Using The Cloud to Surge VPN Capacity
If your campus has deployed a cloud-based VPN and you are willing to share your experiences with others, we’d like to hear from you!
Campus network operators use VPNs to both provide network access control, through user and device authentication, and maintain the privacy of the data over the public Internet through the use of encryption.
It may be practicable for campuses to surge their current VPN capacity through the use of servers hosted by a public cloud provider, such as Amazon, Google, or Microsoft. If a campus has secure access to a Virtual Private Cloud within a cloud provider, either via Internet2's Cloud Connect service or via site-to-site VPN, hosting a VPN server in the cloud may provide an option to increase capacity while maintaining an acceptable security poster.
The complexity of setting up a cloud-based VPN server varies. There are *many* YouTube videos that walk through the installation of OpenVPN in the cloud (e.g., search for OpenVPN install AWS). OpenVPN.com can even provide near turnkey solutions, for a fee, for an AWS, GCP, and Azure, OpenVPN-based service.
For many, the most complex part of the process is likely to be integrating the OpenVPN software with campus authentication service. The good news is that OpenVPN supports a variety of authentication methods.
Each campus must review its security infrastructure options to ensure they meet your institution's requirements. While Internet2's Cloud Connect provides traffic isolation, it doesn't encrypt traffic. The use of Internet2's I2PX as transport for site-to-site VPNs to the cloud can provide encryption between the cloud-based VPN server and campus.
We want to encourage campuses that have already implemented cloud-based VPN service to share their approach and technical details. If you'd be willing to share your experience, please send a note to firstname.lastname@example.org.
For more information about Internet2's response to the coronavirus, please check this page for regular updates.