Understand the differences, principles and typical use cases of two basic VPN forms and learn about the most recent approach that eliminates the need for over-combining various VPNs in a business environment.
When the public internet had become a natural part of corporate networks, a challenge to protect sensitive data flowing over the unsecured cyberspace emerged. VPNs came as a handy solution to this. Before we jump into the differences between site-to-site VPN and remote access VPN, let's recap the three VPN deployment types:
Remote access VPN ensures a secure connection between the employee and remote business LAN or cloud. Using client software installed on the host (desktop, laptop, smartphone, etc.), remote workers become a part of the company network as if they were sitting in the office.
Remote access VPN is the enabler of company digitalization and the means of leveraging the full potential of remote work. With the explosion of home-office and BYOD, it is widespread for employees to travel, access corporate networks from unsecured wi-fi, home, airport. Simply from wherever it is the most convenient while using a device of their choice.
The rising urge to secure such connections is inevitable, and that is where remote access VPN for businesses comes into the game. A host computer is equipped with a client application (OpenVPN, GoodAccess, or Cisco AnyConnect) that communicates with a VPN gateway. The application provides user authentication (ideally based on identity) and connection to the desired network. It creates a secured encrypted virtual tunnel to the LAN or cloud via the public internet. When coupled with static IP, access to systems can only be allowed from this address (IP whitelisting) to cloak sensitive applications and data from the public. Effectively creating a private virtual company network on the internet.
Site-to-site VPN interconnects two or more private corporate networks via an encrypted tunnel to enable borderless communication and resource sharing between employees and applications.
Typically, if you have headquarters, where all the critical servers and business applications are located, and geographically distributed branches that need access to those services, it isn't ideal to send sensitive data directly over the public internet and make them
vulnerable to eavesdropping. So, site-to-site VPN is a solution to keeping bad actors' hands out of your connections and securely sending data back and forth. Before transmitting data over the network, a router/firewall with VPN functionality (OpenVPN, IPSec, etc.) or a dedicated VPN gateway encrypts packets so that communication is unreadable for potential threat actors.
The same applies to a specific system or resource (e.g., CAD files, logistics) that is constantly updated and must still be accessible by employees in other branches. Site-to-site VPN is a convenient way to share sensitive resources safely.
Site-to-site VPN represents a simpler and relatively reasonably-priced alternative to private MPLS circuits. It utilizes existing network infrastructures and creates an encrypted tunnel for data transfer over the public internet from one branch to another. Client applications on hosts are not required.
Site-to-site VPN satisfied needs such as:
Site-to-site VPN cons:
Most modern organizations need to cover both use cases delivered by site-to-site VPN and remote access VPN. The latest approach that eliminates the need for various VPNs is GoodAccess cloud VPN. It is delivered as a cloud service and combines the benefits of both VPN forms together, seamlessly moving IT networking and security standards from LAN to the internet without compromising user experience and budget.
GoodAccess cloud VPN combines the benefits of site-to-site VPN and remote access VPN:
If you want to learn more about GoodAccess, a cloud VPN as a service, please visit this site.