BeyondCorp the zero trust security framework developed by Google to shift the security perimeter to individual people and devices.
Part of that work goes into networking, creating finer grained tunnels and access controls than what VPNs offer.
| product | cloud / self | protocols | notes |
|---|---|---|---|
| Tailscale | cloud / self | IP | p2p wireguard tunnel setp, technically a VPN |
| Google IAP | cloud hosted | TCP | local proxy, tunnels TCP over HTTPS |
| Cloudflare Access | cloud hosted | TCP | local proxy, tunnels TCP |
| Hashicorp Boundary | self hosted | TCP | local proxy, tunnels TCP |
| AWS WorkSpaces | cloud hosted | HTTPS | remote desktop/browser/virtual desktop (VDI)? |
| AWS Verified Access | cloud hosted | HTTPS | reverse proxy for HTTPS |
| Oauth2-proxy | self hosted | HTTPS | reverse proxy for HTTPS |
| yahoo/athenz | self hosted | HTTPS | reverse proxy for HTTPS |
| Pomerium | self hosted | HTTPS | reverse proxy for HTTPS / ext auth endpoint |
| Azure App Proxy | cloud hosted | HTTPS / RDP | reverse proxy for HTTPS / RDP? |
| Duo Network Gateway | self hosted | HTTPS / SSH | reverse proxy for HTTPS / SSH |
| Okta Access Gateway | self hosted | HTTPS / SSH | reverse proxy for HTTPS / SSH (Adv.Server Access) |
| Trasa | self hosted | HTTPS / SSH / RDP | reverse proxy for HTTPS / SSH / RDP / ext auth endpoint |
| strongDM | cloud hosted | HTTPS / TCP / SSH / RDP / k8s / databases | local proxy, tunnels TCP over TLS, extra support for SSH / RDP / K8s / databases |
| Gravitational Teleport | self hosted | SSH / k8s? | reverse proxy for SSH / some k8s specific support? |
| product | cloud / self | protocols | notes |
|---|---|---|---|
| Smallstep | cloud hosted | SSH | SSO for SSH (issues SSH certs on demand) |