Enhancing security and efficiency for Ruter AS with Client VPN
Ruter AS is a company for public transport in Norway’s capital Oslo and parts of Viken (formerly Akershus county) and with approximately 400 million public transport journeys each year Ruter operates more than half of Norway’s public transport.
The company currently has over 150 developers and a team dedicated to providing AWS services and solutions internally withing Ruter, to support various internal and public facing applications hosted on AWS EKS.
Ruter AS uses the Client VPN to provide secure, standardised access, boosting development speed and reducing costs
Streamlining access and security with AWS Client VPN for Ruter
Ruter needed a unified, secure solution for developer access to AWS and VPCs, replacing custom methods, with the requirements listed below:
Ruter AS uses AWS Client VPN for secure, standardised access, boosting development speed and cutting costs
Orange business suggested AWS Client VPN as a solution, and after an initial proof of concept this was accepted, and a production solution was designed and implemented by using Terraform.
The solution consisted of a central Client VPN endpoint (multi-AZ) in a locked down “networking” account, in combination with AWS SSO for user authorization. The benefit of this architecture, is that only one endpoint needs to be managed.
SSO allows new employees to automatically gain access to applications as soon as they are onboarded.
The VPC containing the VPN endpoint was given routing access to other AWS accounts and workload VPC’s via Transit Gateway. Each workload allows traffic from the VPN endpoint VPC, and each user is granted access to specific workloads via VPN authorizations and SSO groups.
The VPN solution is managed by Orange Business, however authorized people from Ruter can submit changes to authorizations via an ITIL process.
Enhancing Ruter’s efficiency and security with AWS solutions
After implementation, Ruter has been able to standardize access to AWS for all teams. Being able to access and work on applications directly from local machines, has been a time saver for developers and allowed Ruter to remove custom (3rd party) methods from the environments. This has increased the development speed as well as decreased the running costs.
The solution has shown to be reliable and performant, and consequently, enhanced the security level.
Moreover, Orange Business has made Ruter’s DevOps practices more effective, where developers can focus on core competencies, drive innovation, and deliver value to their customers.
Ruter’s AWS environment is protected by a baseline security solution, i.e. Orange Business Landing Zone, included in the Cloud Foundation service. The Landing Zone is built on best practice and it enables the customer to scale without risk to lose the control over the security requirements.
Orange Business Managed Services enables DevOps and Security teams to easily access a broad set of AWS knowledges in one place. As part of the Managed Services agreement, a Customer team is appointed to serve Ruter to ensure consultants with domain specific skills are available for projects, requests and troubleshooting. Thanks to the collaboration with Orange Business, Ruter can continue to leverage new AWS capabilities. The AWS usage grew from an already high level with approximately 23% between July 2022 and July 2023.