Honeycomb sponsored The New Stack’s coverage of Kubecon+CloudNativeCon North America 2020.
Gravitational is no more. The Oakland-based company focused on “environment-less” computing is rebranding as Teleport, the name of its initial secure server-access product.
That’s how people remembered the company anyway, according to CEO and co-founder Ev Kontsevoy.
At KubeCon+CloudNativeCon this week, the company also launched the Teleport Unified Access Plane, which promises to provide a single point of access for all computing resources such as servers, Kubernetes clusters or internal applications across all environments, behind network address translation (NAT), regardless of location.
“We believe that now we are entering this cloud maturity stage, where most new projects … are being built on the cloud, that’s the first-class citizen. It’s no longer a side project for most organizations,” said Kontsevoy. “So Cloud is default. And other hosting form factors are just complementary to that.
“And most organizations are using multiple clouds. And therefore we believe developers should see the entire planet that we live on as one giant computer. Because right now, every developer needs to remember that, ‘Oh, we’re running this on Amazon, we’re running this on Azure.’ Organizations, believe it or not, have hundreds of AWS accounts that they’re juggling between different projects. …
“So we believe that this fragmentation of computing environments is absolutely killing productivity right now. And our customers and users of Teleport agree, but security people are also concerned because back in the day, you had to secure a single data center. But now the average organization uses multiple clouds with hundreds of accounts everywhere. How do you secure all of it?“
Teleport solves this by creating what the company calls environment-less computing where everything is one giant computer with one unified way to access everything, he said.
Teleport Unified Access Plane is open source and relies on open standards such as SSH, HTTPS, SAML, OpenID Connect and others. It is deployed as a single-binary drop-in replacement for OpenSSH.
With a single sign-on and short-lived certificates, it eliminates the need to manage shared secrets or SSH keys. It integrates with all enterprise and community SSO providers, including GitHub, Okta, Active Directory, Google, and others.
It enables users to see all servers, Kubernetes clusters, internal applications, databases, and even live sessions on any infrastructure across all environments anywhere in the world, according to the company. In addition, it provides visibility into who is accessing each resource across all environments and what they’re doing. In addition, users can invite colleagues to collaborate, providing session recordings and audit logging.
The company previously offered server access and Kubernetes access but has added application access to the mix as part of Teleport 5.0.
“If you want to access internal applications, such as Grafana dashboards, Kubernetes dashboards, maybe some internal dashboards that you’re building, maybe a Jenkins instance, CI/CD pipeline, every production environment, every cloud, people run a lot of internal tools on them. But if you want to access them, then you need to expose them. You need to have a public IP address, you need to have a domain name, you need to have an SSL certificate, you need to have authentication and username and password,” Kontsevoy said.
“So it’s actually quite, it’s a lot of work to expose all of these things. Teleport Application Access does all these things automatically.”
Beyond the productivity gains, the second benefit is for security teams, he said. It also enables users to retrofit existing applications and integrate custom applications to comply with security standards such as SOC2, PCI, and FEDRamp without modification.
“It means that they could now implement things like FedRAMP compliance, for example, for their legacy applications. Because if you want your production environment to be FedRAMP compliant, it’s not enough to secure your own code. You also need to make sure that things like Jenkins and other things have relevant access controls. And Teleport automatically gives you that,” he said.
Teleport provides an audit log that’s encrypted, even if the existing application doesn’t provide it.
Teleport Application Access is one of two new features of Teleport 5.0. The other is a managed cloud service, available from its website.
As part of its vision of creating one giant computer for companies, it’s working on other forms of access, such as database and desktop. It has a preview called Teleconsole, which allows users to share a terminal session with trusted people via a command line using SSH or using the browser over HTTPS.
KubeCon+CloudNativeCon is a sponsor of The New Stack.