I also already use Cloudflare for everything. The private infrastructure will only be accessed by our small team of employees and should have very little inbound traffic (at least relative to traffic from users) for a long time, unless there's something I'm not anticipating. To put SSH and other services behind Cloudflare Access, you need to use Argo Tunnel, and Argo costs $5/per month + 10 cents per GB (with first 1 GB free).
Duo beyondcorp free#
My first choice was Cloudflare Access, which is free and ticks all of the other boxes except by default it only protects HTTP services and not SSH or anything else. I'm okay with using either a third party/cloud service or an open source solution. I'm looking for a free or cheap way to set this up for my infrastructure. This seems like an appealing model to me, but it doesn't seem very common yet. To have every Google employee work successfully from untrusted networks without the use of a VPN. Google's BeyondCorp mission (2011-present) All access to services must be authenticated, authorized, and encrypted.Access to services is granted based on what we know about you and your device.Connecting from a particular network must not determine which services you can access.Single sign-on, access proxy, access control engine, user inventory, device inventory, security policy, and trust repository. My understanding is the big new thing is Google's BeyondCorp security model which does away with VPNs and just makes everything directly Internet-facing and protected behind an auth layer. The traditional approach would be to set up a VPN and keep everything on the internal network, but that can carry its own issues (can be annoying and disruptive to switch networks results in a "hard shell, soft interior" without other measures). I'd like it to be restricted for all services: SSH, HTTPS, etc.
I'm looking to set up some private infrastructure (developer infrastructure like internal wikis, internal webapps, GitLab) and would like to lock every server down behind some sort of SSO with MFA.