Design and Feature Requirement for a User-VPN Solution

If you are building a new or re-architecting a User-VPN (aka SSL VPN or Client to Site VPN) based solution, then you should consider at least following design ingredients in your solution

  • Built on OpenVPN® and is compatible with all OpenVPN® client software
  • Provide certificate based SSL VPN user authentication
  • LDAP/AD Integration
  • Support multi factor authentication (MFA) methods such as Google, DUO, Okta, SAML and LDAP
  • You should also be able to combine various authentication and authorization components to add extra level of security for the interaction. For instance the solution first authenticate from a corporate LDAP entity and then consult with DUO for MFA
  • Authenticate a VPN user directly from the VPN client to any IDP via SAML protocol. The SAML protocol and a client with SAML support must be the key requirement
  • Supports external PKI for OpenVPN Certificates
  • The solution must provide a Profile Based Access Control so that beyond the authentication and autharization that was discussed above, one should also control the access right at the IP Address, CIDR or Subnet level (aka Profile Based Network Segmentation)

The Aviatrix solution has all the above mentioned design ingredients. On top of that it has features such as Geo-Location based connectivity to the closest VPN GW (or Concentrator) with support for both TCP and UDP based load-balancing

Look at this Clara customer case-study (Clara is part of SoFI now) for reference

https://www.aviatrix.com/customers/case-study-clara.php

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s