GoodAccess logo
Go back
Go back

Remote Access VPN vs. Site-to-Site VPN? Get the Benefits of Both

Understand the differences, principles and typical use cases of two basic VPN forms and learn about the most recent approach that eliminates the need for over-combining various VPNs in a business environment.

When the public internet had become a natural part of corporate networks, a challenge to protect sensitive data flowing over the unsecured cyberspace emerged. VPNs came as a handy solution to this. Before we jump into the differences between site-to-site VPN and remote access VPN, let's recap the three VPN deployment types:

  1. Hardware VPN - a standalone dedicated device or router delivering VPN functionality.
  2. Software VPN - a modern alternative to HW VPNs, bringing benefits such as lower costs, better maintenance, and ease of use.
  3. Cloud VPN - a type of software VPN delivered as a service that doesn't require the customer to run or manage any underlying infrastructure.

What Is Remote Access VPN?

Remote access VPN ensures a secure connection between the employee and remote business LAN or cloud. Using client software installed on the host (desktop, laptop, smartphone, etc.), remote workers become a part of the company network as if they were sitting in the office.

Fig 1: An example of remote access VPN topology with different users/devices interconnected via secured tunnel over the public internet.

Remote access VPN is the enabler of company digitalization and the means of leveraging the full potential of remote work. With the explosion of home-office and BYOD, it is widespread for employees to travel, access corporate networks from unsecured wi-fi, home, airport. Simply from wherever it is the most convenient while using a device of their choice.

The rising urge to secure such connections is inevitable, and that is where remote access VPN for businesses comes into the game. A host computer is equipped with a client application (OpenVPN, GoodAccess, or Cisco AnyConnect) that communicates with a VPN gateway. The application provides user authentication (ideally based on identity) and connection to the desired network. It creates a secured encrypted virtual tunnel to the LAN or cloud via the public internet. When coupled with static IP, access to systems can only be allowed from this address (IP whitelisting) to cloak sensitive applications and data from the public. Effectively creating a private virtual company network on the internet.

What Is Site-to-Site VPN?

Site-to-site VPN interconnects two or more private corporate networks via an encrypted tunnel to enable borderless communication and resource sharing between employees and applications.

Site-to-site VPN topology with different branches and services interconnected over the public internet
Fig 2: Use cases of site-to-site VPN

Typically, if you have headquarters, where all the critical servers and business applications are located, and geographically distributed branches that need access to those services, it isn't ideal to send sensitive data directly over the public internet and make them

vulnerable to eavesdropping. So, site-to-site VPN is a solution to keeping bad actors' hands out of your connections and securely sending data back and forth. Before transmitting data over the network, a router/firewall with VPN functionality (OpenVPN, IPSec, etc.) or a dedicated VPN gateway encrypts packets so that communication is unreadable for potential threat actors.

The same applies to a specific system or resource (e.g., CAD files, logistics) that is constantly updated and must still be accessible by employees in other branches. Site-to-site VPN is a convenient way to share sensitive resources safely.

Site-to-site VPN represents a simpler and relatively reasonably-priced alternative to private MPLS circuits. It utilizes existing network infrastructures and creates an encrypted tunnel for data transfer over the public internet from one branch to another. Client applications on hosts are not required.

Site-to-site VPN satisfied needs such as:

  • Interconnect branch office network (LAN) with the central corporate network and create WAN to access resources.
  • Allow employees access to shared, in-house resources and applications such as data, email server, or proprietary software.
  • Securely share geographically distributed resources via a single network so that they appear as if they were located in the same building.

Site-to-site VPN cons:

  • Every location requires a dedicated device (router/firewall/VPN gateway). That implies manual labor spent on configuration, maintenance, and change management.
  • Not suitable for remote workers accessing business resources from anywhere.
  • Inconvenient for businesses primarily leveraging cloud resources and SaaS apps.
  • MPLS, VLAN, or dedicated tools interconnecting datacentres and branches may be a preferred yet costly method for enterprises (due to more extensive data transfers, better performance).
  • Monitoring and managing access are complex or impossible due to a lack of user-level visibility. This inherently places data breach and compliance initiatives in danger.

Get the Benefits of Remote Access and Site-to-Site VPN with GoodAccess Cloud VPN

Most modern organizations need to cover both use cases delivered by site-to-site VPN and remote access VPN. The latest approach that eliminates the need for various VPNs is GoodAccess cloud VPN. It is delivered as a cloud service and combines the benefits of both VPN forms together, seamlessly moving IT networking and security standards from LAN to the internet without compromising user experience and budget.

GoodAccess cloud VPN combines the benefits of site-to-site VPN and remote access VPN:

  • Users can access resources and applications in branches and clouds securely, no matter where they are.
  • Via central management, the administrator can provide every user with particular system access rights.
  • The administrator can deploy zero-trust network access security measures.
  • A single, no-hardware service simplifies IT infrastructure and offers a modern alternative to managing multiple products.
  • Automated deployment, performance, and scalability thanks to vendor-operated global cloud infrastructure.
  • Coupled with dedicated gateway and static IP for whitelisting, it creates virtual private company network on a public internet.

If you want to learn more about GoodAccess, a cloud VPN as a service, please visit this site.

Go back
Go back