OpenVPN Access Server has been used for establishing site-to-site VPNs for businesses for years now. And, for many businesses, Access Server provides a powerful tool. But today, we’re excited about how our new, next-gen VPN, OpenVPN Cloud addresses the very same situation. For any business looking to grow and scale their site-to-site network securely, OpenVPN Cloud does just that — and with no servers on-premise required, simplifying things extensively for your IT admin. Certainly, there are some businesses for whom Access Server remains the best option, but it all depends on your current needs.
To explain things further, and to expand on the differences in using Access Server or OpenVPN Cloud for your site-to-site VPN, we brought in the team who has worked directly on the products themselves: Rohit Kalbag, Director of Product Management; Kyryl Tumanov, Product Manager for Cloud; and Johan Draaisma, Product Manager for Access Server.
Why Use A Site-to-Site VPN?
“Site-to-site is important because it allows remote users to use one VPN connection to access resources distributed at various sites,” explains Kalbag. “When all the sites are interconnected to form one VPN, not only can remote users connect to the VPN and access all the resources spread about in multiple sites, but the servers and users at each site can also communicate with other sites.”
In fact, as Tumanov adds, a site-to-site VPN has become all but essential for any growing company in our data-rich society. “Any business which needs to interconnect at least two locations (on-prem or Cloud) will need a site-to-site VPN,” he says. “Most businesses cannot rely on a single location to scale.”
And, as Draaisma adds, a site-to-site VPN makes things simple for your team. “Usually, the user just starts up his computer in the office network. From there, he is able to transparently access resources that are in another network — but the user doesn’t have to worry about it. It just works, and it works securely.”
Using OpenVPN Access Server
Many OpenVPN customers are currently using Access Server to establish their site-to-site VPN. It’s worked for them for years, and provides a reliability and security that many products simply can’t match. “Access Server can be easily set to operate in routed mode and to mark the VPN client connecting the site as a gateway client,” says Kalbag of Access Server’s popularity. “It lends itself easily to hub-and-spoke configuration which works well for use cases like branch offices connecting to headquarters.”
And, perhaps most importantly, using Access Server means using your own servers, on your own premises. “With Access Server,” explains Draaisma, “you have the infrastructure completely in your own hands. With Cloud you rely on our infrastructure.” For some, this isn’t a priority — but for those who prefer it, it can make a big difference.
Using OpenVPN Cloud
Our next-gen VPN, OpenVPN Cloud, is relatively new, but it comes with a powerful suite for customers looking to establish a site-to-site VPN connection for their business. Plus, as Kalbag explains, its speed is unmatched. "OpenVPN Cloud simplifies site-to-site connectivity by allowing full-mesh routing with other sites as soon as a site is connected to one of our global points of presence. With OpenVPN Cloud there is no single hub as in the traditional hub-and-spoke model where all traffic passes through. Instead, OpenVPN Cloud is a full-mesh routing network where a connection to any of the OpenVPN Cloud Regions allows direct connectivity to all your sites. OpenVPN Cloud also allows for a high-speed VPN connection from the site to OpenVPN Cloud by running the Connector with Data Channel Offload (DCO) beta feature turned ON, which greatly improves the performance of the VPN tunnel."
Plus, Kalbag goes on to explain, OpenVPN Cloud comes with several advantages which businesses can benefit from. “The AWS Connector for OpenVPN Cloud has been enhanced to automatically make routing changes as more sites are added. OpenVPN also has full-mesh connectivity, DCO, and access control of network-to-network communication. If full-control and self-hosting are not required, I would recommend OpenVPN Cloud for all site-to-site use cases.”
Tumanov agrees, adding that “the main benefit of OpenVPN Cloud is simplicity. You don’t have to manage or scale servers. You automatically deploy a connector using our Wizard, and your site is connected to OpenVPN Cloud. You can then configure granular access between sites. If you need high availability and/or increased performance using load balancing, you can configure it easily by adding another connector.”
For many people, the choice between the two tools is an easy one. But if you’re not sure which one would be best to set up your site-to-site VPN, Tumanov lays it out quite simply: “If you would like to have full control of your deployment and would like all the data to go through your on-prem infrastructure, then Access Server could be a better solution for you. But if you would like to have simple configuration, easy maintenance and scaling? You should choose OpenVPN Cloud.”