We’re thrilled to share some exciting news that will transform how your Mendix applications connect to the world! Today, we’re announcing the open beta for Mendix Cloud Private Connectivity, powered by Tailscale – a groundbreaking new feature designed to bring unparalleled security and simplicity to your cloud-based application integrations.

The challenge: Bridging your cloud apps to internal systems

In today’s fast-paced digital landscape, your Mendix applications often need to connect with a variety of external resources – from databases and legacy systems to other critical services. Traditionally, these outgoing connections from your Mendix Cloud applications have relied on the public internet. While methods like HTTPS, reverse proxies, and client certificates offer layers of security, connecting over the public internet might not an option in some cases, for different reasons:

• Security concerns: Exposing internal resources to the public internet, even with security measures, can raise valid security concerns for many organizations
• Compliance roadblocks: Strict internal rules and industry regulations often prevent customers from allowing public internet access to sensitive systems.
• Legacy system limitations: Older systems might make it incredibly difficult, or even impossible, to securely expose them to the public internet.

These challenges can slow down innovation and prevent you from fully leveraging the power of cloud-native development. But what if you could run your apps on our managed Mendix Cloud platform and still connect to your internal systems with the peace of mind that comes from a truly private, secure network?

The solution: Mendix Cloud Private Connectivity, powered by Tailscale

We heard you, and we’re incredibly excited to introduce Mendix Cloud Private Connectivity. This powerful new feature, built on industry-leading Tailscale technology, is here to eliminate one of the most significant challenges enterprises face when moving to cloud-based application development: secure, private connectivity to existing internal systems.

Imagine seamlessly connecting your Mendix applications to your on-premises databases, private cloud services, or any other internal resource, all without exposing them to the public internet. That’s the promise of Mendix Cloud Private Connectivity!

Key features you’ll love

• Private and secure connectivity: Establish direct, encrypted connections from Mendix Cloud to your internal systems, such as databases, SAP systems or messaging services.
• Flexible endpoint support: Connect to resources hosted both on-premises and within your private cloud environments, such as AWS, Azure or GCP.
• Zero-trust security architecture: Benefit from a security model that verifies every connection, every time, by default.
• Complete network traffic isolation: Your network traffic is fully isolated from other customers, ensuring dedicated security.
• Self-service connection management: Easily configure and manage your connections directly through the familiar Mendix Platform.
• Built-in governance: Connectivity is configured and managed on company level. Connections from specific applications to specific resources must be requested and approved.

Why Tailscale? Our partner in private, secure connectivity

To deliver this robust solution, we’ve partnered with Tailscale, the leading secure connectivity platform, built for fast-growing and modern development teams.

Tailscale securely connects remote teams across hybrid and multi-cloud environments, keeps CI/CD pipelines private, secures IoT and edge devices, and protects AI infrastructure—all built on Zero Trust principles by default.

Built on the open source WireGuard® protocol, Tailscale delivers secure connectivity in minutes, without reliance on hardware, proxies, or vendor-controlled chokepoints, so organizations can simplify operations, boost engineering productivity, cut costs, and scale security as the business grows.

When evaluating options for private connectivity, we looked at everything from traditional VPNs to various cloud services and third-party tools. Tailscale stood out because it perfectly aligns with our vision for a solution that is:

• Generic: Connects to virtually any infrastructure you have.
• Secure: Eliminates the need to open incoming firewalls.
• Native: No additional contracts with third parties; all resources are managed within your Mendix account.
• Scalable: Designed for automation, supporting thousands of Mendix customers.
• Self-managed: Empowers you to set up connectivity without requiring intervention from our Cloud teams.
• Enterprise-grade support: Fully maintained and supported by a large, reputable company with SLAs that match Mendix Cloud’s commitment.
• This partnership ensures you’re getting a solution that is not only powerful and easy to use but also built on a foundation of trust and innovation.

Read more about Mendix Cloud Private Connectivity from Tailscale on their blog.

How it works (a glimpse under the hood)

Mendix Cloud Private Connectivity leverages Tailscale’s intelligent networking to create a secure, isolated environment for your connections:

• Dedicated networks: Mendix creates unique, fully isolated networks for each customer within our Tailscale account. Each network has its own encryption keys and Public Key Infrastructure (PKI).
• Customer agents: You’ll install lightweight “Agents” within your own infrastructure. These agents securely connect to your dedicated network. You can even have multiple agents across different infrastructures connecting to the same network.
• Resource exposure: These agents expose specific resources (initially subnets, with plans for specific services via proxy in the future) on your infrastructure, making them available to your Mendix applications via your dedicated network. You always approve which resources are accessible before they can be used.
• Smart connections: Your Mendix applications will then connect directly (peer-to-peer) to these approved resources whenever possible. If a direct connection isn’t feasible, traffic is securely routed through Tailscale’s global relay (DERP) network, which is “encrypt-then-forward” only – meaning Tailscale never sees your data. This global network also ensures high availability and low latency by automatically selecting the best path. Connections need to be approved before applications can use them, so there’s always four eyes involved.

Join the public beta – try it for free

We’re incredibly excited for you to experience the freedom and security that Mendix Cloud Private Connectivity offers.

Starting January 1st, Mendix Cloud Private Connectivity, powered by Tailscale will be available as a public beta! This means all customers can try out this powerful new feature for their licensed applications on Mendix Cloud. The best part? It’s completely free during the beta period! This is your opportunity to explore its capabilities, integrate your applications with newfound ease, and provide us with valuable feedback to help shape its future.

Please note that all considerations regarding beta releases, as explained in our documentation, apply. We encourage you to review these details as you embark on this exciting journey.

Connect with confidence

Mendix Cloud Private Connectivity powered by Tailscale marks a significant step forward in simplifying secure enterprise application development. We believe this will empower you to build and deploy even more sophisticated, integrated applications with greater confidence and efficiency.

Ready to transform your connectivity? Start your free beta trial today!