undefined | Better HN

0 pointsatonse5y ago0 comments

Is this sort of like what MS is doing with Windows Subsystem for Linux, where they're able to "boot" that Linux in mere seconds?

By the way, as an elixir developer Fly.io looks extremely cool. But my (mostly public sector) customers want to hear something similar to the words "AWS" when asked about hosting – so is it running on top of AWS or Azure or GCP? (instances look like they may be GCP, which is fine too).

0 comments

tptacek5y ago

It runs on our own hardware. There's no AWS or GCP beneath it.

atonseOP5y ago

Ok thanks – this has been one of the rare things that some of those clients seem to care about (whether they're right or wrong, or rather, more conservative).

I had another question – this seems similar to what Hashicorp is doing with Boundary. Have you looked at Boundary and how this potentially compares with that, from an architecture standpoint? Of course there are parts of this that are bespoke to your infrastructure, but I'm just more curious from a nerdy-aspect of it because we're evaluating boundary as a replacement to our current setup (Wireguard bastion host), for all the other benefits like auth and logging.

tptacek5y ago

There is a lot of Hashi in our stack already; we orchestrate with Nomad (we have our own Firecracker task driver), we backend our certificate system --- which is awesome, certificates just work for Fly apps --- with Vault, and we use a lot of Consul.

I think our take on end-user access management is lower-level than what Boundary is trying to do. Boundary, as I understand it, sees the world the way an IdP RP does, mostly in terms of bearer tokens. We see stuff as infrastructure; a static configuration on an EC2 instance or a CI container; "just Unix". If we weren't building a PAAS, we'd probably lean much more strongly towards Boundary's way of looking at things.

As well, we care about minimizing and understanding as much of the code we expose as possible. For all the talking I've done about SSH here, the serverside of this feature is just a couple hundred lines of code; it is dwarfed by the clientside code. I couldn't say that about a Hashi product. (HashiCorp could though!)

2 more replies

j / k navigate · click thread line to collapse

0 pointsatonse5y ago0 comments

Is this sort of like what MS is doing with Windows Subsystem for Linux, where they're able to "boot" that Linux in mere seconds?

0 comments

tptacek5y ago

It runs on our own hardware. There's no AWS or GCP beneath it.

atonseOP5y ago

Ok thanks – this has been one of the rare things that some of those clients seem to care about (whether they're right or wrong, or rather, more conservative).

tptacek5y ago

2 more replies

j / k navigate · click thread line to collapse