New ask Hacker News story: Ask HN: Cheap or open source BeyondCorp implementations

Ask HN: Cheap or open source BeyondCorp implementations
3 by meowface | 1 comments on Hacker News.
I'm looking to set up some private infrastructure (developer infrastructure like internal wikis, internal webapps, GitLab) and would like to lock every server down behind some sort of SSO with MFA. I'd like it to be restricted for all services: SSH, HTTPS, etc. I'd like to set up Google's BeyondCorp security model in a cheap or free way for my infrastructure. I'm okay with using either a third party/cloud service or an open source solution. My first choice was Cloudflare Access [1], which is free for HTTPS. But to put SSH and other services behind it, you need to use Argo Tunnel, and Argo costs $5/per month + 10 cents per GB (with first 1 GB free). The private infrastructure will only be accessed by our small team of employees and should have very little inbound traffic (at least relative to traffic from users) for a long time. But the cost and lock-in could pose issues in the future. My second choice is the open source Pritunl Zero BeyondCorp server [2]. This looks really good and like it'll meet all my requirements, but of course it requires some manual setup and maintenance. And and the costs of the server I run it on may end up being equivalent to or even more than what I'm paying for Cloudflare Argo for some time. Google Cloud Platform's Identity-Aware Proxy [3] seems to be Google's original internal BeyondCorp implementation, but for cloud customers. I would need to use GCP for all of my infrastructure. I'm not necessarily against using GCP in the future, but right now I'd like to save as much money as possible in the early stages of my project. I believe I can save significant amounts of money using standard VPS servers over GCP/AWS infrastructure - at least in the early stages. [1] http://bit.ly/2DlqLuD [2] http://bit.ly/2AUlY0S [3] http://bit.ly/2m4O0fD

No comments