VPN for Companies – “Bring Your Own Device” Made Easy
I have written about our Private Spaces earlier. A Private Space is essentially your own cloud server. It hosts a private network (VPN), and features an internal portal to connect its users and available services.
When you enter your Private Space and type “http://private.space” into your web browser, you can see connected users, their data usage (useful for checking your mobile phone data allowance), and services available within the Private Space, or provided by the Private Space itself.
We have now been using a Private Space at Enigma Bridge for more than a month now. As we have several office servers, I found access to our DevOps (software development) services the most useful feature.
We don’t trust most of web-based DevOps systems (like Jenkins) enough to expose them to the internet and they are only accessible from our office network. While that makes me feel comfortable with respect to security, it makes it sometimes impossible to use them when working remotely. One has to open a remote desktop or create a secure tunnel (typically with ssh).
I find it absolutely marvelous to just tap on an email link, open our Jenkins website, and check test results. No proxy setup for my web browser, no remote desktop to a Win machine that needs to be running. Just click and get there. As VPN clients are available for all platforms, we can access these local services from our laptops, iOS, Androids, etc.
We also have some data on a couple of Windows machines available through shared folders. As these machines are connected to our Private Space 24×7, we can easily access these files as well.
The design of Private Spaces if well suited to support secure use of own devices (BYOD). Users don’t need to remember any new passwords and connections can be setup with a few taps or mouse clicks. The security of connections is based on public key certificates issued by a certification authority (PKI) supporting its own Private Space. Signing keys themselves are inside the secure hardware.
Managing devices – adding new ones, removing retired, lost or stolen ones is a matter of seconds as well, as shown in a short video.
While we don’t enforce use of the VPN on mobile devices at all times, OpenVPN is a good option for secure access to your internal wiki, email server, or other shared resources when needed.
There is one thing though, which I didn’t expect. Very quickly, I got used to a little “VPN” sign next to the carrier name on my iPhone and I felt uneasy when I couldn’t immediately find it. I didn’t set the “seamless mode” so the client reconnects each time I wake up my iPhone and this takes a few seconds.