Show HN: Alien – Self-hosting with remote management (written in Rust)
ZH version is available. Content is displayed in original English for accuracy.
In my previous startup, I heard the same question from every single enterprise customer over and over again: "My data is sensitive. Can I deploy your product to my own cloud account?"
Self-hosting is becoming very popular because it lets users keep their data private, local, and inside their own environment. Unfortunately, self-hosting breaks down when someone starts paying for your software. Especially if it's an enterprise customer.
Customers usually don't actually know how to operate your software. They might change something small — Postgres version, environment variables, IAM, firewall rules — and things start failing. From their perspective, the product is broken. And even if the root cause is on their side, it doesn't matter... the customer is always right, you're still the one expected to fix it.
But you can't. You don't have access to their environment. You don't have real visibility. You can't run anything yourself. So you're stuck debugging a system you don't control, through screenshots and copy-pasted logs on a Zoom call. You end up responsible for something you don't control.
I think there's a better model of paid self-hosting: the software runs in the customer's environment, but the developer can actually operate it. It's a win-win: for the customer, their data stays private and local, and the developer still has control over deployments, updates, and debugging.
Alien provides infrastructure to deploy and operate software inside your users' environments, while retaining centralized control over updates, monitoring, and lifecycle management. It currently supports AWS, GCP, and Azure targets.
GitHub: https://github.com/alienplatform/alien
Getting started: https://alien.dev/docs/quickstart
How it works: https://alien.dev/docs/how-alien-works
Excited to share Alien with everyone here – let me know what you think!
Discussion (29 Comments)Read Original on HackerNews
This is very real.
I work with a deployment that operates in this fashion. Although unfortunately, we can't maintain _any_ connection back to our servers. Pull or push, doesn't matter.
The goal right now is to build out tooling to export logs and telemetry data from an environment, such that a customer could trigger that export on our request, or (ideally) as part of the support ticketing process. Then our engineers can analyze async. This can be a ton of data though, so we're trying to figure out what to compress and how. We also have the challenge of figuring out how to scrub logs of any potentially sensitive information. Even IDs, file names, etc that only matter to customers.
We're working on something for this! Stay tuned.
This is fundamentally a data modeling problem. Currently computer telemetry data are just little bags of utf-8 bytes, or at best something like list<map<bytes, bytes>>. IMO this needs to change from the ground up. Logging libraries should emit structured data, conforming to a user supplied schema. Not some open-ended schema that tries to be everything to everyone. Then it's easy to solve both problems--each field is a typed column which can be compressed optimally, and marking a field as "safe" is something encoded in its type. So upon export, only the safe fields make it off the box, or out of the VPC, or whatever--note you can have a richer ACL structure than just "safe yes/no".
I applaud the industry for trying so hard for so long to make everything backwards compatible with the unstructured bytes base case, but I'm not sure that's ever really been the right north star.
Stream-of-bytes is classically difficult model to escape. Many have tried.
Same VPS, same config, but under sustained load you’ll see latency creep or throughput drift depending on the host / routing / neighbors.
Short tests almost never show it — only shows up after a few minutes.
If something fails mid-update, it resumes from exactly where it stopped. You can also point a deployment to a previous release and it walks back. This catches and recovers from issues that something like Terraform would just leave in a broken state.
For on-prem: we're working on Kubernetes as a deployment target (e.g. bare metal OpenShift)
At DollarDeploy we developing the platform to deploy apps to VMs with managed services provided, kind of like Vercel for your own servers. Would be interesting to try alien for enterprise customers.
https://github.com/alienplatform/alien/blob/main/crates/alie... :)
The metrics/logs part is also core to Alien... telemetry flows back to the vendor's control plane so you actually have visibility into what's running.
A different take: https://www.cloudron.io/
It is intended to be simple: - with the power of a mac mini, you can host (almost) anything - pay for the mini, it is your machine to do with as you please (we will host it for you) - if you decide you no longer need hosting, we will mail you back the machine that rightfully belongs to you
if anyone is interested in becoming a partner, shoot me a message, felipe@ind3x.games
- [0] https://www.minimahost.com/
Super cool product, I’ve gotta try it
"Written in Rust" seems to be a very popular thing to add.
My assumption is that people know it will get the thread more visibility?
Realistically, the game ends up being - see what you can get away with until someone notices. Given that, you might want to rename the product to something more boring than “Alien”.
More and more enterprise CISOs are starting to understand this.
The model here is closer to what companies like Databricks already do inside highly regulated environments. It's not new... it's just becoming more structured and accessible to smaller vendors.