identity which then grants access to a subset of other internal services. This particular post will be focused on providing an overview of the how and why of SSO and SAML.
How are some big, well-known companies approaching SSH? We took a look at three who are setting an example for others to follow.
In the last of this three part series comparing SaaS and Open Core software, we will evaluate the S-1 filings of a few SaaS and Open Core companies to determine if either model has any inherent advantage.
Secure Shell (SSH) is a widely used Transport Layer Protocol to secure connections between clients and servers. SSH is also the underlying protocol that Teleport uses to secure connections between clients and servers. In this article, we walk through how SSH really works.
In post 2 of 3, we clarify the differences between proprietary SaaS and Open Core software and discuss the advantages and disadvantages of each from the customer's perspective.
What next after SaaS? Is a significant alternative for marketing and selling software starting to emerge?
Given our experience with SSH we are often asked about restricted shells. In this article we cover some common ways so-called 'secure restricted shells' are implemented to show what works and what doesn't work.
What is a microservice? Should you be using microservices? How are microservices related to containers and Kubernetes? If these things keep coming up in your day-to-day and you need an overview in 10 minutes, this blog post is for you.
An overview of Teleport's SSH certificate authority pinning capability and discussion of how HTTP public key pinning (HPKP) can be used to improve SSH CA user experience.
The universe of serverless-wielding software architects and Kubernetes cluster operators has started to collide and, yet again, Google is in the driver's seat. In this article we'll wander down the CNCF's Serverless Landscape in chronological order, quickly discovering that Knative is the sweet mamba jamba of open source lambda competitors.
In this post we'll explore K8s community decision making process by looking underneath the hood of the 'kerfluffe' of Google LLC being called out by Samsung SDS engineers for skipping 'graduation criteria' while merging the new 'kustomize' subcommand into upstream 'kubectl'.
The recently discovered xterm.js vulnerability shows how bugs are hard to kill as technology evolves.
An overview into CVE-2018-1002105's root cause and a program to test if your clusters are affected
A brief explanation of a common problem that could happen while creating new Kubernetes clusters with Kubeadm, Flannel and installing the Dashboard tool.
Proud new Kubernetes cluster owners are often lulled into a false sense of operational confidence by its consensus database’s glorious simplicity. In this Q&A, we dig into the challenges of in-place upgrades of etcd beneath autonomous Kubernetes clusters running within air-gapped environments.
A customer recently asked how to utilize Teleport's RBAC mechanism to restrict access to critical nodes within an OpenSSH cluster. This blog post explains how to do this.
We review the impact of the GDPR on SaaS vendors and their data collection practices and how it may reduce the operational cost disparity between hosted SaaS and on-prem Private SaaS
The Teleport Proxy requires a valid x509 certificate to serve content like the Web UI via HTTPS. In this post we show how to configure the Teleport Proxy to use Let's Encrypt for this.
Unabated releases of vanilla upstream Kubernetes every three months could continue forever. You have to keep up, while also paying close attention to Kubernetes API object versioning. In this article, we discuss where this pace comes from, how it's a key ingredient in Kubernetes' success and what it means for end-users
In this post we show you how to use Github as an identity manager to control who has access to your server infrastructure through SSH
An interview about our experience running PostgreSQL on on-premises Kubernetes, covering the challenges involved, open source and commercial tools that can help and other alternatives to managing stateful applications on Kubernetes.
We cover the difference between OpenSSH servers and Teleport SSH node service for Teleport clusters.
Learn about common problems when migrating your application to Kubernetes.
How do you let your employees access company AWS infrastructure using their Github credentials? How do you restrict parts of your infrastructure to certain Github teams? How do you configure SSH to use Github credentials? This blog post covers it all.
We review the Vendor Security Alliance's security questionnaire to look at the security related costs of running SaaS vs On-prem.
It might be mundane and boring but keeping track of your FOSS license usage can save you from a big headache at the least opportune time.
Going on-prem can be a handful, especially maintaining those deployments. Here's how we use Kubernetes and our own tooling to help scale those efforts.
In this post we talk about using every day engineering activities to better market our company and our products.
Kubernetes has great built-in application monitoring features. But how to make sure Kubernetes itself is healthy after you upgrade it to the next version?
We are playing with Elastic Beats, doing structured logging with Golang and Elastic Search
We discuss effective ways to handle errors in Go programming language.