Understand the differences, principles and typical use cases of two basic VPN forms: site-to-site VPN and remote access VPN.
When the public internet had become a natural part of our daily lives and also corporate networks, a challenge to protect sensitive data flowing over the unsecured cyberspace emerged.
You have probably heard about using a VPN for streaming services and other personal uses, but did you know that there are certain virtual private networks designed for businesses like yours?
Running a business without a VPN in this digital era simply is not secure, and the damage caused by being hacked may take years to recover from.
In this article, we will discuss two types of VPNs. They could add to your defense against security breaches and help secure your corporate network:
➡️ Site-to-site VPNs.
➡️ Remote access VPNs.
We will cover how these two VPNs differ, how they are typically used, and explain a new development in the world of corporate VPNs.
- Local area network (LAN): A network of computers that is limited to a specific area, like an office building.
- Static IP address: An IP address that never changes, unlike a dynamic IP address which changes all the time.
- IP whitelisting: When you choose which IP addresses are allowed to access your company’s network, systems, SaaS, etc.
- IPsec (internet protocol security): A security protocol that authenticates and encrypts data packets to provide a secure connection between two computers on the same network.
- WAN (wide area network): A network that extends over a wide area that is not tied to a single location.
How VPNs are deployed
Before we jump into the differences between site-to-site VPN and remote access VPN, let's recap the three VPN deployment types:
Hardware VPN - a standalone dedicated device or router delivering VPN functionality.
Software VPN - a modern alternative to HW VPNs, bringing benefits such as lower costs, better maintenance, and ease of use.
Cloud VPN - a type of software VPN delivered as a service that doesn't require the customer to run or manage any underlying infrastructure.
What Is Remote Access VPN?
Remote access VPN ensures a secure connection between the employee and remote business LAN or cloud.
Using client software installed on the host - such as desktop computer, laptop, smartphone, etc. - employees working from remote locations can join the company network as if they were sitting in your offices.
We have now fully entered the era of remote work. As such, your employees could be working from home or from just about any remote location.
Many of your employees could be using their own devices to connect to your company’s network. Without a VPN in place, this is risky.
An added risk is that many of your employees may work from unsecured Wi-Fi networks at home or even at another location like an airport.
Using a remote access VPN allows your team to work remotely while keeping your business safe while they do so.
How does a remote access VPN work?
A host computer is equipped with a client application (OpenVPN, GoodAccess, Cisco AnyConnect, etc.) that communicates with a VPN gateway.
➡️ VPN client: The software that is installed on the host device to access the VPN.
➡️ VPN gateway: The tunnel that sends your encrypted data to your network across a public connection.
The application provides user authentication (ideally based on identity) and connection to the desired network.
Access to your company's network from a static IP address can only be allowed through something called IP whitelisting, which cloaks sensitive applications and data from the public.
This effectively creates a private virtual company network on the Internet.
What Is a Site-to-Site VPN?
Site-to-site VPN interconnects two or more private corporate networks via an encrypted tunnel to enable borderless communication and resource sharing between employees and applications.
Site-to-site VPN topology with different branches and services interconnected over the public internet
It is not ideal to send sensitive data directly over the public Internet, especially if you have headquarters where all the critical servers and business applications are located and geographically distributed branches that need access to those services.
A site-to-site VPN keeps hackers locked out of your connections and allows you to securely send data back and forth.
The same applies to a specific system or resource (e.g., CAD files, logistics) that is constantly updated and must still be accessible by employees in other branches.
Site-to-site VPN is a convenient way to share sensitive resources safely.
How does a site-to-site VPN work?
Before transmitting data over the network, a router/firewall with VPN functionality (OpenVPN, IPSec, etc.) or a dedicated VPN gateway encrypts packets so that communication is unreadable for potential threat actors.
Site-to-site VPN represents a simpler and relatively reasonably-priced alternative to private MPLS circuits. It utilizes existing network infrastructures and creates an encrypted tunnel for data transfer over the public internet from one branch to another. Client applications on hosts are not required.
What is a site-to-site VPN best for?
A site-to-site VPN is a good solution if your business needs to do the following:
- Interconnect branch office network (LAN) with the central corporate network and create WAN to access resources.
- Allow employees access to shared, in-house resources and applications such as data, email server, or proprietary software.
- Securely share geographically distributed resources via a single network so that they appear as if they were located in the same building.
The cons of using a site-to-site VPN
Now that you know more about site-to-site VPNs, let us take a look at why it may not be the best option for your business.
- Every location requires a dedicated device (router/firewall/VPN gateway). That implies manual labor spent on configuration, maintenance, and change management.
- Not suitable for remote workers accessing business resources from anywhere.
- Inconvenient for businesses primarily leveraging cloud resources and SaaS apps.
- MPLS, VLAN, or dedicated tools interconnecting datacentres and branches may be a preferred yet costly method for enterprises (due to more extensive data transfers, better performance).
- Monitoring and managing access are complex or impossible due to a lack of user-level visibility. This inherently places data breach and compliance initiatives in danger.
Get the Benefits of Remote Access and Site-to-Site VPN with GoodAccess Cloud VPN
Most modern organizations need to cover both use cases delivered by site-to-site VPN and remote access VPN.
One of the latest options that eliminates the need for several VPNs is GoodAccess cloud VPN.
It is delivered as a cloud service and combines the benefits of both VPN forms together, seamlessly moving IT networking and security standards from LAN to the internet without compromising user experience and budget.
GoodAccess cloud VPN combines the benefits of site-to-site VPN and remote access VPN
Here are just some of the ways that GoodAccess cloud VPN can benefit your business:
- Users can access resources and applications in branches and clouds securely, no matter where they are.
- Via central management, the administrator can provide every user with particular system access rights.
- The administrator can deploy zero-trust network access security measures.
- A single, no-hardware service simplifies IT infrastructure and offers a modern alternative to managing multiple products.
- Automated deployment, performance, and scalability thanks to vendor-operated global cloud infrastructure.
- Coupled with dedicated gateway and static IP for whitelisting, it creates a virtual private company network on a public internet.
To learn more about GoodAccess and how our cloud VPN can help secure your business and remote teams, visit our website.