I’m new to the cloud. What VPN solution is the best option if we have several servers hosted in Azure and want secure remote access?
As far as I understand, we have Azure VPN Gateway, which provides a site-to-site or vNet-to-vNet connection. The more I read about it, the more it gets complicated.
If someone has implemented the VPN solution on Azure, I would like to hear about your experience.
At work we use Azure Bastion for all things Azure. Personally to connect to machines hosted in different providers I use Tailscale, which I also consider business ready.
I have set up Azure Gateways for both Site to Site and Point to Site. With point to site you can even set it up as a always on VPN via Intune or other managment system for endpoints.
Are several alternatives to VPN depending on your exact goals.
Azure bastion for remote admin access to servers.
AVD pool. Cloud be shared for large numbers of users or personal for just a few.
Windows 365 Cloud PCs for enterprise, simular to AVD but slightly less setup and only personal/dedicated devices per user.
I also have some servers hosted in AWS and plan to move all of them to Azure. However, I’m seeking a way to create a safe connection between these two.
I have the same issue here maybe bigger
I am working to find a security solution
We dont have an on-prem domain or cloude
I want something to make users have a password to ligin and control them devices
We use mac windows and ios devices
Lots of good options already listed here, but if you have an established network team and there are plans to deploy any NVAs in Azure at some point you could also make your own VPN setup using them. Doing it this way right now for P2S and S2S on multiple different platforms.
Only for 365 resources and simular SaS solutions provided over HTTPS. For infrastructure and other things ZTA forms a small part of your overall security plan/goals.
I did this for on-prem to Azure. This doesn’t really help OP because I don’t know if they’re using 3rd party appliance firewalls, but I had SonicWall at the time and a SonicWall engineer helped me set up the site-to-site in Azure for the migration.
r/kingyuth, if you have a 3rd party firewall/VPN server with a service contract see if they’ll help you set it up. Otherwise AWS to Azure is probably common enough to find some youtube videos if you don’t have vendor support for the migration.
ZTA does not remove the need for a secure network, otherwise you can be compromised from the network (hello Fortinet CVEs every month or so). I wrote an ELI5 blog comparing zero trust solutions using Harry Potter analogies which may help - Demystifying Zero Trust Networking
Although I didn’t see OP ask for a ZTA based solution, secure access to internal systems could be granted via Azure Bastion combined with Policy rather than maintaining a VPN