Highlighted resources

Now Is The Time to Retire Your VPN

Avatar photoFredrik Jansson
Published on:December 2, 2024

Many of our users face the challenge of accessing their software running on end-customers’ networks. Often, a VPN is set up, which can be both costly and time-consuming to implement and maintain.

In this blog post, I’ll explain why our customers no longer need VPNs.

Why a VPN?

There are often a couple of factors that drive the need for a VPN.

The first is as simple as updating software on customer networks. In this scenario, a VPN tunnel is established, and the software vendor connects to the machine to update their software.

The Avassa Edge Platform handles installing and updating applications as its core functionality.

Visitor-counter deployment dashboard showing status, application versions, site instances, and 'Continue deployment' prompt.
Screenshot

The second driver for VPNs is log gathering and troubleshooting software. Developers often need access to logs and sometimes to the running—or crashing—software itself. This scenario also requires establishing a VPN and connecting to the machines.

The Avassa Edge Platform also handles this. Logs are continuously collected and can be accessed either from the Control Tower or forwarded to another location.

Avassa Edge Platform handling VPN retirement with continuous log collection accessible via Control Tower or forwarded to another location.
Screenshot

Avassa also provides remote terminal access to the container itself.

Avassa Control Tower view of the Stockholm Cluster running the "visitor-counter" container on host "stockholm-2" with active processes shown via ps aux.

The third reason for VPNs is the ability to allow someone to connect to an application or some other host on the customer’s network. This something can be a local web application or some other host that doesn’t run the Avassa Edge Enforcer. Bring up the VPN, connect the browser and go.

In the Avassa Platform we have a feature simply called connect.

Connecting to an application or host

An example follows: I have an application that exposes a web server on port 8080 on a remote network. To setup a port forward to this application:

supctl do --site stockholm-cluster applications hivemq-edge service-instances mqtt-1 connect tcp 8080 --bind 8080

This tells supctl to bind a local port 8080 and connect that port to port 8080 in the application.

Now I can simply point my browser to localhost:8080 and supctl will forward the traffic back and forth between the browser and the remote web application.

Image showing how to point the browser to localhost:8080, with supctl forwarding traffic between the browser and the remote web application.
Screenshot

The same command can also be used to connect to another host on the network, in this example we setup forwarding to another host

supctl do --site stockholm-cluster applications hivemq-edge service-instances mqtt-1 connect tcp 22 --ip-address 192.168.4.14 --bind 2222

And I can ssh to this machine

ssh -p 2222 debian@localhost

Linux stockholm-1 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
debian@stockholm-1:~$

Conclusion

No more hassle with open ports or spending weeks on VPN setups. With the Avassa Edge Platform, our customers can finally retire their VPNs and streamline daily operations with ease.