LOW-COST, SELF-HOSTED SECURE ACCESS SERVICE EDGE (SASE) SOLUTION USING AWS CLOUD INFRASTRUCTURE

Abstract

The proliferation of remote work and the need for secure, private access to corporate resources have heightened the necessity for robust Virtual Private Network (VPN) solutions, particularly for organizations handling sensitive data. This research paper introduces a low-cost, self-hosted Secure Access Service Edge (SASE) solution, utilizing cloud infrastructure to establish a scalable enterprise-grade VPN. The proposed system is entirely developed using open-source tools and operates across three Amazon Web Services (AWS) Virtual Private Clouds (VPCs) located in different geographic regions. Our methodology leverages a combination of pfSense for network security, OpenVPN for establishing secure tunnels, and iPerf for monitoring network performance. This blend of technologies ensures a comprehensive approach to network security and management, providing an end-to-end solution that maintains privacy and data integrity without the financial burden of commercial VPN services. The key to our approach is the integration of these tools within AWS's scalable environment, facilitating secure communication channels between distributed resources while enabling effective network management and threat mitigation. The system's architecture is designed to be both resilient and flexible, accommodating the dynamic needs of enterprises without compromising on security. Through the strategic placement of VPCs in different AWS regions, we ensure reduced latency and increased redundancy, which are critical for maintaining high availability and performance in enterprise applications. This geographical dispersion also aids in risk mitigation, particularly in the face of region-specific disruptions. An extensive experimental setup tests the viability and performance of the proposed SASE solution under various scenarios, including cross-regional data transfers, high-traffic conditions, and simulated network attacks. These experiments are critical in validating the resilience and scalability of the solution, providing empirical evidence to support its deployment in sensitive applications. Our research contributes to the field by demonstrating that a self-hosted, cloud-based SASE solution can achieve enterprise-level security and performance at a fraction of the cost of traditional VPN services. This paper not only explores the technical implementation of such a system but also examines its operational and economic benefits, making it a valuable reference for organizations seeking to enhance their network security infrastructure economically.