- Ease of use for the end user:
- Put in CD
- Boot machine
- Type in private key password
- Log into work desktop and work as usual
- Ease of use for the administrator(s):
- Key generation is separate from use.
- A user's access can be specifically revoked (without affecting their work desktop) using a single command.
- All new users can be denied by shutting down the openVPN server process on the server.
- All connections can be broken by shutting down the entire server; this will also deny future access until the server is brought back up and the end user reboots.
- The CD build process can be automated for ease of creation.
- The openVPN logs can be used to determine (or trace) nefarious or out-of-policy computer use.