Establish a Secure VPN to your Cloud Resources
Before the advent of general cloud computing, organizations secured their IT resources behind physical and logic access layers, generally in the form of a “Virtual Private Network” (VPN) that allowed secure segregation of traffic from externally connected computers. Solutions abounded to support this model including both software and hardware approaches. Cloud computing has enabled extensive economies of scale for organizations of all sizes, but the VPN concept remains: A way to secure organizational traffic and resources for computers outside the established security perimeter. The modern solution provides a physical boundary (VPN) that allows for a private driveway to your company’s resources.
The challenge can be stated this way: Since all resources in the “Cloud” are accessible through public internet, how can we ensure the resources that need to be utilized within our organization’s boundaries are available only for Authorized users? The challenge has been met by Innosoft with the implementation of an AWS VPN Client.
Amazon describes the solution this way, “AWS Client VPN is a fully managed remote access VPN solution used by your remote workforce to securely access resources within both AWS and your on-premises network. Fully elastic, it automatically scales up, or down, based on demand. When migrating applications to AWS, your users access them the same way before, during, and after the move. AWS Client VPN, including the software client, supports the OpenVPN protocol.”
Since AWS Client VPN enables you to securely connect users to AWS networks, we have decided to leverage the same for our internal “Intranet” applications.
To enable the VPN Connectivity to the intranet applications, we followed the following steps:
- Setup a Private VPN for intranet applications.
- Secure the resources under the private subnet including EC2 instances.
- Create a client VPN connection.
For creating the Client VPN connection, we followed the steps described below.
1. Create a Server certificate for the domain.