Hacker News new | ask | show | jobs
by freedomben 1115 days ago
Agreed, self-hosting is a must, and for most security-minded/regulated companies it needs to be source available for audits. Deploying a proprietary app at the level this will need to be is a no-go unless you have a big (and trusted) corp behind it.
2 comments
jjoonathan 1115 days ago
N+1 here, I'd like to add that we have a bunch of VPN tunnels and collectively they are a massive PITA. Adding one more is an uphill request.
link
lredd 1115 days ago
This is great feedback! Thanks y'all! We're starting with our hosted product so that folks can sign up and get started immediately. This has helped us get initial feedback and iterate super quickly. That said, releasing a self-serve, self-hosted version of Onu is a big item on our roadmap. We've heard lots of conflicting opinions on the necessity for a self-hosted version of the app, but this feedback definitely helps validate how necessary it will be.
link
Reebz 1115 days ago
I would expect any company over 500 staff with a functioning InfoSec team will want a more secure option to deploy. Just an idea, but if you must run the service on your end, another option could be single tenants/pods that you provision and the customer holds encryption keys in their KMS and can manage RBAC. Your staff would have only lower level admin ability to start/stop/delete the pod.
link
debarshri 1115 days ago
More modern day SaaS first tools do not have on-prem option instead they have an on-prem agent model that executes tasks and responds back to the main SaaS platform.
link
nerdchum 1115 days ago
When I worked at a big well known tech company their prod environment of 100,000 or so servers didn't have access to the internet.
link
debarshri 1114 days ago
Resource often have access to outbound internet via proxies. You need it for updates. Super big org often self host solutions
link
dx034 1115 days ago
Can you name some examples? I haven't come across that yet.
link
debarshri 1115 days ago
Airplane [1] with is similar platform like this. In security space there is Wiz [2]. At Adaptive [3] that is in access management platform, where I work. We do the same too. Agent communicating over established tunnel works without any org configuration changes.

[1] https://airplane.dev

[2] https://wiz.io

[3] https://adaptive.live

link