Seems straightforward?
I think if you don't have friends working at e.g. big banks or whatever, you might not grok just how nutty it is to try to run simple agent workflows.
As someone who is on the other side of the fence on this and trying to keep the network secure and preventing data exfiltration there could be a good reason for this. More often than not we have folks doing all kinds of crazy things and ignore what’s in the handbook. For example we had someone who didn’t like MFA for remote access and would use Tailscale to have a remote permanent reverse proxy to their homelab to do whatever work they were doing. What’s funny is that we are not BOFH’s and would have helped them setup whatever they need had they just sent us an email or opened a ticket.
* Security/risk teams have coherent, sensible goals for managing access
* The technology stack they've landed on makes those goals performative; so complicated that they can't even express their most important goals, so annoying that users route around it
* What's needed is a radically simplified approach that centers end-user experience (particularly around onboarding).
I'm not saying banks are crazy to want to control LLM usage (I'm not bullish on it long-term either, but I see the issue), just that the systems I've talked to friends about them using today are batshit, ranging from "foundation lab shmoundation lab we'll just do our own models" to "OK you can operate in 2025 but only in a Citrix terminal".
Trying to be all things to all people will inevitably dilute focus, and it’s understandable that OP might be looking at this sub-product and wondering where the value is for their use cases.
They’re probably not the only ones questioning whether they’re still part of Tailscale’s core ICP (ideal customer profile), either.
Edit: expanded ICP for clarity.
Tails ale is not a company I see being involved in my core AI ops. I don't need their visibility tools, I already have LGTM.
Tailscale should focus on their core competency, not chase the gilded Ai hype cycle. I have sufficient complaints about their core product that this effort is a red flag for me. To do this now, instead of years ago, shows how behind the times they are
This product isn't about managing and distributing API keys, it's about managing and distributing access to these services throughout the org. In fact, it's more about being able to avoid managing and distributing API keys, which is IMHO even better.
We recently brought them into the stack to manage said access, it has been painful, aiui their configuration is not intuitive (not the one working on it). I suspect any further expansion will be a big ask after the dismal experience. I certainly don't trust them to manage my secrets and access afterwards. I haven't even found an enjoyable DX talking point in either my personal or professional usage either
> They're not a networking company, they're an access control company.
This is like Ripping saying they are not an HR company, they are an access control company. I got into this very argument with them on a sales call looking for a payroll provider. They wanted to manage the keys to everything, I don't trust them to safely guard access to my cloud projects, nor is it something I even want my HR/payroll company even considering doing. This new product sounds like TailScale was the keys to the kingdom and I sure as hell am not giving it to them after the disappointing rollout of their established networking technology
It's conceivable surely to anyone that a company could do more than one thing?
There's a set of common needs across these gateways, and everyone is building their own proxies and reinventing the wheel, which just feels unnecessary.
~All of our customers at Oso (the launch partner in the article) have been asking us how to get a handle on this stuff...bc their CEO/board/whatever is asking them. So to us it was a no-brainer. (We're also Tailscale customers.)
I feel exactly the same way.
So many open issues, the majority thoroughly deserving of a resolution.
I would rather they get their house in order on the core product first before rushing out shiny new things .... because the shiny new alpha/beta things will only exponentially increase the number of open issues.
No idea how this is solved at the moment, so seems like a smart step
I like tailscale itself but a lot of basic stuff (such as dynamic routing) or ephemeral node auth are very lacking, wish they would concentrate more on their core product we all like and want to see improve
Building software users like doesn't make for a good business model. Especially if that model has to satisfy VC.
Sounds like something your Account Manager or similar would need to work through. Development roadmaps are often driven by the largest, or loudest customers.
A separate goal I have personally: demonstrate that anyone can build really neat stuff directly on top of the "Tailscale platform." One of my rules for the Aperture team was, you're not allowed to change core Tailscale, you have to build entirely on top as if you were some partner company. So this is a demo of how anybody can make pretty slick, easy-to-use, and yet highly secure stuff by building on Tailscale (the open source packages, or the commercial product, or both).
> By collecting usage information into a single place, engineering and IT leaders can get a complete picture into both user and agent token efficiency across the organization and providers.
What exactly is “user token efficiency”?
The true moat of Tailscale is the core product. That can’t be easily replicated (still). Perhaps some product to simplify controlling what resources agents in the organization have access to and having 100% visibility + audatability for them will be way more useful.
they're not containerised, just plain old daemons.
Tailscale services will do that. You can do the proxying with tailscale serve, services gives you the MagicDNS name and virtual IP address bound to it.
*edited; I initially pointed to Funnel which would be used for sharing outside your tailnet.
Netbird time?