Defined Networking is Open for Business
On behalf of everyone here at Defined Networking, I’m excited to announce that our cloud managed version of Nebula is now available to everyone! I strongly encourage you to read this entire announcement, but if you already know what we’re about, and you’d like to get started right away, you can go directly to our signup page to create an account. Please be aware that our web-based management tools require 2 factor authentication. We care deeply about security, and we aren’t going to budge on this one. You’ll need a TOTP client to log in to the administrative interface.
First, some Background
More than 5 years ago, a small team of engineers at Slack began work on a project that would provide authenticated, encrypted traffic between all of Slack’s hosts. It eventually became the backbone of Slack’s entire production network. The company was growing rapidly, and the operations team was already managing tens of thousands of cloud instances, spread all around the world. With such a large and growing infrastructure, and millions of customers, we needed to ensure that our network was fast, secure, and extremely reliable.
Within a few months, we had a working prototype. I still remember our excitement at seeing those first packets moving back and forth between two computers. It was hard to believe it actually worked! We celebrated our first success, and looked forward to telling everyone about this amazing software we had created, Cloudycloud1 Nebula.
Thanks to a great group of engineers on the operations team, we were able to deploy Nebula quickly to the entire production fleet. Having it installed on tens of thousands of nodes allowed us to test it at scale without disrupting the business. I still believe Nebula could only have been born inside of a large company like Slack, because we had to think about scale from the very first day. In hindsight, I believe it was a unique opportunity.
In late 2019, after using it in production for a couple of years, we released Nebula as an open source project. We’ve also ported Nebula to every major platform, and today it runs on Linux, Mac, Windows, iOS and Android.
The reception has been astoundingly positive. As of this writing, the project has nearly 11,000 stars on GitHub and is trusted by a large base of enthusiastic users, along with multiple Fortune 50 companies.
Nebula has passed immeasurable volumes of traffic at Slack, by now, and has not caused a single service interruption or outage2.
Two of the original creators of Nebula, Nathan Brown and myself, left Slack in early 2020 to start Defined Networking. We knew Nebula was powerful, and lots of folks were already using it, but we also knew that we’d have to build tools to make Nebula approachable for medium and large enterprises3.
How Defined makes Nebula work for you
If you’ve used open source Nebula, you’ll know that it is left to the user to decide how they’ll manage certificates and keys for a network. The tools are simple and powerful, but almost certainly require someone deploying Nebula to use configuration management if they are using it at scale. At Slack, we created a management system that handled keys, certificates, and renewal, but those tools were very specific to Slack, and not suitable to release as open source.
Our hosted Nebula service is the missing piece that will allow people to deploy and use nebula without having to manage some of the more difficult aspects of deployment.
With our dashboard, you can manage any size fleet of Nebula nodes, across every platform supported by open source Nebula. The tools are built with resilience and security in mind, and we’ve prioritized features that enterprises need, such as audit logs, and SSO for administrator accounts. We also host an API that allows customers to automate the process of adding hosts to a network managed by Defined.
You own your network availability
We have designed our service for customers who demand high availability, so you will own and operate your own lighthouse hosts, which are the discovery nodes that help Nebula hosts find each other.
Our decision to require customers to own lighthouses is purposeful, and by hosting your own lighthouses, your network is as reliable as you need it to be. For a large organization, owning critical infrastructure is… critical. By giving customers control of lighthouses, we ensure that your network’s availability is not dependent on ours. In the unlikely event our service backend is temporarily unavailable, your network continues to operate normally.
By default, your lighthouses will act as relays, which means hosts that cannot establish direct tunnels will be able to communicate through them. Another benefit of customer-hosted relays is that we don’t have to limit the available bandwidth for relayed connections, which we’d have to do if we provided those hosts ourselves. When a customer connects via their own relay, it will have the full bandwidth of that relay host available to pass traffic between other hosts.
This is just the start
We are going to rapidly expand our service, and we look forward to feedback from our new users.
Nebula is unmatched at providing fast, secure connections, and at Defined Networking, we’ve created a platform that allows users to deploy Nebula at any scale. We will share more about our long term plans soon, and we look forward to working with you in the new year.
-Ryan Huber
CEO, Defined Networking
Footnotes
-
Yes, it was really named Cloudycloud. It would eventually be renamed to Nebula when the CTO of Slack explained to me that enterprises probably wouldn’t appreciate learning that their critical internal communications were secured by a world class encrypted networking tool called “Cloudycloud”. ↩
-
Okay, so here’s the thing. Technically it was involved in an outage, but it wasn’t Nebula’s fault, it was mine. On January 9th, 2018, I deployed a bad build of Nebula to some critical hosts, and it was in a fast-crash loop. Nebula is actually so fast at standing up new connections that everything kept working, despite Nebula crashing and restarting every 45 seconds. Unfortunately, I tried to deploy a “fix” that actually made the problem worse. I’d like to personally apologize to everyone who was disconnected that day. It won’t happen again. ↩
-
Also small and “not enterprises”, but our wheelhouse is very very large networks. Personally, I use it on all of my tens of computers and devices, and it works great for that, too! ↩
Nebula, but easier
Take the hassle out of managing your private network with Defined Networking, built by the creators of Nebula.