Use Case: Replacing Legacy VPN

This guide provides step-by-step instructions for replacing a legacy VPN with mud.band.

Use Case Scenario

A small business with 20 employees wants to replace their aging legacy VPN solution with mud.band. The current VPN is difficult to maintain, has frequent connection issues, and requires significant IT resources to manage user access.

Requirements

• Windows, macOS, or Linux computers for all employees
• Internet connection
• mud.band application packages for all required platforms
• Administrative access to create and manage bands

Step-by-Step Guide

1. Assessing Current VPN Usage

Before migrating from a legacy VPN to mud.band, assess your current VPN usage:

1. Identify all resources accessed through the VPN (file servers, internal applications, databases)
2. Document current user access permissions
3. List all devices and platforms that need access
4. Determine security requirements and compliance needs

2. Installing mud.band

All employees need to install mud.band:

1. Download the appropriate installation package for each platform from the mud.band official website
2. Distribute the installation packages to all employees
3. Provide installation instructions for each platform
4. Verify successful installation across all devices

3. Creating a Private Band (Administrator)

The IT administrator should create a private band for the organization:

1. Open https://www.mud.band/ with a browser and login with your mud.band account
2. At the dashboard, select "Create a band"
3. Enter a band name (e.g., "Company Network") and description
4. Select "Private Band" for the band type
5. Click "Create" to generate the band
6. At the "Enrollment Token" menu of the band, create enrollment tokens for employees

4. Joining the Band

Employees

Employees need to join the private band:

1. Launch the mud.band application
2. Select the "Enroll" option
3. Enter the enrollment token received from the administrator
4. Click the "Enroll" button
5. When enrollment is successful, click the "Connect" button
6. Verify connection to the band

Devices / Servers / Services

To allow the access to the device / server / service such as a file server, database, or internal application, the device / server / service needs to be configured to listen for incoming connections on the band's network.

Two options are available:

1. You can install a mud.band client on the device / server / service. And run and enroll it to the band. With this option, the employee could connect to the device / server / service using the mud.band client directly.

2. If you don't want to install a mud.band client on the device / server / service due to a complicated reason, you can set up a proxy node with the mud.band client. You can configure the proxy node to listen for incoming connections on the band's network and let a proxy forward the traffics to the original device / server / service. With this option, the employee could connect to the device / server / service via the proxy node. You can set up a proxy node as follows:

   • Set up a linux box and install the mud.band client. Run the mud.band client in the linux box.
   • Enroll the device to the band and keep the connection alive. When it joins the band, the private IP address of the device is allocated by the band. And you can see it in the console.
   • Set up a proxy service using haproxy or nginx. Configure it to listen for incoming connections on the band's network. And forward the connections to the private IP address of the device / server / service.

   With this approach, the employee could connect to the device / server / service using the private IP address of the proxy node.

5. Configuring Access Controls

Set up appropriate access controls for your organization:

1. Navigate to the band management interface
2. Configure access control lists (ACLs) to restrict access to specific resources
3. Test access to ensure proper permissions are in place

6. Migrating Services

Gradually migrate services from the legacy VPN to mud.band:

1. Start with non-critical services to test functionality
2. Document IP addresses and network configurations for internal resources
3. Update documentation for employees on how to access resources through mud.band
4. Implement a phased approach to minimize disruption

7. Testing and Verification

Before fully decommissioning the legacy VPN:

1. Test all critical applications and services through mud.band
2. Verify that all employees can access required resources
3. Conduct performance testing to ensure adequate speed and reliability
4. Address any issues or connectivity problems

Troubleshooting

If issues occur during migration:

1. Verify that all users have the latest version of mud.band installed
2. Check that users are properly connected to the correct band
3. If you use a proxy node, check that the proxy node is properly configured
4. Ensure firewall settings allow mud.band traffic
5. Review ACL configurations if access issues occur
6. Temporarily maintain legacy VPN access until all issues are resolved

Benefits Over Legacy VPN

• Simplified Management: Easier user management through the band interface
• Improved Security: Modern encryption and access controls
• Reduced IT Overhead: Self-service enrollment reduces IT support needs
• Better Performance: Optimized connection protocols improve speed and reliability
• Cross-Platform Support: Consistent experience across all devices and platforms
• Scalability: Easily add new users without complex configuration

Post-Migration Considerations

After successfully migrating to mud.band:

1. Document the new network architecture
2. Provide training for employees on using mud.band effectively
3. Establish monitoring and support procedures
4. Create a backup plan in case of service disruptions
5. Schedule regular reviews of access permissions and security settings

By following this guide, organizations can successfully replace their legacy VPN solutions with mud.band, resulting in improved security, performance, and user experience.