#Idea for Tailscale for Business

Hey all,
I’m evaluating Tailscale as a secure way to connect remote teams and internal infrastructure. I’m curious how others are using it in a business context. Some questions I have:

1)Is Tailscale actually a good fit for business environments? Any gotchas or limitations you’ve run into?

2)How have you structured your setup — flat tailnet, hub-and-spoke, or subnet routers?

3)What ACL strategies do you follow? Any tips on managing exit nodes, device tags, or user onboarding/offboarding?

4)Any lessons learned for scaling securely while keeping operations simple?

👋 I work at Tailscale on the Solutions Engineering team, so I help busineses integrate Tailscale with their environments every day.

1 - Yes, we have thousands of businesses using Tailscale - some of them like to talk about it:
https://tailscale.com/customers

2 - Ideal setup is to have the tailscale agent installed everywhere it will run, on VMs, containers, k8s, and computers, then use subnet routers for managed services and IoT devices, and app connectors for SaaS services.

3 - Note that tags in Tailscale are an identity, not just a label, so user devices are never tagged, and infrastructure devices should always be. Devices can also carry multiple tags if it helps keep your rules more precise. If you use Google/Okta/Microsoft for user identities, then we can use group membership from those sources to simplify the policy file, and automate a lot of the onboarding/offboarding questions.

4 - The Tests section of the policy file is super important. Set end state conditions there that must be true, and any inadvertent changes that don't satisfy those will throw an error.

If you're working with a sales person, they can either give you more specific guidance, or bring in someone from our team to answer any specific questions you have.