Moving past OpenVPN® Access Server

By Sherry Wei
Founder and CTO, Aviatrix
March 31, 2018

Whether you are developing apps or managing the operations in public cloud, direct secure VPN access from your laptop to AWS, Azure or Google Cloud is a must have tool.

OpenVPN Access Server by OpenVPN® Technologies is a good starter tool for VPN access. It is based on OpenVPN® open source software and is packaged into a product with browser interface to the VPN server.

When does the Access Server become inadequate for you?

This depends on your priorities and requirements. Quinn Smith, CloudOps engineer at Mitigator, explained to us,

“OpenVPN Access Server was started by our DevOps team for developers, it was configured to tunnel all laptop traffic through VPN which slows down accessing to instances in AWS VPC for actual development work. There were complaints. Plus we were growing to a multi accounts and multi VPCs environment. Setting up an Access Server in each VPC is not an option as it becomes unmanageable for both the admins and developers. We started to look for a more enterprise class product that serves our needs.”

In another words, Mitigator was looking for a VPN access product that provides

  1. Split tunnel capability
  2. Integrates VPN access capability and inter VPC peering from a central console.

Quinn also found the User Profile Based Access Control a must have feature as Mitigator is in financial business with SOC2 compliance and other industry restrictions. They need the ability to dynamically enforce access privileges to resources in VPCs based on user profiles. For example, a dev profile allows developers to access Dev/QA VPCs, a ops profile allows operation personal to access production data.

The story has an happy ending as Quinn found Aviatrix.

What are your priorities?

  • Okta, DUO and LDAP authentication?
  • OpenVPN® based SAML client support?
  • Multi Cloud access?
  • Extensive user activity logging for audit and compliance?
  • Scale out VPN solution with a fleet of VPN servers behind load balancer that serves thousands of users?

You will find all these capabilities in the Aviatrix Remote User Access Solution, as shown in the diagram below. It’s a busy picture, and it only demonstrates part of the functions the solution offers.

It turns out Mitigator was not alone, many of our VPN customers went through the similar journey.

I hope you can explore Aviatrix solution and find it a good tool for you.


Comments are closed for this post.