No flaws found in OpenVPN software. Our response to the CVE-2019-14899 vulnerability report.

Securing Remote Access for Cloud-Based Systems

Remote employment is no longer just some futuristic concept — telecommuting is here, it’s popular, and the amount of remote workers goes up substantially every single year. Pretty soon, job candidates will expect remote options as standard — not just hope for it as a bonus. It won’t be long before telecommuting will be considered a basic, standard benefit alongside vacation time and health insurance — and companies that don’t offer the essential benefits won’t be as competitive for attracting job-seekers.

But companies that want to maintain a competitive edge need to implement remote work correctly. They can’t just send employees off without support — there needs to be a company-wide structure, with tools and procedures in place to ensure that the remote team can be just as effective as they could be in the office. To be successful, organizations will need to offer different support than they would just dealing with an individual who only works from home on occasion.

There is a vast difference between letting team members work from home every now and then vs. having a fully-functioning remote team. When someone works in the office a majority of the time and is only allowed to work from home for extenuating circumstances — such as a mid-day doctors appointment, or scheduling issues with childcare — their setup at home probably won’t be as ideal as someone on a fully remote team. They also won’t have the same level of access to essential resources that an in-office or fully remote team would.

One of the most critical factors for businesses to keep in mind when implementing a remote workforce is securing remote access for cloud-based services from wherever employees are working. This is often overlooked when employees only work remotely every once in a while, but it is crucial to the success of an entirely remote team. One way to allow this type of secure access is to implement Access Server and gain secure access to IaaS (Infrastructure as a Service) resources, for both in-office employees and the remote teams.

What It Is And How It Works

As you adopt IaaS solutions such as AWS, Azure, and GCP to gain a competitive advantage, you will need a way for your teams to access cloud services securely. You can use Access Server to connect the in-office network to the cloud network to provide easy and secure remote access for office workers — and then you can also use the same Access Server to allow telecommuters to access services on the office network or on the IaaS private network. Access Server works as a single solution to enable and secure multiple types of access.

For instance, the OpenVPN Access Server on AWS allows you to extend the AWS Virtual Private Cloud (VPC) to both in-office and remote users. It will enable you to create a hub-and-spoke, mesh, or other network topology to interconnect all of your different sites together with AWS, and use a SSL/TLS site-to-site VPN as a backup route for your IPSec and Direct Connect connectivity. With OpenVPN Access Server on AWS, you can:

  • Connect devices over the public Internet to a private, secure VPC network
  • Securely connect on-premises office networks to the Amazon AWS VPC network
  • Define access rules that limit specific devices to portions of the VPC network
  • Redirect Internet traffic from devices through the Access Server
  • Create secure connections with multiple VPCs with OpenVPN protocol encryption
  • Create connections between Amazon AWS VPC networks and Microsoft Azure Virtual Networks

Site-to-Cloud In Action

Take for instance a startup in the Financial Technology (Fintech) space that is creating a revolutionary service to guide investment decisions based on the use of Machine Learning (ML) algorithms to predict investing decision outcomes. This company relies on huge financial news and social media datasets to created complex decision guidance and forecasting models. It stores this data on AWS Cloud and uses Amazon’s SageMaker ML services.

Some of the employees at the company work in the office, but the rest telecommute exclusively from different locations. The company needs to provide remote access to cloud services so that employees can access everything they need to do their jobs, regardless of whether they are in the office or on the other side of the country.

The company installed Access Server from AWS Marketplace and added all employees as users, then created a special user with an auto-login profile. This auto-login profile was used to configure the OpenVPN client in the office router so that it automatically connects to the Access Server without prompting for user credentials, and the OpenVPN Connect Clients were installed on employees’ laptops.

Employees now have secure remote access to AWS resources from their laptops while away from the office using the Connect Client application, which establishes a VPN through the Access Server on AWS. The office network has access to AWS resources via the VPN from the office router to Access Server and allows employees at the office to get direct access to AWS hosted data and processing power.

AWS and Access Server Guides

The AWS EC2 appliance (AMI) is a 64-bit appliance that is based on Ubuntu LTS (Long Term Support) you can quickly launch on your Amazon EC2/VPC to promptly set up your VPN server. To make it more convenient for you to deploy your server in the region closest to you, we currently offer the AMI in all of Amazon’s publicly available regions.

If you are looking for the specific AMI ID for one of our images on Amazon AWS for automation purposes, you can find it by going to the AWS Marketplace and going through the launch options until you reach the point where you have to select a region to launch the instance. The appropriate AMI ID will then be displayed to you, and you can cancel the launch process then.

TL;DR

  • Extend your IaaS such as AWS Virtual Private Cloud (VPC) to both on and off-site employees using OpenVPN Access Server
  • Create hub-spoke, mesh, or other network topology to interconnect all of your sites together
  • Use SSL/TLS site to site VPN as a backup route for your IPSec and Direct Connect connectivity

Request More Information

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement