Summary of From Tailnet to platform (Interview)

Overview of From Tailnet to platform (Interview)

This episode of The Changelog features David Carney, co‑founder and Chief Strategy Officer at Tailscale. The conversation covers Tailscale’s evolution from a VPN‑alternative into a platform for identity‑aware connectivity, developer primitives (TSNet), an identity proxy (TSIDP), a new private AI gateway (Aperture), and multi‑tailnet patterns for isolation and customer workloads. The discussion mixes technical details, product strategy, deployment options (hosted vs self‑hosted), and practical use cases for home labs and enterprises.

Key topics & main takeaways

• Tailscale is more than a VPN: it bakes identity into every connection and therefore enables new security and platform primitives beyond traditional networking.
• TSNet: a user‑space networking stack (Go library) that lets you compile services to appear as nodes on your Tailnet — i.e., apps become networked devices with identity and ACLs.
• TSIDP: a community project that exposes a local/private OIDC provider inside a Tailnet so internal apps can do "clickless" authentication (the network already knows who you are).
• Aperture: an AI gateway built on TSNet for consolidating API keys, adding identity to every model call, central logging, observability, and policy enforcement. Initially hosted by Tailscale (waitlist); free for home use and planned enterprise pricing / self‑host options later.
• Multi‑tailnet: the ability to create multiple, isolated Tailnets per organization (useful for staging/production/customer isolation, or machine‑to‑machine API‑only networks).
• Dynamic Client Registration (DCR) and MCP: Tailscale implemented DCR to reduce friction in registering clients/servers (important for agentic workloads); the MCP standards movement is evolving and fragmented, so Tailscale focused on a few concrete problems instead of chasing every change.

Technical concepts explained

TSNet

• A Go library providing a full user‑space Tailscale stack.
• Compile a service with TSNet and it appears as a Tailnet node (gets an IP in the Tailscale range, subject to ACLs).
• Enables building services that inherit Tailscale identity and connectivity primitives.

TSIDP

• A locally hosted, private OIDC/OAuth endpoint that reflects your external identity provider inside a Tailnet.
• Lets internal apps (e.g., Proxmox, TrueNAS, custom apps) perform OIDC flows without redirecting to the public IDP — enabling "clickless" login when you're on the Tailnet.
• Open‑source/community project; useful for home labs and internal apps that need OIDC support and dynamic client registration.

Aperture (AI gateway)

• A private AI gateway that runs as a node in your Tailnet (initially hosted by Tailscale).
• Consolidates API keys and routes model/API calls through a single identity‑aware proxy.
• Benefits: centralized logs and observability, per‑user/per‑session tracking, ability to revoke keys, and hooks for policy enforcement or real‑time analysis.
• Enables safer agent use (audit trails, potential blocking/approval loops, integration with security policy tools).
• Current status: early alpha with waitlist (aperture.tailscale.com); free for home use, enterprise pricing & self‑host options planned.

Multi‑Tailnet

• Create multiple isolated Tailnets per org/user for clear workload isolation (e.g., separate networks per customer, staging/production).
• Simplifies reasoning about security by dividing complexity into multiple smaller networks rather than one big, error‑prone config.
• API‑only Tailnets exist for machine‑to‑machine use cases (less user identity, more programmatic access).

Use cases & examples

• Home lab: run TSIDP and Aperture in your Proxmox/LXC/VM environment to avoid typing credentials—visit internal apps and be “clickless” authenticated.
• Enterprise: route all AI/model calls through Aperture to centralize keys, observe token use, detect risky prompts/calls, and produce an audit trail for compliance.
• SaaS/cloud providers: create per‑customer Tailnets (multi‑tailnet pattern) for isolated GPU/compute clusters managed per customer.
• Agent/AI workflows: run sandboxed agents in isolated Tailnets, route their model/tool calls through Aperture for auditing and policy enforcement.
• Dev tooling: embed TSNet in Go apps to expose services securely without firewall fiddling, IP whitelisting, or separate auth plumbing.

Security, governance & integrations

• Identity is first‑class: every Tailscale connection asserts identity (user/device), enabling fine‑grained ACLs and simpler auth models.
• Aperture enables centralized logging, session reconstruction (grouping API calls into sessions), and integrations for real‑time analysis (partners mentioned: Oso).
• Tailscale intends to be a horizontal connectivity platform and rely on partners for deeper policy, analysis, and tooling (not building every security product themselves).
• Blocking/approval flows and more nuanced access controls are on the roadmap for Aperture (initial release focuses on observability and control).

Product & business notes

• Aperture is currently provided as a hosted service with a waitlist; Tailscale plans to support enterprise customers and will explore self‑hosted/bring‑your‑own‑cloud options later.
• Free tiers and home‑lab friendliness remain core to Tailscale’s philosophy.
• Tailscale aims to become a platform (APIs + primitives) and encourages third‑party tooling and integrations on top of TSNet.

Notable quotes / insights

• "Tailscale makes it possible to connect any two devices anywhere in the world with strong guarantees of the identity of the user and the device at either end."
• "If you're on the Tailnet, you've already done an OAuth flow — so why do it again?" (rationale for TSIDP / clickless auth)
• "Aperture is a private AI gateway that lets you consolidate all of your API keys inside of it."

Resources & next steps (practical)

• Try Aperture waitlist / signup: https://aperture.tailscale.com
• Reach out / partner: aperture@tailscale.com
• TSIDP (community project) — search the Tailscale repos (likely under tailscale organization) for TSIDP/tsidp (community projects).
• Read about multi‑tailnet: look for Tailscale blog post “One Organization, Multiple Tailnets”.
• Watch Alex Kretschmar’s Tailscale videos for demos (Proxmox + TSIDP tutorials referenced).
• For builders: explore TSNet (Go library) to compile services that appear as Tailnet nodes; consider building AI gateways, audit/analysis tools, policy systems, or MCP clients/servers that leverage dynamic client registration.

Who should listen / try these tools

• Home lab enthusiasts: get instant benefits (clickless auth, consolidated AI access) and free home usage of Aperture.
• Developers and platform engineers: TSNet lowers friction for building authenticated, private services that behave as networked nodes.
• Security teams & SREs: Aperture + multi‑tailnet patterns help centralize control, auditing, and isolation for agentic/AI workloads.
• Companies experimenting with agentic workflows or MCP-style architectures: consider how dynamic client registration and local OIDC can reduce friction and risk.

Action items for listeners

• If you run a home lab: experiment with TSIDP for Proxmox or other internal apps to enable clickless logins.
• If you use LLMs or AI agents: join Aperture’s waitlist and consider routing model calls through a gateway for logging and control.
• If you build tools: evaluate TSNet as a platform primitive to make your app/node identity‑aware and networked inside Tailnets.
• If you’re an enterprise/security team: assess multi‑tailnet for workload/customer isolation and reach out to aperture@tailscale.com for potential partnerships.

If you want to dive deeper: the episode contains practical demos, references to community repos and videos (Alex Kretschmar), and candid discussion about hosted vs self‑hosted tradeoffs and product roadmaps — worth listening to for implementation nuance.