We briefly considered prompting our agents with the classic networking playbook: polish the profile, craft a compelling personal narrative, ask for warm intros, comment “Insightful perspective” on questionable posts about politics in the workplace. Sadly, this did not help them reach your private Postgres database.
In theory, Firetiger Database Agents can administrate your Postgres, MySQL, and Clickhouse on autopilot. In reality, your database likely lives on a private network, never to be touched by the outside world. Surely you are doomed to a life of database blind spots, pain and suffering, right?
Wrong! Because thanks to good tools like Tailscale , connecting two things on the Internet is finally a solved problem. And now, you can connect Firetiger to your Tailnet, allowing Firetiger DBAs and other Agents to securely observe and operate your privately networked infrastructure.
Why is this needed?
Most interesting databases live on private networks. This creates a real problem for any system running on the Internet, Firetiger included, that needs to actually talk to those databases.
There are a few options to bridge the gap from agent on one network to database on another. VPC peering, but you'll hit overlapping CIDR blocks on the count of three. AWS PrivateLink, which works great if everyone is on AWS and you enjoy configuring Network Load Balancers for fun. Site-to-site VPNs, code for “six hours debugging IPsec tunnels”. Bastion hosts, which are lovely until someone forgets to rotate the SSH keys.
Enter Firetiger Network Transports
We built Firetiger Network Transports as a way to connect agents to private network resources. A network transport is how Firetiger gets from our infrastructure to yours: the underlay for your connections. By default, we use the public internet. But now you can plug in other methods, with the first we're shipping Tailscale.
Tailscale makes connecting two things on the Internet very simple: You install it on both sides, and they can securely talk to each other with end-to-end encryption. It works no matter what cloud you're on, what NAT you're behind, or how your VPC is configured.
With our Tailscale transport, Firetiger joins your Tailnet as an ephemeral device, scoped to the permissions you define in Tailscale’s identity-based access controls. Your database stays off the public internet, without sacrificing secure access.
... continue reading