This article was originally published on the mysocket blog
In this blog post, we’ll look at the mysocket journey of moving from a single cloud provider to a more flexible and heterogeneous multi-cloud infrastructure. We moved from using just AWS to now also include Stackpath. We’ll see how mysocket now relies on two independent anycast networks and what that means for the build and deploy processes as well as traffic load balancing options.
For the last few months, the mysocket infrastructure has been running on AWS without any issues. I chose AWS for no specific reason other than it has…
In this blog, we’ll look at how your users can ssh to servers and authenticate using OpenID connect. No need for passwords or even per user ssh keys. Instead, we’ll use Gmail as an example to authenticate users. Gmail is just an example; this could be your corp.com email as well.
Password management and key rollovers are a pain.
You’ve probably had the conversations about password and key rollovers, because of security compliance, or best practices, you need to roll your password and change your ssh keys every 90 days. …
This article will take a closer look at network loops and how they can be abused as part of DDoS attacks. Network loops combined with existing reflection-based attacks can create a traffic amplification factor of over a thousand. In this article, we’ll see how an attacker will only need 50mb/s to fill up a 100gb/s link. I’ll demonstrate this in a lab environment.
This blog is also a call to action for all network engineers to clean up those lingering network loops as they aren’t just bad hygiene but a significant operational DDoS risk.
Network Loops
All network engineers are familiar with…
Today I’m excited to announce a feature a few of you have asked for — custom DNS names for your sockets.
Up until today, mysocket would generate a random DNS name for your socket. For example, floral-wildflower-1092.edge.mysocket.io. This was great to get started, but as more folks are interested in the zero trust features you asked us to add support for custom DNS names.
To support this on our end, we both need to make sure we accept connections for these custom DNS names and map them to the correct service. …
Some exciting news today, in this blog post, we’re introducing our new dashboard, portal.mysocket.io. The portal has similar functionality as the mysocketctl CLI tool but also provides access to statistics. Keep on reading; as for you power users, there’s another nice improvement related to tunnel authentication changes.
For the last two months, we’ve mostly focused on building out and proofing the underlying technology. We focused on the tunnels, the proxies, the distributed systems work, CLI and API, as well as the authentication and authorization components for our zero-trust features.
It’s been great to see a…
In this article, we’ll look at Mysocket’s zero-trust cloud-delivered, authenticating firewall. Allowing you to replace your trusted IP ranges with trusted identities.
Last month we introduced our first zero trust features by introducing the concept of Identity Aware Sockets. It’s been great to see folks giving this a spin and start using it as a remote access alternative for the traditional VPN.
Most services out there today are HTTP based, typically served over HTTPS. However, there are a few other commonly used services that are not HTTP based and, as a result, up until today, didn’t benefit from our…
It’s been two weeks since our last blog, so time for an update. I’m happy to report the introduction of our “Identity aware sockets” feature was well received, and we’ ‘ll continue to expand on that over the next few weeks.
In the meantime, we’ve spent time on rewriting the mysocket client, mysocketctl, in Go. The original version was written in Python3, and although it works fine, we’ve had numerous requests to publish binaries. This will make it easier to install the client as not everyone is familiar with pip or python. …
In this blog post, we’ll introduce an exciting new feature that, with the help of Mysocket, allows you to deploy your own Beyond Corp setup.
What is Zero Trust
The main concept behind Zero Trust is that users shouldn’t just be trusted because they are on your network. This implicit trust problem is something we typically see with, for example, corporate VPNs. With most corporate VPN’s once a user is authenticated, the user becomes part of the corporate network and, as a result, has access to many of the resources within the corporate infrastructure. …
If you’re in the world of cloud infrastructure, then you’ve heard of Kubernetes. Some of you are experts already, while some of us are just learning or getting started. In this blog, we’ll introduce a mysocket controller for Kubernetes and demonstrate how easy it is to use mysocket.io as your cloud-delivered load balancer for your Kubernetes Services. If you’re a Kubernetes user already, then it should just take a minute to get this mysocket controller setup.
See this video for a demo of the Mysocket.io integration with Kubernetes
Pods, Deployments, and Services
Before we continue, let’s review some of the main Kubernetes building…
Last week AWS had a major outage in its US-EAST1 region, lasting for most of the day, just before the big black Friday sales! Incidents like this are a great reminder of the importance of multi-region or even multi-cloud deployments for your services.
Depending on your “cloud maturity” and your products’ complexity, you may already be there or just getting started. Either way, in today’s blog, we will take a look at how we can use mysocket’s load balancing features to make deployments over multi-region easier.
A global load balancing service
In earlier blogs, we looked mostly at how the mysocket.io tunnel service can help…
