Secure VPN Access to critical applications on premise or on the cloud is necessary component for any corporate network, irrespective of it size or Industry segment. Even though there are many solutions available in the market, selecting the appropriate options are always a challenge. In this case study we are addressing requirement and solution of an IT company in the Medical domain.
An IT company in Bangalore is working towards HIPPA compliance and one of the main requirement was getting the Industry standard VPN access for administrative and private applications. They required industry standard encryptions and dual factor authentication. Along with that they also require a site-to-site VPN between their corporate office and private cloud.
We have selected OpenVPN with OPNSense for the solution. Since most of the customer’s applications are hosted in AWS. We have decided to host OPNSense in the AWS VPC.
• We have created a separate VPC for hosting the VPN Server to have proper ACL.
• We have chosen IPsec for the better throughput between the endpoints.
• We used AWS Simple Directory Service for the authentication service. AWS Simple directory is a very cost-effective directory solutions as it is based on SAMBA. But it serves all the basic requirements for a central authentication service, including password policy.
For proper security, we have configured the below options.
• SSL VPN with 1024-bit TLS encryption.
• AES-128-CBC as the cipher
• Enforced tls-name maps to username to avoid certificate theft.
• SHA-256-bit Hash.
• Forced only the required traffic through the tunnel.
• Authentication is against AWS Active Directory for central account management.
• Implemented Password policy for compliance.
Customer’s requirement of a corporate VPN with dual factor authentication was implemented. This solution is scalable as OpenVPN can handle large no of simultaneous connections. Use of Open Source ensured that the client is not bounded by any vendor locking. Also cost of the entire solution comes less than any other Proprietary Solutions.