3.6. Secure Connection Considerations#
Providing fast preventive service, maintenance and, when necessary, incident responses requires that a team of experts accesses the provisioned infrastructure in a secure way. There is a variety of options to meet the needs of diverse types of initiatives.
Bastion Server: This is a type of server that is designed to be the single point of entry for secure access to a private network. When you connect to a Bastion Server, it acts as a secure jump server that provides access to other servers on the network. This is a highly secure method of accessing remote resources because the Bastion Server is the only point of entry and is tightly secured. Normally this Bastion is configured to be accessed only by certain IP addresses such as the public IP of our company network.
Site-to-Site VPN: This type of VPN allows two remote networks (ours and your provisioned infrastructure) to securely connect to each other over the internet, creating a secure “tunnel” for data to flow through. AWS’s VPN service o a similar alternative can be used to provide this type of connectivity.
Remote Access VPN: This type of VPN allows an expert team to securely connect to the provisioned infrastructure’s network from a remote location. When connecting to a Remote Access VPN, it creates a secure “tunnel” for data to flow through. The provision of this Remote Access VPN falls under the IT department of the initiative.