Using a dedicated static IP address is considered best practice when ensuring remote access for the workforce via VPN (Virtual Private Network). How to get a static IP address? What is IP whitelisting? What are the typical use cases? Let's break this topic down.
A static IP address, also known as a fixed IP address, is an identification number assigned to a host. It remains the same in time and is indefinitely reserved for that particular service. The static IP doesn't change even after turning the device off and switching it back on. Typically, static IP is used within an internal network (LAN) for services where it is undesirable to have their IP change dynamically to ensure continuous availability (servers typically).
This draws the main difference with a dynamic IP. A dynamic IP is (surprisingly) dynamically assigned to a host (server, PC, laptop, mobile device, etc.) by DHCP service. It changes at the end of the leased period, usually 24 hours, but this is a custom configuration.
There are two main options how to get a static IP:
So we’ve learned how to get a dedicated static IP, but in what scenarios doesn’t it come in useful? Before jumping into the typical use cases, we need to clarify one key term known as IP whitelisting.
Another common use case is when you host some service inside your local network and need to access it without geographical limitations. Your ISP has a range of IP addresses. Without a static IP, you use one of their shared IP addresses that don’t uniquely represent your network.
Having a static IP address means you can connect from anywhere (local firewall rules apply). Resting assured the IP address remains the same all the time.
Imagine you host services inside your local network, data center, or even in the cloud and need your employees to access them from anywhere. It is possible to make the system available publicly, but it would make it vulnerable to network attacks (man-in-the-middle attacks, DoS and DDoS attacks, eavesdropping typically, data breach).
Therefore, it is reasonable to make your resources available only to known IP addresses (so-called IP whitelisting - see the box above) as part of security controls.
Without a static IP provided by the VPN service, your users connect with one of ISP’s shared IP addresses that don’t belong into your trusted IP range and don’t uniquely identify them as one of your internal employees.
With a static IP address whitelisted by the server (i.e., your CRM application server), users’ IP addresses always remain the same. This is why users can connect from everywhere(local firewall rules apply) securely. Static IP is essentially a unique online ID of the user used for secure remote system access.
VPN creates a secure encrypted tunnel connection from a device to a VPN server based in the selected country (see business cloud VPN for more). The user device is assigned an actual static IP address, and all their data is routed via an encrypted tunnel. This is the way to ensure users always have the same static IP wherever they connect from. The IP address is fixed and dedicated to the user or a group of users, so only they can use it for accessing remote systems.
Business Cloud VPN typically delivers: