Moving past OpenVPN® Access Server

sherry
By Sherry Wei
Founder and CTO, Aviatrix
March 31, 2018

Whether you are developing apps or managing the operations in public cloud, direct secure VPN access from your laptop to AWS, Azure or Google Cloud is a must have tool.

OpenVPN Access Server by OpenVPN® Technologies is a good starter tool for VPN access. It is based on OpenVPN® open source software and is packaged into a product with browser interface to the VPN server.

When does the Access Server become inadequate for you?

This depends on your priorities and requirements. Quinn Smith, CloudOps engineer at Mitigator, explained to us,

“OpenVPN Access Server was started by our DevOps team for developers, it was configured to tunnel all laptop traffic through VPN which slows down accessing to instances in AWS VPC for actual development work. There were complaints. Plus we were growing to a multi accounts and multi VPCs environment. Setting up an Access Server in each VPC is not an option as it becomes unmanageable for both the admins and developers. We started to look for a more enterprise class product that serves our needs.”

In another words, Mitigator was looking for a VPN access product that provides

  1. Split tunnel capability
  2. Integrates VPN access capability and inter VPC peering from a central console.

Quinn also found the User Profile Based Access Control a must have feature as Mitigator is in financial business with SOC2 compliance and other industry restrictions. They need the ability to dynamically enforce access privileges to resources in VPCs based on user profiles. For example, a dev profile allows developers to access Dev/QA VPCs, a ops profile allows operation personal to access production data.

The story has an happy ending as Quinn found Aviatrix.

What are your priorities?

  • Okta, DUO and LDAP authentication?
  • OpenVPN® based SAML client support?
  • Multi Cloud access?
  • Extensive user activity logging for audit and compliance?
  • Scale out VPN solution with a fleet of VPN servers behind load balancer that serves thousands of users?

You will find all these capabilities in the Aviatrix Remote User Access Solution, as shown in the diagram below. It’s a busy picture, and it only demonstrates part of the functions the solution offers.

It turns out Mitigator was not alone, many of our VPN customers went through the similar journey.

I hope you can explore Aviatrix solution and find it a good tool for you.


Comments

Comments are closed for this post.

Latest Posts


Aviatrix Now Provides FIPS 140-2 Validated Encryption
By Sam Ghardashem, June 14, 2019

How Aviatrix’s intelligent orchestration and control eliminates unwanted tradeoffs encountered when deploying Palo Alto Networks VM-Series Firewalls with AWS Transit Gateway
By Sam Ghardashem, June 7, 2019

How to Use Aviatrix SD Cloud Routing to Build Azure Networks
By Karthik Balachandran, March 20, 2019

The Cloud in 2019 and Beyond: More of the Same, Only Better
By Steven Mih, December 6, 2018

Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018


Top Tags


Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FireNetAviatrix Firewall Network ServiceAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS Transit Gateway (TGW)AWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud Gatewaycloud governanceCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)FIPS 140-2GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNext Generation Firewalls (NGFW)NiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSafeLogicSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringUse Casesvalidated encryptionVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVMwareVNet ConnectivityVPCVPC PeeringVPN