# Software remote access-to-Amazon VPC connectivity options
With software remote access VPN, you can leverage low cost, elastic, and secure services to implement remote-access solutions while also providing a seamless experience connecting to AWS hosted resources. This option is typically preferred by smaller companies with less extensive remote networks or who have not already built and deployed remote access solutions for their employees.
You can combine these patterns with the [Network-to-Amazon VPC connectivity options](network-to-amazon-vpc-connectivity-options.md) connectivity options and [Amazon VPC-to-Amazon VPC connectivity options](amazon-vpc-to-amazon-vpc-connectivity-options.md) to create a network that spans remote networks and multiple VPCs.
The following table outlines the advantages and limitations of these options.
| **Option** | **Use Case** | **Advantages** | **Limitations** |
| --- | --- | --- | --- |
| [AWS Client VPN](aws-client-vpn.md) | AWS managed remote access solution to Amazon VPC and/or internal networks | AWS managed high availability and scalability service | OpenVPN clients only |
| [Software client VPN](software-client-vpn.md) | Software VPN appliance remote access solution to Amazon VPC and/or internal networks | Supports a wider array of VPN vendors, products, and protocols Fully customer-managed solution | You are responsible for implementing HA solutions |
# AWS Client VPN
[AWS Client VPN](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html) is an AWS managed high availability and scalability service enabling secure software remote access. It provides the option of creating a secure TLS connection between remote clients and your Amazon VPCs, to securely access AWS resources and on-premises over the internet, as shown in the following figure.
![\[Diagram that shows securely accessing AWS resources over the internet.\]](http://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/images/aws-client-vpn-remote-access.png)
The remote clients can be the AWS Client VPN for Desktop, or third-party OpenVPN VPN clients, with authentication by either Active Directory or mutual certificate authentication.
## Additional resources
+ [AWS Client VPN Administrator Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html)
# Software client VPN
You can choose from an ecosystem of multiple partners and open source communities that have produced remote-access solutions that run on Amazon EC2. These solutions provide great flexibility on the security protocol use for remote-access into your Amazon VPCs, to securely access AWS resources and on-premises over the internet, as shown in the following figure.
![\[Diagram showing securely accessing resources.\]](http://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/images/software-client-vpn-remote-access.png)
Remote-access solutions range in complexity, support multiple client authentication options (including multifactor authentication) and can be integrated with either Amazon VPC or remotely hosted identity and access management solutions (leveraging one of the network-to-Amazon VPC options) like Microsoft Active Directory or other LDAP/multifactor authentication solutions.
You are responsible for managing the remote access software including user management, configuration, patches and upgrades. This design introduces a potential single point of failure into the network design as the remote access server runs on a single Amazon EC2 instance. For additional information, see [Appendix A: High-Level HA architecture for software VPN instances](appendix-a-high-level-ha-architecture-for-software-vpn-instances.md).
## Additional resources
+ [VPN appliances available from the AWS Marketplace](https://aws.amazon.com/marketplace/search/results/ref%3Dbrs_navgno_search_box?searchTerms=vpn)
+ [OpenVPN Access Server Quick Start Guide](https://openvpn.net/vpn-server-resources/amazon-web-services-ec2-tiered-appliance-quick-start-guide/)