boundary icon indicating copy to clipboard operation
boundary copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Support for multiple controllers in Boundary Desktop

Open reza-solaris opened this issue 1 year ago • 7 comments

Hello, Currently, if there are multiple Boundary installations, the user must sign out from one instance and connect to the other. The user must also type in the URL of each installation at every login.

It would be very beneficial if the Boundary Desktop client would allow multiple active instance connections. Something like having multiple instances of Boundary Desktop client open at the same time. To overcome this, we are currently using open -n -a Boundary.app to authenticate to multiple controllers at the same time. But it is not a convenient solution.

Something like this: Screenshot 2023-04-11 at 1 22 23 PM

reza-solaris avatar Apr 11 '23 11:04 reza-solaris

Hi @reza-solaris, thank you for this feature request, this is something we have considered adding to the product, I will leave this post open to gauge community interest.

xingluw avatar Apr 11 '23 14:04 xingluw

All companies will have multiple controllers (each for dev/test/staging/prod at least) and this feature is needed for any developer to be able to seamlessly roam across different environments

somurzakov avatar Apr 18 '23 22:04 somurzakov

@somurzakov @reza-solaris Boundary supports multiple scopes (Orgs and Projects) which allows teams to have several different environments to manage targets and users, as well as flexibility in auth methods. I am wondering if that solves the issue, or why there is a need to run multiple control planes (which would require multiple accounts)?

xingluw avatar Apr 19 '23 14:04 xingluw

Although it is possible to have all the targets from different environments in one controller, it would mean having a network connectivity from a single controller to other network segments (controller-worker connectivity). Thus, that would break the network segregation.

reza-solaris avatar Apr 19 '23 15:04 reza-solaris

Is there a concern with the control plane being able to reach all workers/networks if there are role-based permissions that prevent users from reaching those networks?

Or is it a requirement that certain networks can only be accessed by certain controllers? Completely air-gapping the environments.

Edit: Is the purpose of this to test out Boundary functionality and configurations? Or to separate production-level, widely-accessed infrastructure?

xingluw avatar Apr 20 '23 14:04 xingluw

Yes. Correct. The purpose of this functionality is to have production network complete segregation.

reza-solaris avatar Apr 21 '23 12:04 reza-solaris