Connecting to VMware Cloud™ on AWS with SSL Client VPN Software

How do you provide VMware Cloud on AWS services to remote workers, smaller office sites, and mobile devices? When site-to-site VPN is not practical, a client VPN solution is the way forward. Discover the benefits of an SSL-based VPN for VMware Cloud on AWS.

While on-premises or hosted locations may be able to access VMware Cloud on AWS services and resources natively over a “site-to-site” VPN, this is not always possible or desirable from smaller remote sites, branch or home offices, or mobile devices. In these scenarios, a client VPN solution is often the answer – yet VMware Cloud on AWS doesn’t offer a native client VPN service. What you can do instead is deploy a client VPN solution within the compute networks of an SDDC and, from there, provide access to the rest of the SDDC and connected AWS services.

Where a site-to-site VPN is not practical, a client VPN offers a number of benefits. While IPSec or similar VPN protocols are sometimes blocked on hotspot or guest WiFi networks, an SSL-based VPN can often bypass these restrictions. 

A client VPN offers a range of benefits:

  • Users can access the SDDC vCenter through the SSL VPN, which provides a more secure connection than opening vCenter to the Internet
  • Users can access other applications over the SSL VPN running in the Workload Segments and Customer VPC
  • Users can work from any location – they don’t need to be connected to a corporate VPN or connecting through on-prem networks with IPSec or Route based VPNs or Direct Connect between the on-prem data center and VMware Cloud on AWS
  • The users’ client devices just need outbound HTTPS on the users’ router to be able to use SSL VPN
  • Connection to the VPN server’s Fully Qualified Domain Name (FQDN) is protected by SSL/TLS verified by signed certificates

 

Depending upon the VPN Server/Appliance deployed, users may need to be configured locally. Otherwise, it may be possible to integrate the appliance with, and then authenticate users against, a local AD Server or other IAM service.

 

Get the reference architecture

About the Authors

Leave a Reply

Your email address will not be published. Required fields are marked *