Disclaimer: I work at Teleport (but I am not the author of the article).
This work was done because the Teleport users who used it for SSH kept asking for the same access for their databases. The reasoning goes like:
1. Setting up a single proxy gives you the same benefits for N databases as they come online. No need to manage additional endpoints (public IPs, ports, etc).
2. You have the same centralized place to manage auth/authz for all users.
3. This allows to connect to databases on the edge, where there isn't an opportunity to have a permanent public IP and locations frequently go online/offline.
4. Finally, it's nice to have unified visibility into what's available (for users) and centralized logging/audit for the security team.
As always, all of this is possible with other tools. The world of open source is vast and full of options, but we were hoping to make it simpler, with less configuration and moving parts.
This work was done because the Teleport users who used it for SSH kept asking for the same access for their databases. The reasoning goes like:
1. Setting up a single proxy gives you the same benefits for N databases as they come online. No need to manage additional endpoints (public IPs, ports, etc).
2. You have the same centralized place to manage auth/authz for all users.
3. This allows to connect to databases on the edge, where there isn't an opportunity to have a permanent public IP and locations frequently go online/offline.
4. Finally, it's nice to have unified visibility into what's available (for users) and centralized logging/audit for the security team.
As always, all of this is possible with other tools. The world of open source is vast and full of options, but we were hoping to make it simpler, with less configuration and moving parts.