Company
Aug 15, 2022

Opal and Tailscale: On Demand Access to Production

Opal works better together with Tailscale to grant just-in-time access to production

Eugene Ling
Head of Growth

We’re incredibly excited to announce the partnership between Tailscale and Opal. Tailscale is a popular VPN service that enables businesses to access devices and applications securely and easily. Leveraging the WireGuard® protocol, Tailscale provides point to point connections, protected with end to end encryption, meaning only devices on your private network can communicate with each other, and Tailscale never sees your data. With Tailscale SSH, organizations can manage SSH access across devices using a common set of ACLs enforced by Tailscale rather than cumbersome public key authentication.

The Opal team is thrilled to partner with Tailscale so that users can easily make access requests to Tailscale resources using a self-service catalog, while admins can set up powerful approval and security guardrails. With the Tailscale + Opal integration, organizations can granularly manage SSH access with the following workflows:

  • Allow users to request just-in-time access to resources on your tailnet from web and Slack
  • Set the right resource owners to delegate approvals to those with the most context
  • Configure day one access to Tailscale resources with groups from your identity provider
  • Automatically escalate and revoke privileged resource access based on on-call schedules e.g. PagerDuty or Opsgenie
Opal and Tailscale: On Demand Access to Production

Tailscale and Opal : Better Together

Implementing least privileged access management at scale is difficult. As companies mature, engineers often transition from having default admin access to constantly needing to request or  extend new access. Organizations often struggle to navigate the balance between productivity and security as they make this transition.

Leveraging Tailscale and Opal together, enterprises are able to scale processes needed for least privileged access management. With Tailscale, access can be granularly but scalably managed across infrastructure through a variety of constructs including groups, tags and hosts. With Opal, companies can delegate management of sensitive resources away from bottlenecked and centralized teams to those resource owners with the most context. These owners can configure the right approval workflows, set up 2FA to verify the approver’s identity, restrict maximum request durations and more. In this way, organizations can leverage Tailscale and Opal together to implement scaleable least privilege.

Get Started

Getting started with Opal and Tailscale is fast:

  1. Follow Tailscale documentation to install Tailscale on a database server and enable Tailscale SSH access. If you are unable to install Tailscale directly on the server, you can use a subnet router (for example, to access AWS RDS)
  2. Install the Tailscale application in Opal - https://app.opal.dev/apps/create/tailscale

About Opal:

Opal is the centralized authorization platform for IT and Infrastructure teams. Deeply integrated with developer infrastructure, SaaS applications, and custom internal tools, Opal enables companies to implement scalable access management.

Want to see it yourself? Contact hello@opal.dev or book a meeting here for a personalized demo

Eugene Ling

Updates + insights about the future of access management