Cloudflare’s Argo Tunnels service has burrowed its way into the Mesosphere DC/OS service catalogue, giving users a way to privately plug their services into Cloudflare’s network.

Today’s announcement describes Cloudflare’s Argo Tunnel service as “a private connection between your services and Cloudflare…so that only traffic that routes through the Cloudflare network can reach your service.” Traffic is encrypted while “for the rest of the internet, the service is reachable only through the hostname configured on Cloudflare.”

This might ring a bell with anyone who remembers the glory days of VPNs. For its part, Cloudflare draws the comparison with GRE tunnels, which it describes as “clunky” as well as a “slow and expensive”, and more importantly, requiring network administrators at either end to coordinate.

Cloudflare markets the service as a way of securing access to internal applications and development environments, and getting round the hassle of distributing traffic across multiple cloud providers. As well as ensuring the user’s service is only reachable via the hostname, Cloudflare also takes care of smart routing, DDoS protection, firewall, etc.

Mesosphere reckons this will make operating in – and developing for – a multi-cloud world much easier, cutting latency due to “over-utilized or geographically distant servers”. Instead, the service will create persistent outbound connections to the two closest Cloudflare PoPs, “over which the entire Cloudflare network will route through to reach the service associated with the tunnel.”

What you will need is Cloudflare account with Argo Tunnel enabled. Using Argo will cost $5 a month, $.10 per GB transferred, after the first gig.

Mesosphere pitches DC/OS as an enhanced cloud platform can support traditional, cloud native and data-driven applications across multi-cloud and edge infrastructures. DC/OS stands for distributed datacentre operating system. The most recent version, 1.12, came out in October.