Brief product summary

Tailscale is a virtual private cloud VPN-alternative which effectively allows you to create your own private internet. Where most VPNs allow individual users to connect to a network and treat their connection as though it originated from within the network, Tailscale stitches together multiple networks (and devices) and treats them as one, redefining the boundaries of the network and its perimeter. Its primary usage is for organizations creating a network between cloud resources without the need for firewall configuration changes.

TailscalePomerium
Similar solution🍎🍊
ClientRequired for all machines, devices and protocols.No client for HTTP-based services.
Device authenticationIn partYes.
Integrates with multiple Identity Providers
Context-aware gateway
Open Source
Policy DescriptionsCan only support simple rules.Can support complex rules.
Layer47

Our Recommendation

Tailscale and Pomerium are very good complementary solutions, with Tailscale providing reachability and tunneling directly to hard to reach servers while Pomerium provides context-aware access to web applications and services for a true zero trust architecture. If you have servers that are deeply-nested or hard-to-access because they’re buried between complicated layers of networking, Tailscale is a great solution for providing access. For web applications and internal services, Pomerium is a better fit.

Use Cases

  • Digitized perimeter β€” Tailscale is great at connecting various computing environments together.
  • VPN in a trench coat β€” As a nextGen VPN alternative, Tailscale enables users to have remote access to the network from any physical location.
  • In network β€” Administrators can use Tailscale to create secure point-to-point connections.
  • Firewall β€” Organizations can set their desired security access policies.
  • As big as you need it β€” Tailscale is designed to oversee large-scale deployments.
  • A trail of breadcrumbs β€” Management will be happy that Tailscale streams its logs to a central logging server for auditing purposes. A potential downside is that this approach for logging is not as well-validated as MITM.

Strengths

Weaknesses

  • You get what you pay for β€” Some features such as ACL policy or Okta integration are only available for paying users.
  • Network-centric, not application-centric β€” If your organization uses multiple applications and want to maintain a zero trust architecture, the administrators will need to craft specific policies that are hard to maintain at scale.
  • A world to maintain β€” Because you’re effectively creating your own private network, your administrators will need to write policies for all use cases to enforce good security hygiene.
  • Wrong tool for Applications β€” Because Tailscale is on Layer 4 while Applications are all Layer 7, Tailscale has some inherent weaknesses for Layer 7 needs.

Revolutionize Your Security: Achieve Compliance Hassle-Free!

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Download Now
Download Now