VPN technology has come a long way in its evolution. Initially, VPNs were designed for businesses and corporate users. However, with the democratization of the internet and growing concerns for online privacy, everyday internet users became aware of the risks of working online, and began to seek secure ways of accessing the internet. This gave rise to personal (consumer) VPN service.
The personal VPN service is mostly used by individuals when browsing the internet to hide their IP, access blocked content, public Wi-Fi protection, online banking, etc. The corporate VPN service on the other hand is mostly used by businesses or corporations to securely connect remote offices or remote workers to the main office LAN. It provides secure remote access to private company resources. A typical example of a corporate VPN service is site-to-site VPN. You may have heard of site-to-site VPN and wondering what it is or if it is right for your business.
What Is a Site-to-Site VPN?
A site-to-site VPN allows a business with offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. This means, site-to-site VPN can be used to connect a branch or remote office network to a company headquarters network. Site-to-site VPN extends the company’s network, making computer resources from one location available to employees at other locations. An example of a company that needs a site-to-site VPN is a growing corporation with branch offices around the world.
The two main techniques for establishing a site-to-site VPN are:
- Internet VPN method
- Multiprotocol Label Switching (MPLS) VPN method
The difference between internet and MPLS VPN lies in the connections it uses and whether the customer network or the provider network performs the virtual tunneling. In internet VPN method, the customer’s network and the public internet infrastructure is utilized. In order to setup internet-based site-to-site VPN between two sites, a VPN gateway (router, firewall, VPN concentrator, or security appliance) such as the Cisco Adaptive Security Appliance (Cisco ASA) is required at both sites. The VPN gateway is responsible for encapsulating and encrypting all outbound data traffic from a particular site and sending it through a VPN tunnel over the public internet infrastructure to a peer VPN gateway at the target site. On receipt, the peer VPN gateway decrypts the content and relays the data toward the target host inside its private network.
MPLS VPN is a modern method of establishing site-to-site VPN. In this method, the VPN connection is established by connecting to a carrier-provided MPLS cloud instead of the public internet infrastructure. The service provider creates virtual connections between sites across its MPLS network.
The primary advantages of this type of VPN are ease of deployment and high network performance. MPLS VPNs are ideally suited for bandwidth-intensive and delay sensitive applications such as video conferencing and VoIP. The disadvantage of MPLS VPNs has always been cost. Private IP services, like MPLS are very expensive, particularly for international connections.
Is a Site-to-Site VPN Right for My Business?
Site-to-site VPN is a significant investment in terms of financial and human resource requirements. Most companies that use site-to-site VPNs have the VPN service provided by a business security solutions company such as Cisco, Palo Alto Networks, Checkpoint, etc. as part of a larger package of security services. Before considering such an investment, you need to first figure out if site-to-site VPN is right for your business. Some of the key factors to consider include size of business, geographical spread, number of locations and resource sharing requirements. If your business is spread across multiple locations and users in those locations need to access network resources located at the head office, you should consider deploying a site-to-site VPN.
For instance, consider a Lagos-based consulting firm that decides to open branch offices in New York, Beijing and London with ten to twenty staff in each location that need to access a shared file server, e-mail and other company network resources at the head office. One option is to use a dedicated connection from each site. But in this case, the network demands aren’t overly high, so a dedicated connection to each site does not make business sense. The company can purchase a local internet connection and create an internet-based VPN that connects the locations, saving literally thousands of dollars per month.
What Are the Alternatives to a Site-to-Site VPN?
There are other ways besides site-to-site to keep multiple locations and/or mobile workers remotely connected to the business LAN. These may be more convenient and practical solutions for small and medium scale businesses with multiple locations. Some of the popular alternative include:
Remote Access VPN: CorporateVPNs can be either site-to-site (connecting two or more networks) or remote-access (connecting a computer to a network). In a corporate setting, remote-access VPNs allow mobile employees to access their company’s intranet from home or anywhere in the world.
In a remote-access VPN, the devices used to access the network must have VPN client software installed or a web-based client. Whenever the device tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the internet to the VPN gateway at the target network. Upon receipt, that VPN gateway decrypts and relays the data traffic to the target host just like site-to-site VPNs.
Organizations with branch offices of not more than three to five staff for example, remote access VPN deployment may be best suited and more economical for them rather than connecting the two networks via site-to-site VPN.
SD-WAN VPN: SD-WAN (software defined wide area network) simplifies the management and operation of a WAN by separating the networking hardware from its control mechanism (software). As organizations become more geographically dispersed and utilize a growing number of cloud-based applications, traditional WAN networks are struggling to cope with such a dynamic business environment.
In the past, network management approaches were designed around fixed branch networks accessing on- premise applications. Today, deploying applications within the public cloud and connecting people and ‘things’ is the new norm. This shift is giving rise to an alternative VPN technology that is more dynamic – SD-WAN VPN.
It provides the cost benefits of Internet based VPNs with the performance and agility of MPLS VPNs. With an SD-WAN, organizations can replace at least some of their high-price MPLS circuits with more economical internet connections and use the optimization and multi-path capabilities of an SD-WAN to ensure performance stays high enough for each workload.
SD-WAN products can be physical appliances or virtual appliances, and are placed in remote and branch offices, corporate data centers, and increasingly on cloud platforms.
Cloud VPN: A Cloud VPN just as the name implies is a cloud-based VPN infrastructure that delivers VPN services. Many businesses are migrating their business applications to the cloud and employees are increasingly relying on their mobile devices to access these applications. While cloud service providers offer the network infrastructure, it does not provide security for personal mobile devices (BYOD) used by end users.
The objective behind cloud VPN therefore is to allow businesses to maintain and protect their private cloud resources by providing VPN access to end users through a cloud platform via the internet. For organizations whose business LAN environment or day-to-day business applications (such as ERP or Active Directory Services) have moved to the cloud, Cloud VPN offers the best alternative for cheap and secure access.
A typical example of a Cloud VPN provider is Perimeter 81, although most cloud service provides such as Google and Amazon also provide Cloud VPN services alongside.
Business VPN Plan from Consumer VPN Providers: For businesses that cannot yet afford investment in corporate security solution such as site-to-site VPN or any of the alternatives discussed above from the big names in corporate VPN solution providers; but still want to enjoy the security benefits of a VPN service, there are business VPN plans from consumer VPN service providers that you can take advantage of.
Although VPN products from consumer VPN providers are mostly targeted at individual users, nevertheless, some providers such as NordVPN, PureVPN, Torguard, Perimeter 81, etc. have solutions for small and medium scale businesses. The business VPN service plan is designed for multiple users or teams, with a dedicated server and IP address to guaranty quality of service (QOS).
Some of the benefits an organization can derive from purchasing business VPN plan from consumer VPN providers include:
- Remote access VPN to connect remote workers to the LAN
- Improved security for endpoint devices
- Security of company data in motion.
- End-to-end encryption
- Secure access to cloud applications
|Features||Site-to-Site VPN||Remote Access VPN||SD-WAN VPN||Cloud VPN||Consumer VPN Business Plan|
|Ideal for||Connecting two or more networks||connecting devices to a network||Connecting two or more networks||Cloud hosted infrastructure||Connecting to the internet|
|Ease of Deployment||Complex||Easy||Complex||Easy||Easy|
|Skill Level||Highly skilled labour||Skilled labour||Highly skilled labour||Skilled labour||Skilled labour|
|Performance||Very good||Good||Very good||Good||good|
Fig 1.0 Table comparing the various business VPN technologies
Site-to-site VPN enables organizations to securely connect geographically dispersed LANs in order to provide access network resources that aren’t geographically close to them.
The benefits of site-to-site VPN to an organization are numerous but this comes at a cost in terms of financial and human resources. There are other relatively affordable and more convenient alternatives for small and medium scale businesses with multiple locations to connect their LANs or remote workers. They include:
- Remote access VPN
- Cloud VPN
- Business VPN Plan from Consumer VPN Providers
The 21st century corporate data now routinely moves between geographically dispersed locations, multiple devices and the cloud. VPN creates encrypted tunnel for sensitive data to flow between the organization and those multiple destinations and back. This greatly reduces an organization’s overall risk exposure for data traveling through the cyber space (data in motion).