ANNA makes open-source Terraform solution for OpenVPN Cloud
ANNA has collaborated with a virtual private network provider OpenVPN on improving their open-source integration for Terraform. We’re sharing the story of how this collaboration came to be and what it means for ANNA customers.
ANNA worked on the development of an OpenVPN Cloud extension for Terraform, a cloud-based solution for setting up IT infrastructure. It was helpful to ANNA because we use OpenVPN Cloud to protect our systems and need to manage who has access to what – especially when people join and leave and need their accounts everywhere established or revoked. But it also helped OpenVPN, as their product is now featured on Terraform registry (a kind of an app store for Terraform integrations).
What exactly is Terraform?
Terraform is a platform that lets system administrators in IT companies set up and manage their companies’ infrastructures (e.g. a Gmail server with mailboxes for all employees of the company) using relatively simple code language – so it’s much easier than setting up systems manually.
So, let’s say you need to set up new work emails and Google Docs access for 15 new employees – you could use Google’s G Suite admin panel to create each of the new accounts manually, set up access rights and restrictions, and add specific people to groups relevant to their jobs. For example, 5 of those 15 people are support agents who need access to group email inboxes. That’s a lot of manual work, and you have to remember to update everything if someone leaves.
Terraform makes things much easier – all your company’s security engineer has to do is write a few lines of code and execute it in Terraform. The new Google accounts will be created automatically, with all the relevant accesses and restrictions. And when someone leaves the company, you only need to remove the user in Terraform and they’re automatically removed from all connected systems. We’re used to this approach in the everyday apps we use, but in company network security terms, it’s almost magic.
For that magic to happen, you need the software that you’re using to be able to integrate with Terraform – and it happens so that a lot of popular software products (like Google’s Gmail and G Suite) are able to do it.
What is OpenVPN?
A VPN (Virtual Private Network) lets you access the Internet securely by encrypting all the data that goes to and from your computer. Open VPN is one of the most popular providers of VPN services. They have become a standard in network security, and OpenVPN Cloud is one of their most popular services.
From a business perspective, which OpenVPN focuses their services on, VPN is a must-have data security tool for any company working with sensitive client data. Companies use VPN services to restrict access to internal systems and sensitive information (including data about customers). If an employee of a company needs access to specific information, they install a VPN app on their computer, and they are issued a personal VPN certificate. It works like an electronic key used to “unlock” otherwise encrypted data – without it, the employee can’t access the company’s internal resources. Needless to say, financial companies need to take every necessary step to protect their customer’s data, and ANNA is no exception. Anybody at ANNA working with customer data can only access it using a dedicated VPN certificate with multi-step authentication.
How did ANNA contribute to OpenVPN and Terraform?
Because we use OpenVPN a lot we often need to do some VPN certificate management: issuing certificates for new employees, managing access to different internal systems, and making sure we revoke the certificates of those who leave the company. As we mentioned earlier, this process is slow and mistakes can creep in. And since we already use Terraform for managing many of our systems, we started looking to integrate it with OpenVPN as well.
Terraform has its own registry of available integrations – called “providers” – they’re almost like small apps for the Terraform platform that provide access to outside systems. There was already one provider for OpenVPN listed there, developed by an independent programmer called Pato Arvizu, who provided it on an open-source basis, so it was available for free and available for new open-source contributions. It was already quite popular, without around 5,000 downloads a year, but it was also a bit outdated and the original developer wasn’t interested in actively developing it.
We believed that the provider’s functionality was potentially useful not just to us but also to other companies using OpenVPN and Terraform, so we decided to improve the provider, commit to maintaining it, and share it on an open-source basis. We suggested the idea to OpenVPN, and they gladly accepted our offer. So we got to work!
Improvements and results
ANNA’s infrastructure engineers have made some improvements. We copied Pato Arvizu’s code repository (with his permission) and added some things that we needed, most notably: user management, role descriptions and updating dependencies.
In the first year of our updated OpenVPN Terraform provider’s release, it’s been downloaded by over 14,000 people – which makes us believe there was a real need for these improvements beyond ANNA. It helped that the updated solution appeared on our company Terraform account and company accounts tend to make for a more trustworthy impression.
On the ANNA side of this project, we got the infrastructure tool we needed so much, and we were pleased to develop it ourselves and contribute to the open source community.
In cooperation with OpenVPN, we will continue to develop the Terraform provider and improve it for the entire open source community.
Since it is an open source project, we welcome everyone who wants to participate. Please feel free to create pull requests, open issues and follow this project on Github.
What’s in it for the ANNA customers?
- The Terraform provider is just one of the security measures that we constantly take to protect customer data, making sure only the right people at ANNA have access to it.
- We use quite a lot of open source solutions in our work (and we credit their authors), and we understand the importance of contributing to the open source community ourselves. In this particular case, it was as beneficial to us as we have seen it useful to other companies.
We should add that this isn’t a promotional post for either Terraform or OpenVPN. We’re just sharing an experience of helping improve a product we use. For more information about the collaboration, feel free to check OpenVPN’s blog post on their website.