Moving past OpenVPN® Access Server

sherry
By Sherry Wei
Founder and CTO, Aviatrix
March 31, 2018

Whether you are developing apps or managing the operations in public cloud, direct secure VPN access from your laptop to AWS, Azure or Google Cloud is a must have tool.

OpenVPN Access Server by OpenVPN® Technologies is a good starter tool for VPN access. It is based on OpenVPN® open source software and is packaged into a product with browser interface to the VPN server.

When does the Access Server become inadequate for you?

This depends on your priorities and requirements. Quinn Smith, CloudOps engineer at Mitigator, explained to us,

“OpenVPN Access Server was started by our DevOps team for developers, it was configured to tunnel all laptop traffic through VPN which slows down accessing to instances in AWS VPC for actual development work. There were complaints. Plus we were growing to a multi accounts and multi VPCs environment. Setting up an Access Server in each VPC is not an option as it becomes unmanageable for both the admins and developers. We started to look for a more enterprise class product that serves our needs.”

In another words, Mitigator was looking for a VPN access product that provides

  1. Split tunnel capability
  2. Integrates VPN access capability and inter VPC peering from a central console.

Quinn also found the User Profile Based Access Control a must have feature as Mitigator is in financial business with SOC2 compliance and other industry restrictions. They need the ability to dynamically enforce access privileges to resources in VPCs based on user profiles. For example, a dev profile allows developers to access Dev/QA VPCs, a ops profile allows operation personal to access production data.

The story has an happy ending as Quinn found Aviatrix.

What are your priorities?

  • Okta, DUO and LDAP authentication?
  • OpenVPN® based SAML client support?
  • Multi Cloud access?
  • Extensive user activity logging for audit and compliance?
  • Scale out VPN solution with a fleet of VPN servers behind load balancer that serves thousands of users?

You will find all these capabilities in the Aviatrix Remote User Access Solution, as shown in the diagram below. It’s a busy picture, and it only demonstrates part of the functions the solution offers.

It turns out Mitigator was not alone, many of our VPN customers went through the similar journey.

I hope you can explore Aviatrix solution and find it a good tool for you.


Comments

Comments are closed for this post.

Latest Posts


Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Implementing a Secure Transit DMZ Architecture with Next-Gen Firewalls
By Josh Hammer, October 16, 2018

Talking Innovation, Disruption and Software Defined Cloud Routing with Steve Mullaney
By Frank Cabri, September 28, 2018

Why the Economics of Adding a Network Engineer to the Cloud Engineering Team Doesn’t Add Up
By Neel Kamal, September 18, 2018

Navigating the New Networking Landscape In the Era of Public Cloud Computing
By Frank Cabri, September 7, 2018


Top Tags


Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud GatewayCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVLANVMwareVPCVPC PeeringVPN