Apple @ Work is brought to you by Mosyle, the leader in modern mobile device management (MDM) and security for Apple enterprise and education customers. Over 28,000 organizations leverage Mosyle solutions to automate the deployment, management and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
There’s a concept of building from first principles that can create some pretty incredible products. For example, one of the technologies I’ve long thought was more complicated than it should be is VPN. VPNs came further into the spotlight with remote work and employees needing to access company resources from wherever they are. I recently came across a product that works great on macOS that takes that first-principles approach to how VPN connections work, and it’s called Tailscale.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
VPN setup is clunky at best. Different firewalls require different setups, and it can sometimes be challenging to get the proper devices to the correct servers depending on the subnet, IP scheme, etc. By implementing Tailscale, it’s easy to connect to another network by using a stable IP address for each device (server, laptop, etc.). These addresses stay the same, no matter where nodes move to in the physical world the devices are located. Each device gets an IP in the 100.X range, and it’s assigned based on the device and the Tailscale login.
Using Tailscale with macOS
I’ve got a fairly simple use case with Tailscale for personal use. I want to access my Umbrel server (learn how to build one in my past guide) remotely as well as my Plex server. Umbrel has a Tailscale app in its App Store, so the setup was painless. I can now access it from anywhere. It’s running on my Umbrel server and my Plex server, so when I want to connect to those servers directly, I just enable Tailscale on my Mac, and I can connect to those devices.
What problem does this solve in the enterprise?
Tailscale is built on top of WireGuard. WireGuard is a fast encrypted networking protocol that offers a number of performance benefits over typical VPNs. Tailscale adds to WireGuard by adding automatic mesh configuration, single sign-on support, 2-multi-factor authentication, NAT traversal, and centralized Access Control Lists (ACLs).
So let’s say you’ve got employees spread out around the country (or world), and you want to securely let them access secure company resources like internal servers over VPN while letting public internet traffic run locally. TailScale works this way out of the box. It runs as an overlay network and only routes traffic between devices running Tailscale but doesn’t touch traffic not aimed at a Tailscale device. With this default setup, you can leave Tailscale running at all times on macOS or iOS without sending all your traffic through them.
To sum it up, Tailscale is an affordable VPN that requires no configuration, installs on any device in a few seconds, handles firewall rules for you, and works from anywhere. While my use case is 100% personal, you can see the benefits it could bring to enterprises everywhere. Tailscale is truly a VPN for the remote-work world. It’s one of those rare solutions that “just works.” Pricing starts at free for one user with up to 20 devices, and paid plans start at $5/month (paid annually). So, if you’re struggling to roll out VPN access to your entire company in a way that’s not stretching your team with troubleshooting, check out Tailscale. Its VPN so simple, I am not sure Apple or Google could have made it any easier. It works great on macOS and iPhone and iPad.
FTC: We use income earning auto affiliate links. More.