How do you provide VMware Cloud on AWS services to remote workers, smaller office sites, and mobile devices? When site-to-site VPN is not practical, a client VPN solution is the way forward. Discover the benefits of an SSL-based VPN for VMware Cloud on AWS.
While on-premises or hosted locations may be able to access VMware Cloud on AWS services and resources natively over a “site-to-site” VPN, this is not always possible or desirable from smaller remote sites, branch or home offices, or mobile devices. In these scenarios, a client VPN solution is often the answer – yet VMware Cloud on AWS doesn’t offer a native client VPN service. What you can do instead is deploy a client VPN solution within the compute networks of an SDDC and, from there, provide access to the rest of the SDDC and connected AWS services.
Where a site-to-site VPN is not practical, a client VPN offers a number of benefits. While IPSec or similar VPN protocols are sometimes blocked on hotspot or guest WiFi networks, an SSL-based VPN can often bypass these restrictions.
A client VPN offers a range of benefits:
- Users can access the SDDC vCenter through the SSL VPN, which provides a more secure connection than opening vCenter to the Internet
- Users can access other applications over the SSL VPN running in the Workload Segments and Customer VPC
- Users can work from any location – they don’t need to be connected to a corporate VPN or connecting through on-prem networks with IPSec or Route based VPNs or Direct Connect between the on-prem data center and VMware Cloud on AWS
- The users’ client devices just need outbound HTTPS on the users’ router to be able to use SSL VPN
- Connection to the VPN server’s Fully Qualified Domain Name (FQDN) is protected by SSL/TLS verified by signed certificates
Depending upon the VPN Server/Appliance deployed, users may need to be configured locally. Otherwise, it may be possible to integrate the appliance with, and then authenticate users against, a local AD Server or other IAM service.