Teleport: Unifying Access for Elastic Infrastructure
Teleport is an ambitious open-source GitHub project lead by gravitational that aims to tackle challenges inherent in managing user access to servers across complex and distributed infrastructure. Convenient, secure and easy to use as any modern cloud-hosted web service, Teleport is designed to provide seamless access to infrastructural resources across all computing environments.
Project Overview:
The objective of the Teleport project is to simplify cluster security by eliminating the operational overhead of managing key pairs within an organization, thereby reducing the opportunities for attacker's privilege escalation exploits. Teleport is a perfect fit for organizations and teams managing a fleet of servers or clusters that span across multiple data centers or cloud providers.
Project Features:
Teleport features include role-based access control (RBAC), in-built encryption, clustering, and interoperability, while offering enhanced security features such as access proxies and recording of the SSH session. This allows organizations to maintain an effective security posture by having complete visibility over the access and behavior of users across multiple environments. From a functional standpoint, Teleport allows users to list and see all the servers they can access and log into any server across any environment without having to keep track of the IP addresses or configuring VPNs.
Technology Stack:
Teleport uses Go programming language ensuring simplicity, efficiency, and speed. Teleport also utilizes gRPC, a high-performance, open-source universal RPC framework. Both Go and gRPC are cloud-native technologies which contribute to the project's success by ensuring it is lighter, faster, and more compatible with different platforms. Other notable tools Teleport uses are BPF for the syscall auditing and xterm.js for the web-based SSH and Kubernetes terminals.
Project Structure and Architecture:
Teleport adopts a four-layer structure including the Proxy, Auth, Node services, and the tsh client. The Proxy acts as a gateway while the Auth serves as the certificate authority. The Node Service handles the serving while tsh client helps in communicating across all layers. The infrastructure is designed in such a way that services interact with each other through certificates which significantly improves system security.