
Ask HN: Cheap or open source BeyondCorp implementations - meowface
I&#x27;m looking to set up some private infrastructure (developer infrastructure like internal wikis, internal webapps, GitLab) and would like to lock every server down behind some sort of SSO with MFA. I&#x27;d like it to be restricted for all services: SSH, HTTPS, etc.<p>I&#x27;d like to set up Google&#x27;s BeyondCorp security model in a cheap or free way for my infrastructure. I&#x27;m okay with using either a third party&#x2F;cloud service or an open source solution.<p>My first choice was Cloudflare Access [1], which is free for HTTPS. But to put SSH and other services behind it, you need to use Argo Tunnel, and Argo costs $5&#x2F;per month + 10 cents per GB (with first 1 GB free). The private infrastructure will only be accessed by our small team of employees and should have very little inbound traffic (at least relative to traffic from users) for a long time. But the cost and lock-in could pose issues in the future.<p>My second choice is the open source Pritunl Zero BeyondCorp server [2]. This looks really good and like it&#x27;ll meet all my requirements, but of course it requires some manual setup and maintenance. And and the costs of the server I run it on may end up being equivalent to or even more than what I&#x27;m paying for Cloudflare Argo for some time.<p>Google Cloud Platform&#x27;s Identity-Aware Proxy [3] seems to be Google&#x27;s original internal BeyondCorp implementation, but for cloud customers. I would need to use GCP for all of my infrastructure. I&#x27;m not necessarily against using GCP in the future, but right now I&#x27;d like to save as much money as possible in the early stages of my project. I believe I can save significant amounts of money using standard VPS servers over GCP&#x2F;AWS infrastructure - at least in the early stages.<p>[1] https:&#x2F;&#x2F;www.cloudflare.com&#x2F;products&#x2F;cloudflare-access&#x2F;
[2] https:&#x2F;&#x2F;zero.pritunl.com
[3] https:&#x2F;&#x2F;cloud.google.com&#x2F;iap&#x2F;
======
nwrk
Please check Gravitational's excellent Teleport.

Privileged access management for elastic infrastructure.
[https://gravitational.com/teleport](https://gravitational.com/teleport)

[https://github.com/gravitational/teleport](https://github.com/gravitational/teleport)

