Teleport allows users to connect to infrastructure located on third party networks behind LAN. This works for SSH servers, for Kubernetes clusters, and for web applications.
Suppose you manufacture small ARM-powered devices like network equipment or self-driving vehicles. Perhaps you deploy small server clusters on the edge. These devices will connect to the internet via an unreliable cellular network or a private network behind NAT. In this case, Teleport allows you to do the following:
Connect to remote devices via SSH as if they were located in your own cloud.
Connect to remote Kubernetes clusters as if they were located in your own cloud.
Connect to web applications running on remote devices using a web browser via HTTPS.
This approach is superior to distributed VPN technology because Teleport is application-aware. Enforcing security on a higher level of the OSI model adheres to the principles of Zero Trust, where networks, including VPNs, are considered inherently untrustworthy. Being application-aware allows Teleport to provide more flexibility for configuring role-based access control and implement rich audit logging.
The underlying technology behind this is reverse tunnels. A reverse tunnel is a secure connection established by a remote site into a Teleport cluster via the cluster’s proxy.
There are two types of reverse tunnels:
A reverse tunnel between a remote node and a Teleport cluster.
A reverse tunnel between two Teleport clusters. Such clusters are called Trusted Clusters.
Let’s look into each type in more detail.
Connecting Remote Nodes
The diagram below shows the Teleport cluster accessible via a proxy on proxy.example.com. This cluster has two regular nodes (A and B) and one remote node (R1).