Documentation
Solutions Guide

Secure Remote Access

Zero-trust remote access to your infrastructure. Work from anywhere without VPNs or network complexity.

Estimated time: 20 minutes

Remote Access Capabilities

Work from anywhere securely
No VPN configuration
Browser-based access
Native client support
Multi-factor authentication
Device trust verification
Session recording
Geographic access controls

Configuration Steps

1

Deploy TigerAccess Proxy

Set up the proxy service for remote access.

tigeraccess start --roles=proxy \
  --auth-server=auth.company.com:3025 \
  --public-addr=access.company.com:443 \
  --ssh-public-addr=ssh.company.com:3023
2

Configure Remote Access Policies

Define who can access what from where.

tacctl create -f - <<EOF
kind: role
metadata:
  name: remote-developer
spec:
  allow:
    logins: [ubuntu, ec2-user]
    node_labels:
      env: [dev, staging]

  options:
    # Remote-specific settings
    max_session_ttl: 8h
    pin_source_ip: false  # Allow roaming
    require_session_mfa: true
EOF
3

Enable Browser-Based Access

Allow access via web browser without client installation.

tacctl create -f - <<EOF
kind: cluster_networking_config
metadata:
  name: default
spec:
  web_session:
    enabled: true
    idle_timeout: 30m

  # Web terminal settings
  web_terminal:
    enabled: true
    proxy_listener: 0.0.0.0:3080
EOF
4

Configure Contractor Access

Set up temporary access for external users.

tacctl create -f - <<EOF
kind: role
metadata:
  name: contractor
spec:
  allow:
    logins: [contractor]
    node_labels:
      access: contractor

  options:
    max_session_ttl: 4h
    require_session_mfa: true
    record_session:
      default: strict

  # Auto-expire access
  metadata:
    expires: "2025-03-31T00:00:00Z"
EOF
5

Connect Remotely

Access infrastructure from anywhere.

# Install tac CLI (one-time)
curl -sSL https://get.tigeraccess.io | sh

# Login from anywhere
tac login --proxy=access.company.com

# Access resources
tac ssh user@server
tac db connect postgres-prod
tac kube get pods

# Browser access
# Navigate to https://access.company.com

Remote Access Enabled

With secure remote access configured, you have:

  • Zero-trust access from any location
  • No VPN infrastructure required
  • Browser and CLI access options
  • Temporary contractor access with auto-expiry

Related Guides

VPN Replacement

Replace legacy VPNs

Zero Trust Security

Zero trust architecture

Device Trust

Verify remote devices