blog

SEAN K.H. LIAO

beyondcorp

BeyondCorp the zero trust security framework developed by Google to shift the security perimeter to individual people and devices.

Part of that work goes into networking, creating finer grained tunnels and access controls than what VPNs offer.

overview

product cloud / self protocols notes
Tailscale cloud / self IP p2p wireguard tunnel setp, technically a VPN
Google IAP cloud hosted TCP local proxy, tunnels TCP over HTTPS
Cloudflare Access cloud hosted TCP local proxy, tunnels TCP
Hashicorp Boundary self hosted TCP local proxy, tunnels TCP
AWS Worklink cloud hosted HTTPS remote desktop/browser?
Oauth2-proxy self hosted HTTPS reverse proxy for HTTPS
yahoo/athenz self hosted HTTPS reverse proxy for HTTPS
Pomerium self hosted HTTPS reverse proxy for HTTPS / ext auth endpoint
Azure App Proxy cloud hosted HTTPS / RDP reverse proxy for HTTPS / RDP?
Duo Network Gateway self hosted HTTPS / SSH reverse proxy for HTTPS / SSH
Okta Access Gateway self hosted HTTPS / SSH reverse proxy for HTTPS / SSH (Adv.Server Access)
Trasa self hosted HTTPS / SSH / RDP reverse proxy for HTTPS / SSH / RDP / ext auth endpoint
strongDM cloud hosted? SSH / RDP / k8s? / databases local proxy, tunnels TCP over TLS, extra support for SSH / RDP / K8s / databases
Gravitational Teleport self hosted SSH / k8s? reverse proxy for SSH / some k8s specific support?

other

product cloud / self protocols notes
Smallstep cloud hosted SSH SSO for SSH (issues SSH certs on demand)