No flaws found in OpenVPN software. Our response to the CVE-2019-14899 vulnerability report.

Who is Access Server For?

OpenVPN Access Server was created for small-to-medium sized businesses, but also has the capacity to scale into the thousands. So no matter the size of your organization, and no matter what your end goals are for your business, Access Server can help you get where you want to go.

OpenVPN Access Server is a solution that can be used by virtually anyone, anywhere, and for any reason. However, there are a few common personas that we commonly see deploy and use OpenVPN Access Server, and those personas can be narrowed down to three overarching types. Which do you identify with?

BACK
BACK
BACK

Administrator

A system administrator is the person responsible for the maintenance, configuration, and reliable operation of computer systems. Administrators are responsible for installing new systems, and assessing and implementing upgrades as needed. They conduct consistent analyses of a company's computer systems to determine if existing components meet the company's needs and perform upgrades or updates as needed.

Small-to-Medium Size Business Owners

These business owners operate their own companies and handle a wide range of responsibilities — a lot of the time they end up being a one-person show wearing a lot of different hats. From arranging financing to hiring and managing staff, to creating marketing strategies and identifying business opportunities, these men and women are doing it all.

Chief Information Security Officer

Chief Information Security Office (CISO) is a relatively new c-suite position for medium to large size organizations — this particular executive is responsible for the organization's information and data security. The CISO oversees the broad scope of IT operations and makes the final decision as to which systems to use.

As the administrator, you are the person who ultimately manages the Access Server, making sure that it is up and available. You will ensure that it’s connecting to the correct services, and if a connection goes down or is misconfigured you are the one to fix it and get it back up and running again.

You also make sure Access Server is always available and always working. And depending on the size of the company, you might also be managing other services to the point where you could manage identification and authentication services.

You will also check to make sure the network is secured, and that certain things within the Access Server groups are set up correctly — to ensure that they are not giving too much access to the wrong people.

“Businesses of all sizes face different challenges, and how they serve their customers is unique. No matter your product, a business is responsible for delivering it in a safe and secure way.”

Small business owners like you often handle all business components single-handedly — which means that on top of everything you deal with on a day-to-day basis, you also have to think about business cybersecurity. Small businesses rarely have network administrators, so it’s often up to the owner to figure out how to secure their employees and data, and to find alternative options other than a full-time IT crew for the security technology implementation process.

In many cases, small-to-medium size business owners choose to hire a consultant to set up Access Server, and then pay them an hourly rate to make any necessary changes.

However, most small businesses are able to take a “set it and forget it” approach with Access Server, and then bring in outside help when issues or concerns arise. Because Access Server is not involved or complicated, small businesses can often have it set up and running in a short amount of time, and protecting what they need to protect without requiring a lot of continual management after it is set up.

While the needs vary from business to business, most small-to-medium size organizations do not need to add a lot of extra infrastructure after Access Server is set up.

Small Business Example: Think of a local boutique that is just run by the owner, and one or two other long-term employees — possibly family members. The store only has a few different machines, like their POS (Point-of-Sale) system, their security camera, and the computer they use for purchasing and invoicing. Most of that won’t change very often, and because they keep the same employee base, they won’t need many (or any) new rules created. Chances are they will be fine for years before they need to adjust their network.

Medium Business Example: Picture a manufacturer with a small factory or metal shop — chances are they would require static applications as well. Maybe they have one server where they share plans or purchase orders, and that would most likely stay the same over time. They might have more employees coming or going, so they might need a consultant a little more often to add employees — but chances are a consultant could remotely update those users in just a matter of minutes, without having to step foot on premise.

As a CISO, you are probably working with a larger organization, with an employee count ranging from the 50s up well into the hundreds. While the administrators have a very hands-on role, you have a much more broad touch. You make sure there are no security holes, ensure access rules are set up correctly, monitor how much data the company is pushing out (and what kinds of data), and keep an eye out for anything out of the ordinary. So in your organization, you will likely have an IT person/administrator making sure the VPN is running properly, but then you have a much different perspective. You would likely focus on how it’s being used, the data being sent, and the best methods for securing it.

Most CISO’s aren’t writing or deploying code, they are overseeing the entire department and making the big decisions – like which VPN to use. So why do so many of them choose to use OpenVPN Access Server?

What CISOs look for in a VPN:

Flexibility: Many CISOs lean towards OpenVPN services because we are not a hardware appliance. We are cloud-based makes us stand apart from other services – organizations can install Access Server anywhere: on the cloud, in a bare metal server, it can be run it on a virtual machine, etc. With a hardware appliance you would have to buy the appliance and put it in a data center and physically run it in the office, which many people find very limiting. We are very well-placed there and have images available on the three main cloud platforms, so it’s easy to set it and deploy it how you want.

Usability: OpenVPN stands out to many CISO’s because we are also not as complex to use as some other alternatives. OpenVPN products are straightforward to use and customize, while still providing a high number of options that would work for the vast majority of organizations out there.

Scalability: Although it is designed with small-to-medium size businesses in mind, the OpenVPN Access Server can be scaled to meet the needs of virtually any organizations. For example, OpenVPN just came out with a new Access Server option that allows clustering within servers and databases so that organizations can set up a lot of redundancy — so instead of having open Access Server on one machine, you can have hundreds. So say you have five running, and one goes down, you will still have four others running. A lot of other VPNs do not offer that crucial option.

Affordability: Access Server prices are some of those most competitive on the market. All OpenVPN Access Server downloads come with two free connected devices for testing purposes. Then we offer a “BYOL” option — or “Bring Your Own License.” It is a $15.00 license fee per connected device, per year, with a minimum purchase of 10 connected devices. All support and updates come included. OpenVPN Access Server license keys can also be purchased for more than one year at a discounted price.

Quality: OpenVPN Access Server is a mature, award-winning VPN server that provides virtual network connectivity to cross-platform OpenVPN Connect and other OpenVPN protocol compatible VPN Clients. The OpenVPN protocol has established itself as the de-facto industry standard in the open source networking space, and has over 50 million downloads since inception. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications, and offers unparalleled quality and security.

Regardless of who you are or your organizational role, the size of your business, or your security needs, Access Server was designed to work for you. Whether you have servers in your office, a datacenter, or a cloud-based system that contains the programs and files that you need to work with at home or on the road, the OpenVPN Access Server can be used for secure access. OpenVPN offers a cost-effective alternative to other VPN technologies — making it a leading cybersecurity solution for any enterprise.