Founded in Norway in 2017, Sanity offers a SaaS product that lets organizations create, manage, and distribute digital content like text, images, videos, and audio. More than 100,000 developers, marketers, content creators, and product professionals use Sanity's platform to manage content. Sanity and its over 200 employees serve many industries including retail, finance, video games, media, technology, hospitality and travel, and telecommunication.

Tailscale helps Sanity solve two main problems: connecting to the intranet inside their production environment and secure connectivity inside their cloud environment. Francis Perron, the Head of SRE & Security, has kept Tailscale running at Sanity to ensure connectivity, enhance security, and simplify network access management across their infrastructure.

For Sanity, it boils down to secure connectivity

First, Sanity needed a simpler way to connect to the intranet inside their production environment. At the time, Sanity didn’t have a VPN solution. Their ways to connect involved a setup with bastion hosts and console access. After looking at open-source options, the SRE team discovered Tailscale and became its champion. Francis is quick to point out, “Tailscale is a lean, simple VPN solution. It's easy to configure and works well on our laptops or production environment in the cloud.” Tailscale simplified things drastically, and the addition of an intranet was made easier with split DNS.

Tailscale was a natural fit given Sanity's connectivity hurdles. Francis notes that handling split DNS elegantly was a critical need for Sanity, “From endpoints through Tailscale and split DNS, we have an easy and fluid solution to connect inside production environments. This is the biggest thing for us.”

“Tailscale solves our VPN problem. It boils down to secure connectivity inside our cloud—across different clouds and within the same cloud. Tailscale makes it easy for our IT organization to get adoption given the simplicity of setup and smoothness of installation.”

Secondly, Sanity wanted to simplify how they securely connected to their cloud environment. “In between the machines, we run a few agents that bridge the components and the services. This allows us to use the split DNS solution to connect into specific systems.” In this scenario, Tailscale enables both connectivity and access management.

Through Tailscale’s ACLs, Sanity can control which users can access which services and systems. “We can isolate and give access to specific systems. For example, we give access to our observability stack to a broader range of non-engineers. But for the rest of production, we restrict it to specific engineers, such as senior-level only. This is easy for us to manage through Tailscale”, Francis explained.

Saving time, reducing complexity, and offloading maintenance

For everything Tailscale enabled at Sanity, the rollout struck Francis as effortless. Team members onboard simply by downloading the Tailscale client and logging in. “It's easy to use, it just works. It's easy to on-board new engineers as well. You can just download and log in with your credentials and Tailscale automatically fetches the right configuration for us.”

To Francis, Tailscale is more than a quick fix—it’s a long-term solution that avoids the unnecessary complexity of rolling out custom code. “It's about not having to deal with the complexity of maintaining our own VPN stack and solutions internally, given that Tailscale is so easy and streamlined. Yes free solutions exist, but the dedicated hours required would be non-trivial.”

Francis’s appreciation of Tailscale is simple: “Zero negative feedback. It just works, which is absolutely fantastic for us given VPN solutions are typically a source of friction.”