Cobalt Speech discovered Tailscale’s frictionless VPN solution

Cobalt Speech is a software company specializing in speech and language technology. They provide consulting and development services for clients integrating speech recognition and natural language dialogue systems into hardware and software products. Cobalt Speech also develops and maintains its own in-house speech recognition solution.

Cobalt Speech is a fully distributed company, leveraging Amazon Web Services (AWS) to manage large amounts of data and computation. Employees need to access the central resources stored on AWS as well as speech and dialogue demos on their colleagues’ machines.

Julie Sheffield is Cobalt Speech’s CTO, and Alok Parlikar is the director of R&D. Alok first worked with Tailscale on his personal home network. He tells us that bringing Tailscale to work felt seamless.

The old way was clunky and cumbersome

Prior to working with Tailscale, Cobalt Speech used a legacy VPN solution. Cobalt Speech also evaluated using open-source WireGuard as a replacement for their legacy VPN solution. Neither of these solutions were viable for their needs.

Cobalt Speech uses AWS Virtual Private Cloud (VPC), which includes Amazon Elastic Compute Cloud (Amazon EC2) instances to handle:

  • Speech recognition training data
  • Speech recognition coding models
  • A continuous integration (CI) service for managing code changes, running tests, and facilitating customer deployments
  • Several ephemeral services to support internal R&D work and external customer demos

Before Tailscale, within Cobalt Speech’s AWS VPC, each of these nodes had private IPs, and a single bastion host, which could become a bottleneck, facilitated access. Cobalt Speech team members would ssh in through the bastion host to access jobs running code on any of their EC2 instances. Code changes were pushed to GitHub, from which the CI server would pick up changes and run new builds and tests. The CI dashboard was accessed by tunneling over ssh, and employees would use their local browsers to access the CI server over ssh. This system required port forwarding, which had inherent security issues, and was time consuming both when setting up and when updating the CI service or preparing for web-based client demos.

Cobalt Speech evaluated setting up open-source WireGuard to simplify VPN management and improve security, but they found this solution to be similarly difficult and time consuming to set up and maintain.

While Alok and his team searched for a more effective way to deploy proven WireGuard technology, they discovered how Tailscale could help them get the security of WireGuard embedded in a solution that would simplify setting up and maintaining a secure and easy-to-use VPN. Alok initially deployed Tailscale on his personal network at home and, based on that experience, decided to take full advantage of Tailscale’s unlimited free trial program to set up a proof of concept involving the entire Cobalt Speech team.

Every stakeholder needed to be impressed with the transparent simplicity and inherent security of the Tailscale VPN solution in order for Cobalt Speech to move forward with Tailscale.

Tailscale at Cobalt Speech: transparent simplicity, inherent security, and continuous innovation

Working with Tailscale, Alok and his team decided to install Tailscale client software on all permanent and ephemeral nodes in their CI as well as on their shared workstations. With all nodes on the same Tailnet (our term for a Tailscale network), Cobalt Speech team members could begin remotely accessing any data, modeling, CI, shared workstation, or ephemeral node directly without having to set up port forwarding and without needing to aggregate access through a single, bottleneck-prone bastion host. The team still uses ssh on their Tailnet for terminal access to certain servers to run code, but without the need for — and security risks associated with — having to set up port forwarding.

A significant benefit for the Cobalt Speech engineering team is that Tailscale allows them to securely access each others’ machines. When two or more employees need to collaborate, they can easily share code or other resources on their Tailscale VPN. This helps the team respond more effectively and efficiently to the needs of their clients.

Almost immediately after Tailscale was deployed, the entire team bought in. Tailscale made it incredibly easy for Cobalt Speech to securely collaborate as well as add, remove, or change devices and users. The team found that making the decision to step away from their legacy VPN solution and migrate to a Tailscale VPN was much easier than they originally anticipated.

Using Tailscale has completely spoiled us. Why can’t everyone’s network security be as frictionless?

Julie Sheffield Chief Technology Officer

Since becoming a Tailscale customer in 2020, Cobalt Speech has also benefited from new features that Tailscale regularly adds to the Tailscale VPN solution. MagicDNS and host sharing have helped improve employee efficiency and sharing since they were introduced in Tailscale version 1.4 (released in January 2021).

MagicDNS is a feature that automatically registers DNS names for devices on a Tailnet. Now team members can access nodes in their VPC by device name or by its Tailscale IP address. Tailscale node sharing allows Cobalt Speech employees to give other Tailscale users access to private devices on the Cobalt Speech network without having to expose those devices publicly, which is helpful when remotely collaborating with clients and contractors who are also Tailscale users.

Cobalt Speech employees now grumble when they have to use a customer’s legacy VPN to access various client data because these experiences remind them of how inelegant and frustrating their own legacy VPN was.