This post was originally posted on the Border0.com blog here
Today we’re excited to welcome you to a new era of seamless infrastructure management and access. Meet the new Border0 client portal, a beautiful and efficient web interface that allows your users to quickly and easily discover all servers they have access to. And allow them to connect to your services using our web-based SSH and database clients!
All your infrastructure accessible from your browser, any time and anywhere.
Effortless Access and Exceptional design
With this new client portal, we offer your users effortless, one-click access to your servers, containers, and databases from any location and device. Our goal is to transform your infrastructure into easy-to-access apps via a unified hub.
When designing the client portal, we wanted to make sure that getting around the dashboard was intuitive and pleasant. The dashboard features app cards for each service, with easily distinguishable icons and details. It includes indicators for SSH, Database, HTTP services, and even specifics like Postgres, MySQL, or Docker containers on an ECS cluster. Frequently used services are at the top for quick access. We offer both a card and a list view and the choice between dark or light mode!
The search box at the top of the screen supports fuzzy search capabilities, so it’s easy to find that one server! Grouping of resources by provider, environment, and regions, and a socket type filter simplify navigation and help you quickly find the server you need. All these filtering, searching, and use of sections work nicely together, further optimizing the user experience.
So say goodbye to time-consuming logins or elusive resources. Our new client portal provides swift access to your infrastructure from anywhere. And it’s perfectly fine-tuned for mobile. So, when you’re on call, you can troubleshoot that service even while picking out your next bookshelf at Ikea — yes, I may know a thing or two about that!
The tech — Innovation Under the Hood
Underneath its user-friendly interface, this new client portal boasts impressive technological might. It operates completely within the user’s browser, leaning heavily on the power of WebAssembly (WASM). This allows us to integrate more complex elements, like TLS and SSH certificate requests, secure TLS tunnel setup, SSH clients, and database drivers — all of which are implemented using Go. Once initialized, the WASM code establishes a WebSocket tunnel to Border0’s infrastructure, from which everything proceeds as with a standard setup.
With the Go code compiled into WASM, a bit of JavaScript wizardry takes over, resulting in an easy-to-use, fully-functional Border0 client that operates directly from your browser.
But that’s not all — we’ve seized this opportunity to create an exceptional web-based database client that supports both MySQL and PostgreSQL targets through Border0. Think phpMyAdmin (anyone remember that?), but re-imagined!
Using the Border0 architecture and new client portal, you can now easily browse the data in your RDS databases, even if it runs in a private VPC, just using your browser.
Demo — Experience it for Yourself
Curious? Well good news, you can experience the new client portal right now on our demo tenant! Visit client.border0.com and log in to the ‘demo’ organization. The policy for this organization allows anyone with a Gmail account, or Microsoft email (@live.com, @outlook.com) to access its resources.
Once logged in with your Gmail or Microsoft account, you can explore various services, including SSH, databases, and HTTP services, such as a Grafana setup. Make sure to try the web-based SSH client and the web-based database clients for both Postgres and MySQL.
Wrap up
In this blog, we looked at the newly introduced client portal. A super easy way for you and your team to discover and access your infrastructure. From here, you can easily access all your servers, including SSH and database resources, all without ever having to leave your browser, using your existing single-sign-on credentials, and without having to ever install anything.
Border0 doesn’t stop at merely enhancing accessibility; it hands security administrators the reins to monitor and control your infrastructure effectively. Our comprehensive policies allow for fine-grained control, enabling you to specify who has access and under which circumstances. Furthermore, our audit logs offer detailed insight into user activities, showing exactly who accessed what, when they did it, and the ability to replay SSH sessions or review the executed database queries.
Unlike many security solutions on the market, this powerful blend of visibility and control does not introduce unnecessary complexity for your end users. Border0 caters to all user preferences with a CLI client, a desktop client, and now a fully web-based client. All are intuitively designed, ensuring ease of use for your users and making them tools they’d willingly adopt for their efficiency and convenience.
Excited to try this for your own infra? Check out our fully featured free community edition, or schedule a demo and let us walk you through a custom demo; let’s geek out together 🤓
Top comments (13)
I am excited to border0 infra tool, however, is this border0 have any security test result? Or have any more security info?
@edyzakaria awesome! We are fully SOC2 compliant, which includes many best practices and pentests. Also see trust.border0.com/
how if we have IP whitelist for accessing (for example) mongo atlas
hi @bursa_akselerasi_7a04d7b9 great question.
If you have IP allow listing on your origin database server, then you need to make sure to white list the border0 connector. The connector is software you run in your environment and acts as the bridge between your network and ours. The connector is also the only one that needs to know for example the upstream (database) credentials.
The connector can also act as a discovery engine, ie. it can find Docker resources, ec2 instances, ECS containers, or even using a port scanner finding open SSH ports on your network and make them available through border0.
Since the connector runs in your private network, and all it needs is an outbound (NAT) like connection, you can now also make these private machines and databases available, without the need for a VPN.
You can use Border0 policies (access lists) to control who should have access to what resources based on their SSO credentials, IP address, time of day, date, geolocation, or even Pagerduty on-call status.
also check out our Youtube and Blog for more examples. Or the docs page
Very nice solution, thanks for sharing!
Do you have any offline / on premise support? Like a docker image or so?
Thanks
Thanks @joancomasfdz
There's a Docker image for the connector (more details below) here: ghcr.io/borderzero/border0
You can find a Docker compose example here: docs.border0.com/docs/docker-compose
Border0 is offered as a service; we have no fully self-hosted option today. The upside is that it's easy to get started with; just click it together in our portal. We're also SOC2 type II certified see trust.border0.com/ and border0.com/blogs/border0-achieves...
As part of this, you do run a connector in your environment that acts as the bridge between your infra and our servers. The connector can run behind NAT, so no firewall changes are needed. Together we make all your services available and secure.
So you can make private instances, ie. machines and services in a private network, available using border0. In fact, that's one of its strengths. You can learn more about on our blog here (various examples) border0.com/blog or see some of the other videos.
Is there a timeline for noSQL services?
Hi @sirjamesbrown any specific noSQL services you're interested in?
feel free to ping me at andree at border0.com We'd be happy to work with you
This looks pretty. Just tried the demo and really like the web based SSH browser. will look into how to log in to all my ec2 instances using this. Whoop!
This looks quite pretty, and I've just given it the one-minute workout. Going in with no expectations (which is how I like to try things out) I clicked on some of the cards at random. I had a few issues, though:
If you click a "mysql" card, you get taken to a database viewer tool, where you can use the GUI, or enter a query directly, and export the results as a CSV. Kind of like a cut-down PHPMyadmin, with just the basic things you need. Good.
If you click a "bastion" card it sometimes opens a shell to the server and sometimes opens a new window with a copy of the entire website in it instead. Good if it was consistent.
If you click a "webserver" card, it takes you to a demo website, rather than (as I hoped) a page about the webserver status or configration and when I clicked "back", it told me:
"Oops!, something went wrong [...] You may have pressed the back button". Not so good! Why shouldn't I be able to use the regular browser controls?
I'm not sure what the pastebin cards are for - I know what a pastebin is but not why there would be specific ones for specific purposes in a dashboard such as this. When you click one, you see a page reading, "In case this message never disappears please have a look at this FAQ for information to troubleshoot" and that's all. I think this is a bug.
Hi @moopet Thansk for the feedback and giving it a spin! We'll take a closer look at your feedback. Glad you liked the look and feel.
The 'cut-down PHPMyadmin' is spot on. kind of re-imagined (well,redesigned). We'll hope to add some of the many features of PHPMyadmin in there over time. One of the big things is obviously, that as user when you accessed the mysql instance, you were doing all that with just your SSO credentials. So a nice drop in SSO 'firewall' for your databases. Even if they run in a pivate network
I'm not sure what caused the intermittend issues with your SSH access, where sometimes you see the complete website loaded again in a new window. I haven't been able to reproduce or see that. If you can reliable reproduce that, feel free to send me a message with data (ideally a recording) at andree at border0 dot com. would love to get to the bottom of that.
The HTTP and Pastebin and Grafana examples are just there as example, internal website examples. In the real world these would be your wiki, docs, jira, or what ever internal apps you may have. When i say internal, i mean apps for which you typically use a VPN. Could even be your grafana, or Pi instance behind Nat at home for example.
That all makes sense. I looked again and don't see the same issues, but if they appear again I'll send you a recording if I can.
awesome, thanks for letting me know Ben.