undefined | Better HN

0 pointsraesene94y ago0 comments

common reasons could be :-

- Cost, VPNs and the hardware to run them can be expensive

- Single point of failure. If you run all your remote access through a VPN gateway then you run the risk of disruption if it goes down. Of course you can implement redundnt/multiple gateways but that increases cost.

- Complexity for B2B setups. If you're exposing an API and you want third party services to access it, it can be more complex if there's a VPN involved.

All that said, I still wouldn't run something like this (or indeed most services) directly on the Internet as it's a single vuln. away from problems, however I've seen plenty of services directly visible on the Internet for these reasons. You can spelunk around one of the search engines like Shodan or Censys to get an idea of how many people run application services directly on the Internet.

0 comments

deadbunny4y ago

A pair of openvpn servers will run you about $100/month in AWS. Sure there is some overhead in running them but not anything more than any other server. Maybe I'm just a jaded Sysop but this stuff is networking 101.

raesene9OP4y ago

Sure and if you're on AWS you can use their managed offerings. There's a variety of ways of solving it, but it depends on people seeing it as an issue to be solved.

I think, unfortunately, what a lot of people take away from "zero trust networks" as a concept is get rid of all bastions/VPNs and firewalls, but that ultimately leads to the topic of this article...

mbesto4y ago

If all of these are reasons, then you should use the cloud version. In other words, if your project management solution needs to be hosted for some business reason and you can't afford all of the maintenance required to host it properly, then you aren't charging enough for your product.

j / k navigate · click thread line to collapse