Secure network connectivity across distributed clouds for SMBs

Authored in partnership with Alex Feiszli from Netmaker.

With remote work becoming more and more popular in recent years, many small- to medium-sized businesses (SMB) and startups have remote employees and cloud workloads across multiple regions. This can create complex networking challenges that many businesses struggle to solve. The following diagram illustrates complex network configurations as a result.

networking diagram

In these scenarios, there are two primary questions that businesses are asking themselves.

1. How do I enable secure access for all of my developers?

2. How do I connect my workloads securely?

WireGuard is one option which has multiple benefits for startups and SMBs looking to securely connect to a network. Some of its benefits include:

  • It is extremely fast, relative to older VPNs like OpenVPN. If configured correctly, WireGuard has a negligible impact on network performance, making it ideal to use with cloud infrastructure.

  • It is very simple to configure, allowing users to create complex networks easily.

  • It uses a new cryptographic handshake called the Noise Protocol, which is faster and more secure than the traditional SSL/TLS based handshakes.

  • It uses more modern and security cryptography (ChaCha20-Poly1305 encryption algorithm).

  • Because of its low overhead, WireGuard is deployed on a wide range of devices and platforms, including mobile and embedded systems. In fact, it’s now in the Linux kernel, so it will run on most servers and devices by default

By using a WireGuard VPN, businesses can deploy powerful, secure networks as shown in the diagram below.

network diagram

Some advantages include:

  • You can create as many virtual networks as needed (development, production, etc.)

  • You can add any of your compute solutions (Droplets, virtual machines, Kubernetes) into a desired network.

  • Your resources will continue to work as expected, for example:

  • SSH to public IP will work, unless you configure otherwise.

  • Internet connectivity from the VM will work fine.

  • End user traffic (from the internet to a load balancer to a Droplet) will work fine.

  • Connection to other resources (eg managed database) will work as is.

  • The virtual network adds an additional private IP address to the resource that can be used for secure communications from anywhere.

  • You will be able to securely connect from end clients (e.g. developer laptops) to your cloud resources.

  • You will be able to securely connect cloud resources over the internet (e.g. servers, databases).

  • You will be able to automate the rollout (e.g. via cloud-init) of new Droplets so they join the VPN network automatically.

  • For Kubernetes, you can deploy a VPN gateway and provide access to the cluster’s pod and service networks.

  • The system works even behind NAT (network address translation) gateways.

Netmaker for Distributed Cloud Networking

Netmaker is available on the DigitalOcean Marketplace as a 1-click application. It provides the following benefits.

  • Automated WireGuard networks

  • Secure remote access for employees.

  • Secure connections between droplets and kubernetes across regions.

  • Secure connections between inter-cloud workloads.

  • Gateways to reach external networks.

Netmaker comes with both a community and licensed edition. It is fairly easy to get started with Netmaker. Here is an 8 min walkthrough video that will help you set up a secure virtual network using Netmaker. DigitalOcean customers can get a 50% discount for DigitalOcean customers with promo code DIGITALOCEAN2023 (valid through December 2023), so you can start using it today!

source