I’m new to the cloud. What VPN solution is the best option if we have several servers hosted in Azure and want secure remote access?
As far as I understand, we have Azure VPN Gateway, which provides a site-to-site or vNet-to-vNet connection. The more I read about it, the more it gets complicated.
If someone has implemented the VPN solution on Azure, I would like to hear about your experience.
Thanks in advance for sharing.
At work we use Azure Bastion for all things Azure. Personally to connect to machines hosted in different providers I use Tailscale, which I also consider business ready.
I have set up Azure Gateways for both Site to Site and Point to Site. With point to site you can even set it up as a always on VPN via Intune or other managment system for endpoints.
Are several alternatives to VPN depending on your exact goals.
Azure bastion for remote admin access to servers.
AVD pool. Cloud be shared for large numbers of users or personal for just a few.
Windows 365 Cloud PCs for enterprise, simular to AVD but slightly less setup and only personal/dedicated devices per user.
I also have some servers hosted in AWS and plan to move all of them to Azure. However, I’m seeking a way to create a safe connection between these two.
I have the same issue here maybe bigger
I am working to find a security solution
We dont have an on-prem domain or cloude
I want something to make users have a password to ligin and control them devices
We use mac windows and ios devices
I thought the move to ZTA removed the need for VPN.
Zscaler or Window 365 Cloud PC. I prefer the latter.
100% use ZeroTier.
There are a number of equally good alternative VPN providers but none as simple and secure as ZeroTier.
Create your ZT network and join in (by placing the ZT driver on the server).
I would configure default routes in your ZT network and deploy a DNAT gateway in the DMZ network of Azure and AWS.
I’d be happy to go through this with you and help you deploy it. It’s a 5 minute job.
Edit
The cloud VPN solutions are costly. But Azure Bastion is very cool. It’s just not going to give you one network across both cloud providers.
How much can you spend per seat, how many seats do you need?
Lots of good options already listed here, but if you have an established network team and there are plans to deploy any NVAs in Azure at some point you could also make your own VPN setup using them. Doing it this way right now for P2S and S2S on multiple different platforms.
Directaccess.com will answer all your questions. If not email Rich (the owner of the site)
Sorry, wrong link. Here it is. http://directaccess.richardhicks.com/
Azure VPN gateway has a point to site VPN for WFH fo
If you have to choose, do you think Always on VPN is a good long term solution compare to Azure VPN Gateway?
Azure VPN gateway has a point to site VPN for WFH folks. It can use azure ad for auth and it’s a breeze to set up and configure. We use it a lot.
The site to site VPNs are equally easy to configure and use.
Edit: for moving the servers, I’d recommend azure migrate.
ZTA
Can you explain to me how ZTA remove the need for VPN?
Only for 365 resources and simular SaS solutions provided over HTTPS. For infrastructure and other things ZTA forms a small part of your overall security plan/goals.
You use Azure VPN gateway point to site setup as the end point for the always on VPN, so not sure what your asking.
I did this for on-prem to Azure. This doesn’t really help OP because I don’t know if they’re using 3rd party appliance firewalls, but I had SonicWall at the time and a SonicWall engineer helped me set up the site-to-site in Azure for the migration.
r/kingyuth, if you have a 3rd party firewall/VPN server with a service contract see if they’ll help you set it up. Otherwise AWS to Azure is probably common enough to find some youtube videos if you don’t have vendor support for the migration.
ZTA does not remove the need for a secure network, otherwise you can be compromised from the network (hello Fortinet CVEs every month or so). I wrote an ELI5 blog comparing zero trust solutions using Harry Potter analogies which may help - Demystifying Zero Trust Networking
Although I didn’t see OP ask for a ZTA based solution, secure access to internal systems could be granted via Azure Bastion combined with Policy rather than maintaining a VPN