Disclaimer: I am a friend and former coworker of the Gravitational people and I was an early reviewer of the Teleport spec and had some early design input. I also reviewed the blog post.
I think Teleport is the bees knees.
It's a solid, open source way to map your existing authentication scheme to authenticating to servers. It does anything you can teach it, although it supports e.g. OpenID Connect, so you can connect it with Google Apps, and now you can use U2F directly. Consolidating authentication is one of those nice tidbits that you can do for security but really accidentally ends up giving you better UX.
Having bastion hosts is interesting from a security perspective. Teleport is designed in such a way that you can use plain old OpenSSH everywhere, but you can also use it as a web app and get cool features like live collaboration with chats and recordings. This is another example how even though I think of Teleport as a security feature, it's nice how what you experience is nicer collaborative and knowledge sharing tools, not just passive security (although that's also a fine reason to do things).
I dunno if Gravitational is interested in providing support contracts beyond the best effort open source software support. They're pretty friendly regardless. There are all sorts of decent reasons for wanting to go with a commercial product; maybe commercial support, but also integrations with other systems or custom commercial development or whatever. Historically, that's only been a thing for large companies. With Teleport, there's one less reason for that to be the case.
> I dunno if Gravitational is interested in providing support contracts beyond the best effort open source software support.
They do offer commercial support. I talked to them earlier in the summer just to get a feeling for the company after playing around with teleport some.
I agree about Teleport being the bees knees. They keep adding great features. Only problem is we need something cross platform at work that can do RDP/windows with all the same auditing; so I'm stuck trying to justify the cost of Bomgar PAM or CyberArk, which are INSANELY expensive.
Apache Guacamole does some. I am not sure how much auditing it does internally, but it does translate Vnc/RDP/ssh to some unified protocol that is translated over http (maybe also wrbsockets), so with the proper Certificate setup, you should be able to audit with any http audit tool.
I think Teleport is the bees knees.
It's a solid, open source way to map your existing authentication scheme to authenticating to servers. It does anything you can teach it, although it supports e.g. OpenID Connect, so you can connect it with Google Apps, and now you can use U2F directly. Consolidating authentication is one of those nice tidbits that you can do for security but really accidentally ends up giving you better UX.
Having bastion hosts is interesting from a security perspective. Teleport is designed in such a way that you can use plain old OpenSSH everywhere, but you can also use it as a web app and get cool features like live collaboration with chats and recordings. This is another example how even though I think of Teleport as a security feature, it's nice how what you experience is nicer collaborative and knowledge sharing tools, not just passive security (although that's also a fine reason to do things).
It also has all sorts of cool "accidental" features like https://www.teleconsole.com that you might like.
I dunno if Gravitational is interested in providing support contracts beyond the best effort open source software support. They're pretty friendly regardless. There are all sorts of decent reasons for wanting to go with a commercial product; maybe commercial support, but also integrations with other systems or custom commercial development or whatever. Historically, that's only been a thing for large companies. With Teleport, there's one less reason for that to be the case.