-: Hey everyone and welcome back.

Now, in today's video

we will be discussing about the AWS Client VPN.

Now again, this is a great feature that was launched by AWS

because lot of organizations who were requesting it

because, running a VPN on top of a EC2 instances

comes with its own set of challenges.

Now, before we go ahead and discuss about the Client VPN,

let's go ahead and go a step back

and understand on how things used to be implemented

extensively before this feature was introduced.

Now, in the older type of architecture,

what organizations used to do,

they used to install a VPN on the EC2 instance.

So you would have a EC2 instance in a public subnet,

which will have a VPN software installed.

And the local computer of the employees would connect

to the VPN that was installed on the EC2.

And then the traffic used to be routed

to the EC2 instances that were part of the private subnet.

Now this type of architecture is perfect.

In fact, you can do a lot of customizations here.

But it comes with its own set of challenges.

Now, before we go ahead and discuss about the challenges,

let me quickly show you this.

Now, currently within AWS, I have one EC2 instance running.

And, I have installed the OpenVPN on top of it.

So let's quickly log into our OpenVPN Access Server here.

So this is how the OpenVPN Access Server looks like.

These are all the configurations.

And in fact you can do various things like

TLS network, advanced VPN settings,

failover management, certificate authority management,

and so on.

So lot of interesting things

and lot of customization you can do,

if you have the VPN installed over EC2 instance.

Now again, it comes with its own set of challenges here.

So let's go ahead and discuss on those.

Now one of the first challenges is

the high availability part.

What if the VPN itself goes down

or the EC2 instance where the VPN is running goes down?

So what you need to do is you have to go ahead

and set the high availability configuration.

So you need to know how to do that

based on the VPN software that has been used.

For example, for OpenVPN Access Server,

if I'll quickly go to the failover.

Within nearby default you do not really have any redundancy.

But in case if you choose to do that,

then you'll have to specify various configurations

related to primary node, secondary node,

and various others.

So you have to do everything

related to the VPN and the failover configurations

yourself.

And if things are not working properly,

you'll have to fix it.

So that is related to high availability.

Second primary issue that organizations would face

is related to patch management.

I still remember,

in the organization where we used to work with,

we were only two people in the security team.

Me and my manager.

And, we used to handle the VPN for the entire organization.

And every moment, maybe Saturday, Sunday,

any user would always be connected.

So, when you do a patch management

and if you had to restart the instance,

the user would be disconnected.

And there would be a ticket that would be raised.

So this is one of the primary challenges.

Many times what happens after you do a patch management,

the VPN software itself runs into some issues.

So you have to do lot of testing

when you do a patch management on a monthly basis.

Then, the next challenge is related to

upgrade of a VPN software.

The next challenge is related to performance optimization.

Again, this is where you spend lot of time.

Users are complaining VPN is running slow,

they're not really able to open the websites

in the private EC2 instances, and so on.

And the fifth is VPN server configuration.

Like for example, you have a OpenVPN Access Server.

You need to know in great detail about that

and all of the important configurations.

So these are some of the challenges that you will face,

if you decide to install VPN on a EC2 instance.

And, in order to overcome this,

you have the AWS Client VPN.

So, very simple approach.

What you do here

is you go ahead and create a Client VPN endpoint,

which is basically a managed VPN service

that enables you to securely access your resources.

As well as the resources on your on-premise network.

So now since this is a managed service,

you do not really need to worry about

performance issues related to issues

going down the patch management,

the upgradation of the VPN softwares, and so on.

So this is really a pain relief

for the administrators who

handled the VPN for the entire organization.

Now, let me also quickly show you this.

Now currently within the AWS Console,

I have a Client VPN that is running.

And this Client VPN provides us great amount

of configuration.

Like association, the authorization.

You can create the route entries.

You'll know what are the clients that are connected

to and so on.

So very straightforward way,

go ahead and create Client VPN.

Go ahead and create the appropriate users.

And now, the entire area related to

high availability, patch management,

upgrade, performance optimization,

is no longer your headache.

The VPN server configuration in a way, you are responsible.

Because, you have to go ahead and create

right set of routing,

the right set of association, and so on.

But it is not really complex as

creating your own VPN based configuration from scratch.

Now let me in fact show you.

So currently in AWS, I have two EC2 instances

that are running.

One among them is the OpenVPN,

where we had installed the access server.

And second one is a random EC2 instance

that I just launched for testing.

So what we'll do, we'll connect to our Client VPN

that we had created via the AWS.

And we'll look into how we can connect to these instances

via Private IP.

So currently within my OpenVPN Connect Client,

I already have the profile associated

with the Client VPN imported.

Let's go ahead and quickly connect it.

And great, we are connected.

And this connection is made to the Client VPN endpoint.

So now let's do one thing.

Let's go ahead and copy the Private IP associated

with one of the instances.

Let's copy the Private IP.

And from the CLA,

let's go ahead and try to ping to this IP.

And you see, the ping is working perfectly well.

Similarly, if you look into the connections,

you should see one connection that is available.

And you get great details related to

this specific connection as well.

Now, in case if you require,

you can also terminate the connection.

Let me also show you this.

Great, so the connection is terminated.

And when you try to ping the Private IP once again,

you see you are not really able to do that.

Great.

So that is a very high level overview

about the AWS Client VPN.

And the benefit it provides when compared to

installing the VPN software on top of EC2.

So with this, we'll conclude today's video.