Best Design for 100 user hybrid development group using Gitpod?

How would you best implement Tailscale to allow a group of developers using Gitpod to access resources both in GCP and on-premise? We have an existing firewall infrastructure for client connectivity, specifically looking to be able to have developers using gitpod be able to reach resources that may exist in GCP or on premise, which is also accessible through dedicated interconnects we have with Google.

Is the way forward with this to use subnet routers in VM’s and have the developers gitpod connect to that or is there some other way?

Thanks.

I would install tailscale on each device. This gives you a flat virtual network topology that you can control with ACLs if needed. Each device will have an ip address in the 100.64.0.0/10 range.

Some configurations will require some fiddling to consistently get a direct connection, but for the most part, if there’s portmapping, or even consistent NAT port assignments, tailscale can negotiate it’s way through the NAT/firewall, etc.

You can use subnet routers as well, but it tends to add complexity vs. just installing tailscale on each node.