CloudDevelopersFeaturedLet's Talk

Overcoming The Complications Of Access In Cloud With Teleport

0

Guest: Ev Kontsevoy
Company: Teleport
Show: Let’s Talk

Teleport is a company that offers a product, called Access Plane, to provide engineers with secure remote access to cloud computing environments, such as servers, Kubernetes, clusters, internal web applications, databases, and so on. With Access Plane, engineers can access those instances from anywhere.

Why did Ev Kontsevoy, Co-Founder and CEO at Teleport, create Access Plane? To answer that, he simply says engineers are “not physically located in data centers, which means that everything we do in cloud computing is operated remotely. And Teleport is the best way to do it.” Kontsevoy then poses the question, “What is remote access?” To answer the question, he says, “That’s secure connectivity, authentication, authorization, and audit visibility into what’s happening.”

Those four pillars are incredibly complicated because the larger the cloud gets, the more software is deployed within. So now we’re looking at multiple databases, servers with SSH and RDP, Kubernetes clusters, and internal applications like Grafana dashboards. All of those elements require secure connectivity, authentication, authorization, and audit. To that, Kontsevoy says, “Configuring every single computing resource with proper access takes a lot of time and energy. But also a lot of companies just don’t have the talent or maybe they have engineers who are working on other issues.”

Because of that huge operational overhead to maintain those four pillars of access, Teleport consolidated access to one plane, where it allows you to configure everything at once.

Multi-cloud, however, posed special problems. At the moment, access is siloed. Even when a cloud provider has its own access solution, they only take care of their own stuff. Kontsevoy says, “If you look at AWS, yes, they have access, but that’s access to their own APIs. That’s access to resources they provide. But if you install MongoDB on your AWS infrastructure, either way, it’s not really helping you access it.” When engineers have to start configuring access to all of these elements, the pain starts becoming apparent.

To complicate this even further, you throw in on-prem, cloud, edge…all of which is merging now. Teleport puts connectivity, authentication, authorization, and audit in one place, that is, Access Plane.

Previously, Teleport included support for SSH, Kubernetes, SQL, and PostgreSQL. With Teleport 7.0, they’ve included MongoDB. Of course, the addition of MongoDB is only one dimension. Of the second dimension, Kontsevoy says, “The second dimension that we think about in evolving the product is adding support for more and more client types, right? So you could use teleport programmatically, you could use it manually. We are thinking about expanding to data analysts, right? Because they don’t always use the command line. Sometimes they use GUIs. So they need a graphical way to connect to all of the databases in the world. So, that’s the way we think about growing. And that is the major new addition to Teleport 7.0.”

As to the future of Teleport and Access Plane, Kontsevoy makes it clear their roadmap is public. Anyone can go to GitHub, locate the Teleport repository, and view the tickets coming in that include feature requests. Teleport even publishes what they call “design documents,” where the community can see how features will be implemented, provide feedback, and also learn about the product.

The summary of the show is written by Jack Wallen


Here is the rough, unedited transcript of the show:

Swapnil Bhartiya: Welcome to TFiR Let’s Talk. I’m your host Swapnil Bhartiya. And my next guest is Ev Kontsevoy CEO and co-founder at teleport. Ev it’s great to have you on the show.

Ev Kontsevoy: Thank you for having me.

Swapnil Bhartiya: Since this is the first time we are talking. I would love for you to explain what is the company all about because you are also a co-founder. So talk about the problem you saw in the space that you created the company.

Ev Kontsevoy: We are teleport, We say that we’re an access plane company. So access plane is our product. So access plane provides engineers with secure remote access to their cloud computing environments, things like servers, Kubernetes, clusters, internal web applications, databases, so on and so forth because we are not as engineers. We’re not physically located in data centers, which means that everything we used to do cloud computing is operated remotely. So, and teleport is the best way to do it.

Swapnil Bhartiya: Why did you create the company? What problem that you saw in the space that you’re like, hey, no, we need to solve this problem.

Ev Kontsevoy: Access is extremely complicated problem and the pain is only getting worse. So if I were to dive into like, what is access, what is remote access? Well, that’s secure connectivity, authentication, authorization, and audit visibility into what’s happening. So, and those four things are incredibly complicated and painful these days because we get more and more computing resources, the clouds are growing, then you get more and more software deployed in there. So you have things like multiple databases and you have servers with SSH and RDP, then you have Kubernetes clusters and you have internal applications like Grafana dashboards, for example, and all of those things need secure connectivity, authentication, authorization and audit. So configuring every single computing resource with proper access takes a lot of time and energy. But also a lot of companies just don’t have the talent or maybe they have engineers who just working on other issues. In other words, there’s just a huge operational overhead to maintain those four pillars of access across your entire computing footprint. And that’s what we do. We say teleport is an access plane. So we consolidate access in one place where we allow you to configure everything just one time. And then you get amazing user experience and amazing security and compliance.

Swapnil Bhartiya: If you just go back to the kind of infrastructure we are building today, we talk about hybrid cloud, we have a lot of things on prem. We have a lot of things on public cloud, and then we also have multi cloud where we are leveraging, different clouds, how challenging it becomes because authentication can become a challenge. Every cloud providers, they have their own identity management solutions as well. So let’s talk about, when we do look at this, that “multi cloud” word, what kind of unique challenges that you see there?

Ev Kontsevoy: So the access right now is siloed. Even when you say that the access that cloud providers have their own access solutions, but they only take care of their own stuff. Like if you look at AWS, yes, they have access, but that’s access to their own APIs. That’s access to resources they provision. But if you install Mongo DB on your AWS infrastructure, either way, it’s not really helping you access it. Like that’s on the own. You need to configure Mongo DB. You need to somehow securely expose it. So your engineers can establish secure connectivity. You need to connect it to your identity platform, right? Like, is it active directory, Google apps. So you have to configure the audit to go into one central place. So you see all of this work, the silo, the pain starts becoming apparent very early, but then you end up with multiple AWS accounts and then you start using other clouds.

And then maybe you have your own data centers that you also need to access. So it gets worse and worse and worse. And frankly, the difference between is it on-prem, is it cloud? Is it edge? All of this is merging right now. So if you look, there are plenty of companies, like I could to think of someone like Tesla or any of these autonomous driving vehicles, how they operate him, what are they deploying into? They basically deploy code into a planet earth because that’s really a deployment target. And if you’re doing that, so then of course the access needs to be consolidated. So in one place, like that’s why we call it the access plane, similar to data plane, or control plane. You will have your connectivity, authentication, authorization, and audit.

Swapnil Bhartiya: If you look at just like last 18 months because of this pandemic. Even if we don’t see that company’s approach towards digital transformation or embracing cloud chain, but it did get accelerated didn’t you see any spike in either demand or, as people rushed to our cloud, initially, it was just rush. And then the hangover period is over. Now, they’re dealing with the real problems and that’s clear your four pillars come into picture. What have you seen in the last 18 months? Any, there you see, no, that was a natural trajectory that was already happening, or you did see some spike in demand or traffic.

Ev Kontsevoy: I would say it’s both, as they said, the major three pain points of implementing access properly are, as I said, hardware, software, people ware. So if you look in the hardware side, the infrastructure footprint has been growing. Like you would be meeting with a company with our 15 employees and they might already have thousands of servers. So that’s the hardware pain, which is get more infrastructure. On the software side, you get more components that go into every computing environment, things like containers and Kubernetes and dashboards and cash and whatever so, that each environment is more complicated. And the pain point that you are bringing up is the people ware problems. So now actually we have more engineers than ever. It’s becoming more and more popular profession and engineers are increasingly commonly working from home, which means that they might be using, they can borrow their significant others bypass. For example, did you have production deployment? Right? So that trend has also been undergoing and pandemic only accelerated it. So yes, we have seen the trend towards accelerating of adopting better access solutions in the industry, as well as COVID induced can a surge of interest.

Swapnil Bhartiya: Excellent. Now I want to switch the topic and bring it back to the company and teleport. If I’m not wrong, you folks recently updated teleport and offering support for Mongo DB. Tell me what’s new there in teleport?

Ev Kontsevoy: If you think of a teleport is a mechanism, how you get access to your infrastructure. So there is obviously two kinds of dimensions for how we can be evolving as a product. On one dimension, we are adding support for more and more computing resources. In other words, things that you have in your computing environment, and with this version 7.0 added support for Mongo DB. Previously teleport had support for SSH, for Kubernetes, for my SQL, for PostgreSQL, now Mongo DB, that’s one dimension. And the second dimension that we think about the evolving the product is adding support for more and more client types, right? So you could use teleport programmatically, you could use it manually. We are thinking about expanding to data analysts, right? Because, they don’t always use command line. Sometimes they use graphical gooeys. So they need a graphical way to connect to all of the databases in the world. So, that’s the way we think about growing. And that is the major new addition to teleport 7.0 Mongo DB.

Swapnil Bhartiya: Can you also talk about how are you involved with open source? Do you consume open-source do you contribute to open-source? Tell us your open source story.

Ev Kontsevoy: Open-source is how internet works. Without open source, we probably would’ve been like 10 years behind in terms of overall progress in the industry. So we are an open source company. Everything we do is open source, and we also standing on the shoulders giants like other companies, other contributors who built amazing open source tools and technologies. For example, we often get asked this question, did you guys build your own crypto? The answer is, of course not. Teleport is built again, as I said, standing on the shoulders of giants on Google’s implementation of all association crypto, for example, for association protocol, which is part of like a broader Golang ecosystem or Golang itself is open source. So, that’s the kind of company we are. So if you’re listening and you’re an engineer and you like security and you like go every child cause we hiring for every single position imaginable.

So yeah, we think of ourselves as an important part of open source community. We, like the open source edition of teleport is just as secure as what we sell to enterprise. So we don’t make any compromises on the security side, the things that we charge money for, they usually relate it to scale, like larger companies, they cared about things like highly granular access control or integrating with enterprise single sign on or enterprise solutions like Splunk. So, that’s our enterprise offering. But if you are a smaller team and you find with Google apps or GitHub as your source of identity, then teleport is a fantastic free and open source tool to get access to your clouds.

Swapnil Bhartiya: Yeah. So if I’m not wrong, the way I look at it is that you have an open source project, but you also offer commercial support around that because with open source, open source solves day one problem, you can easily grab the code, get it installed, but what about update, what about maintenance, what about new features that you may need? And then you mentioned, scalability. So that, then I see as a typical open source story where people can use open source code base, they can play with it, but there is also a vendor where they can go to if they need to scale.

Ev Kontsevoy: Absolutely. Yes, because what is product? Product is our expertise packaged in the form of a file that you download. And if you need more of it than what you pay money for, and then you could get an enterprise contract and the relationship with the vendor with us.

Swapnil Bhartiya: We just talked about the updates related to 7.0 Release. Of course, you can not share a lot at this point. There’ll be other news announcement. But if you can share the kind of roadmap that you have or things that are in the pipeline that you can share.

Ev Kontsevoy: So first of all, our roadmap is public. That’s another advantage of dealing with open source companies is because we develop in the open. So anyone can go to GitHub. I could just probably type like a GitHub teleport association. You will find repository and you will click on. So you will see all the tickets where community is asking us to build certain features and simply reading comments on these tickets, you will see what the core open source contributors think about this or that idea and then if you click on documentation. Documentation actually has a section on the roadmap where roadmap is published. So we’re working obviously on adding support for more database types. So Microsoft sql server is a plan support for windows, desktops, and other forms of remote desktop access is also on the roadmaps. All of these things are public and you can go and see how they’re being worked on. We even publish what we call kind of design documents. So just so community we’ll see how it will be implemented and hopefully provides feedback and also learn because we have some pretty amazing security people working on teleport.

Swapnil Bhartiya: Thank you so much for taking time out today and talk about not only teleport, access, controlling all those four pillars that you explained, and also how you are helping companies respect your fear. Their workloads are running, what kind of cloud they are running so they can manage them. Thanks for those insights and I would love to have you back on the show. Thank you.

Ev Kontsevoy: Thank you. It was a pleasure to be here.

Don't miss out great stories, subscribe to our newsletter.

Login/Sign up