Tailscale Meets The Nucbox M6

The Genius of Meshes

I recently stumbled upon a very cool FOSS tool called Tailscale. Tailscale is a secure and easy-to-use VPN that allows you to connect to a network remotely — like from an airplane or in my case, often from China.

Something specifically interesting about Tailscale is that it uses a mesh network topology, which means that every device on the network is connected to every other device. This allows for quick and reliable communication between devices, even if they are behind firewalls. On top of that, Tailscale gives you a pretty sweet user interface, making it easy to set up and authenticate with, certainly easier than opening up ports and forwarding stuff. Tailscale is built on top of WireGuard which is their cryptographic foundation for secure peer-to-peer connections. There's a bunch more that they do with smartly storing keys and how they exchange, but essentially, there's no single point of failure (or bottlenecking), and the scalability factor of this particular type of distributed mesh is huge too (but they let you select "exit nodes" where you can funnel traffic specifically if you still want stuff to go through a chosen node).

My Fun Use Case (Tailscale Meets Thinkbox Deadline)

I often need to render stuff using Thinkbox Deadline. I've been doing a lot of mini renders on my NucBox M6 which runs Rocky Linux (The Academy Software Foundation and VFX Reference Platform's Linux distro of choice). If you're not familiar with Deadline, it basically maestro's your renders across a farm by giving you a central management system for all the nodes you're running. In my case, it's an army of 3. My laptop, my mac mini, and my nucbox m6. Since the educational render license I'm on from The Foundry is nodelocked to the one NucBox, it's an army of 1! Small but mighty I have to say.

Again, more info on Deadline if you aren't familiar, it needs a central repository and database that it pulls settings from and makes changes to. Those systems need to be reachable by any nodes you're using for the farm. However, the actual data that's traversing your network to those nodes is not a lot. Media files being rendered of course are large, but file-streaming solutions like Suite Studios help a lot (see article about Suite Studios). So, enter Tailscale. Tailscale let's me set up my samba share from my NucBox M6 so that it's accesible from my Macbook Air, my Mac Mini, the Windows side of my Mac Mini — not to mention my iPhone!

Aside from now being able to save files from my iPhone directly to my NucBox share, I can also link nodes outside my network directly to my repo, without needing to go through the motions of setting up a Remote Connection Server.

tip

While Tailscale makes Deadline’s RCS unnecessary in many cases, it’s still important to secure your MongoDB port and Samba share permissions when exposing them across a Tailscale network — especially if you’ve invited collaborators into your tailnet.

Now with that setup, I can connect remotely with Tailscale to access the network, link up my Deadline Monitor to the repo via my Nucbox share, and initiate renders from anywhere. When it comes to exposing your renderfarm securely, to who you want to have access, this turned out to be an awesome solution.