Aviatrix Blog

Enterprise Multicloud Networking

Archive

Aviatrix Blog

SAML User VPN

Aviatrix Multi-Cloud Smart SAML Remote User VPN – Secure User Access to Cloud Resources

Aviatrix Multi-Cloud Networking Platform provides an end-to-end secure network solution for multiple cloud enterprises. Smart SAML Remote User VPN is a cost effective, easy to deploy service enabled by the Aviatrix Cloud Network Platform. A feature-rich client VPN solution, the Aviatrix client is based on OpenVPN® and supports SAML authentication. If SAML authentication is not required, the solution is compatible with any OpenVPN client.

KEY HIGHLIGHTS
Aviatrix Smart SAML Remote User VPN is designed for the cloud and delivers the following benefits:

  • Centrally managed VPN – Visibility of all users, their connection history, and all certificates across your multi-cloud network.
  • Multiple authentication options – LDAP/AD, DUO, MFA, Okta, Client SAML, and other integrations.
  • Profile-based Access Control – Each VPN user is assigned to a unique profile that defines network, host, protocol, and port access privileges. The access control is dynamically enforced when a VPN user connects to the public cloud through an Aviatrix Gateway.
  • Broad Client Support – Compatible with Aviatrix VPN SAML client or any OpenVPN® clients.
  • Scale-Out Performance – Aviatrix Gateway instances can be placed behind a network load balancer and scale to thousands of users.
  • Logging – Sessions, connection history, and bandwidth usage are logged and can be directly integrated with Splunk, SumoLogic, ELK, Remote Syslog, and DataDog.
  • Cost-effective – Low, connections-per-hour pricing. Optionally added to your AWS bill.

Secure user access to VPCs/VNets/VCNs is often overlooked by organizations when it comes to safeguarding their cloud environment. Allowing uncontrolled access by users will lead to data breaches. Users with unrestricted privileges can easily, even unintentionally, gain access to resources or data that they should not have access to. This creates business risks and violates regulatory compliance. Organizations under corporate and regulatory compliance must demonstrate that they have controls in place to restrict access and provide accurate logging and reporting that documents enforcement. A policy-driven, scale-out, and geo-aware VPN solution with encrypted peering and central management console,  the Aviatrix Smart SAML Remote User VPN provides a secure network access solution for your enterprise admins, developers, and employees.

Why Aviatrix Smart SAML Remote User VPN?

Aviatrix Smart SAML Remote User VPN approach provides secure user access to the public cloud resources and has several advantages over traditional solutions such as a Jump host or Bastion host approaches.

Automated Network Load Balancer (NLB)

By default, a NLB is automatically launched by Aviatrix Controller. This NLB load balances the connection requests across multiple Aviatrix VPN Service Nodes. Depending on the scale, several Aviatrix Gateways can be added to handle additional volume of requests. When deployed with the NLB, only one certificate is required and is shared by all Gateways.

 

 

Profile-based Access Control Policies

Remote access administrators create profiles based on access requirements; for example, an employee may have more access than a contractor. Each profile applies security policies based on access control rules for IP address or address ranges, protocols, ports, VPCs or VNETs and more. A default “deny all” or “allow all” policy can be applied during profile creation. Profile-based access control enables flexible policies based on the users and user types, instead of a source IP address. The access control policy is dynamically applied to the Gateway (VPN attach-point) when a VPN user connects. The access controls for that user are only active when a user is connected. When a user disconnects, the security policy is deleted from the Aviatrix Gateway and re-applied at next access.

SSO and Multi-factor Authentication

Aviatrix provides seamless integration with OKTA, DUO, Active Directory and other enterprise Identity Providers, and is the only OpenVPN client that supports SAML from the client software.

SUMMARY

Aviatrix Smart SAML Remote User VPN secures user access to cloud resources and provides centralized visibility into all users, connection history, certificates across your multi-cloud network. Seamless integration with AWS Route 53 and Azure DNS for geolocation optimizes user experience for traveling employees.

Technical Benefits

  • Highly Available; Fault Tolerant
  • Profile-based access control; Multi-Factor Authentication (MFA)
  • Supports split or full tunnel
  • Supports TCP/UDP protocols
  • Simple end-user certificate management
  • Supports NLB to load balance and scale-out user requests
  • Centralized management
  • Integrated audit logging (view in the Aviatrix console or integration with Splunk, Sumologic, Datadog, and other tools)
  • Supports Geolocation, allowing VPN users to connect to their nearest VPN gateway

For more details, check out docs.aviatrix.com or connect with our technical solution engineer through aviatrix.com online chat.

DOWNLOAD .PDF