Today I Learned Cloud

When working with the cloud, sometimes the information, or data, you are working with can be sensitive in nature. Even though the connections to the cloud systems are very likely encrypted with SSL/TLS and hopefully the storage is configured for encryption at rest, it can be beneficial to add another layer of security just to be sure things are secure. This can be accomplished with a VPN. I have used several VPNs from several different companies throughout the years.

OpenVPN

There are open source versions of VPN software, such as OpenVPN. However to use this software it requires the setup of a machine running the OpenVPN server software through which you connect. All of your traffic will be routed through that server, placing you on the same network as your cloud provider, or network where the server is running.

However going this route means that the server running the open source software must be maintained and patched by you. Also one thing to consider is that the server must be able to handle all of the users that you allow to connect to the machine. Depending on how many users that will be using the server will dictate how difficult it will be to manage on an ongoing basis, or if multiple servers are needed for that amount of users.

An alternative to setting up and managing this yourself is to use the OpenVPN Cloud, which is a service managed by the team supporting the open source project. By using their cloud service, you avoid the need of having to manually stand up the VPN server and avoid the work of making sure it stays up while also keeping it patched.

Using this service, you will be able to connect through the managed OpenVPN servers to your cloud infrastructure over a secure VPN connection. No need to worry about patching, uptime, and maintenance of the servers providing the service, or even the need to worry about the bandwidth allotment for your users. This is all handled by the OpenVPN Cloud service, and could be very worth the price for your company.

ExpressVPN

ExpressVPN is a service I have used quite a bit in the past. It works really well and allows you to choose a location based IP address pretty much anywhere in the world. There are also usually many different city options for a given country selection as well. Currently there is over 160 server locations in 94 countries around the world. My usage of ExpressVPN is mostly when travelling and when doing personal surfing on the internet.

When travelling and connected to an open WiFi network, like at a coffee shop or a hotel, anyone also connected to the same WiFi network can see you’re traffic if they have the correct tools installed on their system. Encrypted TLS/SSL connections should still be hidden from view, but to be safe in these situations, it is smart to use a VPN. ExpressVPN is a very good service for this use case.

One huge benefit to ExpressVPN is the amount of devices they support running the VPN connection with. They support devices running Microsoft Windows, macOS, and Linux operating systems. They also support iPhone, iPad and Android devices for mobile situations. They even have an option that works with some routers, so that the whole at home internet is protected.

Another option available to ExpressVPN customers is the ability to use one of their browser plugins which is available for Chrome and Firefox. This allows you to simply protect your browser session when enabled instead of configuring the VPN over the entire internet connection of the host.

Using a service like ExpressVPN is definitely something worth considering.

IPVanish

Another great VPN service available to you is one provided by IPVanish. This service offers amazing transfer speeds while connected to the VPN and gives you unlimited bandwidth. This is especially great if you are streaming video content over your VPN connection with services like Netflix, Amazon Prime Video, and YouTube.

They have really amazing and simple to use software that works on many devices, including Microsoft Windows, macOS, ChromeOS, and Linux operating systems as well as iOS and Android mobile devices and even software for FireTV on your television. This should cover pretty much every device you have available to you, and those you might want to run the VPN connection with.

Along with their unlimited bandwidth, IPVanish offers access to over fourty thousand IPs to choose from on over 1400 VPN servers spread across 75 locations worldwide. This should be more than enough availability for most customers. They even let you connect up to 10 devices simultaneously to the VPN so that many devices are protected online at the same time for the same price. This is a great deal!

If you ever run into an issue with their service, they also offer customer support 24 hours a day 7 days a week. So you can be sure you’ll be able to have a working VPN connection whenever you need it.

AWS VPN

Another option, if you are using the Amazon Web Services Cloud is to use the AWS VPN service. This service gives you the ability to connect any of your devices, office network or on premise networks to the AWS global network. They offer two different services as part of this to make this work. That includes the AWS Site-to-Site VPN and the AWS Client VPN. These are services managed by AWS to be highly available while also being fully scalable for any amount of bandwidth usage and requirements. This option is definitely worth looking into for larger VPN setups and configurations.

Azure VPN

Microsoft Azure offers a service very similar to the AWS VPN service, which is the Azure VPN Gateway. This service allows you to connect your companies on premise infrastructure to the Microsoft Azure cloud. This service is also managed by Azure and designed to be highly available and redundant. You can be sure that this VPN connection will be secure as Microsoft spends over a one billion dollars annually on cyber security R&D. Microsoft also employs over 3500 security experts around the world to make sure they maintain the highest levels of data security and privacy.

Google VPN

Google Cloud also has a VPN offering available to their cloud customers. This service provides the customer with an IPSec VPN connection from their on premises network to the virtual private cloud network setup in the Google Cloud environment. This setup is very similar to the other cloud providers as it is managed by the google team, provides high availability and is able to scale with the needs of the business. Currently each Cloud VPN tunnel is able to support up to 3Gbps of bandwidth.

Final Thoughts

There are many VPN offerings available on the internet and it can be hard to decide which one to use or pay for. My suggestion is that if you are going to host your own, it likely makes sense to use the open source OpenVPN project and run it on a server that you control in your cloud environment.

Otherwise if you don’t want to self host but still want to have secure access to your cloud infrastructure, using something like the OpenVPN Cloud service makes a lot of sense. If you are more looking for VPN protection for your personal use, services like ExpressVPN or IPVanish are likely the ones you should take a hard look at.

Finally if your needs are more specifically around a medium to large company, using the cloud offerings provided by the Amazon Web Services Cloud, Microsoft Azure Cloud, or Google Cloud, depending on which cloud you use, is most likely the best VPN service to use. These will be highly available and fully managed by these large companies, and embedded with all the security you’ll likely require for this kind of VPN setup.