Boundary 0.18 adds transparent sessions for streamlined connections
Boundary 0.18 adds transparent sessions: an improvement to the core Boundary workflow enabling authorized remote users to securely connect to infrastructure resources in one step.
Today at HashiConf, and as part of Boundary 0.18, we’re thrilled to announce the public beta for transparent sessions: a core improvement to Boundary workflows enabling teams to securely connect to infrastructure resources without changing their workflows or client tools. HashiCorp is focused on helping organizations integrate and automate security into developer workflows, and transparent sessions makes it even easier to embed best security practices into the developer workflow so organizations don’t have to choose between speed or security. With transparent sessions, end users can connect to authorized infrastructure resources without any interaction with Boundary’s CLI or Desktop clients. By running in the background, transparent sessions intercept DNS calls and route traffic through Boundary into target resources.
Transparent sessions simplify remote user access by minimizing or even removing user interactions with Boundary.
»Improving developer experience with transparent sessions
Previously, customers had to actively interact with the Boundary CLI or Desktop client to initiate a secure session. Specifically, users had to look up infrastructure resources and paste specific IDs or aliases into fields or commands. We wanted to streamline this workflow by reducing the number of steps and the amount of time this process takes.
With transparent sessions, users can eliminate steps in their current workflows using Boundary’s Client-Agent, a component that operates in the background intercepting network traffic and automatically routing this traffic through a session if the user is authenticated and authorized. Platform teams and access management teams administrating Boundary can now build much faster, simpler secure remote access workflows that will feel more intuitive and invisible to their developer customers. Transparent sessions boost Boundary’s focus on providing easy-to-use access management to our end users and administrators alike–without requiring a trade-off with security or over-provisioning.
To see transparent sessions in action, check out this HashiCorp ambassador’s article on their experience using transparent sessions:
“This new abstraction removes the need for any user to have knowledge on how to use Boundary and lets users employ their own tools, such as a terminal with SSH, a browser with HTTP, or an RDP client to connect to a Windows host. It makes Boundary transparent to the user. This feature is a game changer for the user experience of Boundary.”
— Chris Van Meer, HashiCorp Ambassador; Consultant and Trainer at AT Computing
»Secure access to web applications over HTTPS
Additionally, transparent sessions now allow end users to securely access web applications over HTTPS. Before transparent sessions, Boundary users could only access web applications using HTTP. This is because Boundary previously used a random unprivileged port on the end user’s machine to connect to an HTTPS target, which would result in a certificate mismatch within their browser window.
HTTPS is now supported in Boundary 0.18 because transparent sessions intercept and direct DNS requests to local IP addresses, maintaining HTTPS domain name integrity. As a result, users can securely access any web application over HTTPS whether they are internal services in the private network or services on the public internet. This is especially important for non-technical end users (i.e. sales, marketing, accounting, etc.) who typically use VPNs to get access to internal web applications. Boundary provides them with a familiar VPN-like experience to access their web application tools in a more secure manner.
»Get started with transparent sessions and Boundary 0.18
Boundary 0.18, which includes transparent sessions in public beta, is available today for Boundary users on HCP Standard, HCP Plus, and for Boundary Enterprise. To learn more about transparent sessions, visit our documentation.
For existing Boundary users
- For self-managed versions, download Boundary 0.18
- Watch this tutorial to learn how to upgrade self-managed versions of Boundary
- HCP Boundary users will be notified and admins can start the update immediately. Updates are automatic after 30 days of release.
For new Boundary users
- Sign up for a free HCP Boundary account
- Download the free Boundary Desktop client
- Go through our tutorial on getting started with HCP Boundary
- To request a Boundary Enterprise trial, contact HashiCorp sales
If you’d like to try a quick self-managed test run of basic Boundary features, you can also download and use Boundary Community for free. The community edition does not include transparent sessions. For a full list of changes in Boundary Community, read the GitHub changelog.
Sign up for the latest HashiCorp news
More blog posts like this one
New SLM offerings for Vault, Boundary, Consul at HashiConf 2024 make security easier
The latest Security Lifecycle Management (SLM) features from HashiCorp Vault, Boundary, and Consul help organizations offer a smoother path to better security practices for developers.
Boundary 0.17 improves management, failure handling, and adds more storage support
Boundary 0.17 improves tag and role management, enhances worker failure detection, and adds more storage options for session recordings.
Just-in-time approval workflow with Boundary and Azure
Boundary’s rich partner ecosystem extends its capabilities with Microsoft Privileged Identity Management (PIM) for temporary access based on request and approval workflows.