Ruter

Ruter AS

Implementation of Client VPN for Ruter AS

  • Centralized VPN Endpoint
  • AWS SSO Integration
  • Improved Development Efficiency
Implementation of Client VPN
 

Enhancing security and efficiency for Ruter AS with Client VPN

In an increasingly digital and rapidly changing world security and time-to-market are business-critical to commercial success. The company Ruter AS is responsible for public transport in Norway’s capital Oslo and parts of Viken. Ruter had various methods for developers to get access to applications. As such, security, development speed and costs were not optimized. In this case, a Client VPN solution enhanced this and enables Ruter to leverage the AWS platform in a more efficient way.

Ruter AS is a company for public transport in Norway’s capital Oslo and parts of Viken (formerly Akershus county) and with approximately 400 million public transport journeys each year Ruter operates more than half of Norway’s public transport.

The company currently has over 150 developers and a team dedicated to providing AWS services and solutions internally withing Ruter, to support various internal and public facing applications hosted on AWS EKS.

Ruter AS uses the Client VPN to provide secure, standardised access, boosting development speed and reducing costs

Streamlining access and security with AWS Client VPN for Ruter

Ruter needed a unified, secure solution for developer access to AWS and VPCs, replacing custom methods, with the requirements listed below:

Reliable access management
Secure user authorisation
Standardised team solution
Ruter

Ruter AS uses AWS Client VPN for secure, standardised access, boosting development speed and cutting costs

Orange business suggested AWS Client VPN as a solution, and after an initial proof of concept this was accepted, and a production solution was designed and implemented by using Terraform.

The solution consisted of a central Client VPN endpoint (multi-AZ) in a locked down “networking” account, in combination with AWS SSO for user authorization. The benefit of this architecture, is that only one endpoint needs to be managed.

SSO allows new employees to automatically gain access to applications as soon as they are onboarded.

The VPC containing the VPN endpoint was given routing access to other AWS accounts and workload VPC’s via Transit Gateway. Each workload allows traffic from the VPN endpoint VPC, and each user is granted access to specific workloads via VPN authorizations and SSO groups.

The VPN solution is managed by Orange Business, however authorized people from Ruter can submit changes to authorizations via an ITIL process.

Implementation of Client VPN-Ruter

Enhancing Ruter’s efficiency and security with AWS solutions

After implementation, Ruter has been able to standardize access to AWS for all teams. Being able to access and work on applications directly from local machines, has been a time saver for developers and allowed Ruter to remove custom (3rd party) methods from the environments. This has increased the development speed as well as decreased the running costs.

The solution has shown to be reliable and performant, and consequently, enhanced the security level.

Moreover, Orange Business has made Ruter’s DevOps practices more effective, where developers can focus on core competencies, drive innovation, and deliver value to their customers.

Ruter’s AWS environment is protected by a baseline security solution, i.e. Orange Business Landing Zone, included in the Cloud Foundation service. The Landing Zone is built on best practice and it enables the customer to scale without risk to lose the control over the security requirements.

Orange Business Managed Services enables DevOps and Security teams to easily access a broad set of AWS knowledges in one place. As part of the Managed Services agreement, a Customer team is appointed to serve Ruter to ensure consultants with domain specific skills are available for projects, requests and troubleshooting. Thanks to the collaboration with Orange Business, Ruter can continue to leverage new AWS capabilities. The AWS usage grew from an already high level with approximately 23% between July 2022 and July 2023.