Nmedia - Fotolia
Remote working has become pervasive in business processes. While remote work, or teleworking, has been around for...
years -- and the technology has become largely standardized -- its importance to businesses increased significantly in 2020. Remote access to corporate networks and internal resources is now the norm, rather than the exception, for public and private businesses of all types and sizes.
As such, the primary remote access technology is the virtual private network, or VPN. In this article, we'll compare two different types of VPNs that make remote work possible: a remote access vs. site-to-site VPN.
First, a VPN is a virtual network, as opposed to a physical network. Connections are made using information from internet protocols, such as an IP address, to establish an encrypted tunnel between two endpoints. Data packets are transmitted via the internet over a variable set of routes, based on available network paths, to a receiving end that reassembles the packets into their original format.
By contrast, a physical network requires a hard-wired connection between endpoints, using a single communication link, like a private data channel. VPN traffic is typically secured using encryption, often with a security appliance on each end of the connection.
When pitting a remote access vs. site-to-site VPN and choosing between the two configurations, data center network managers must consider the roles they want VPN technology to play.
What is a remote access VPN?
Most widely used today for remote workers, especially employees working from home, remote access VPNs connect individual users, or clients, to private corporate host networks. Typically, remote access users include travelers, teleworkers and mobile users who need to access their company's internal network securely over the internet.
In a remote access VPN, every host accessed by remote users must have VPN client software. Whenever the remote user prepares to send traffic, VPN client software in a router encapsulates and encrypts that traffic before sending it over the internet to a VPN gateway at the edge of the target corporate network.
Upon receipt, that VPN gateway behaves just like in a site-to-site VPN. If the target host inside the corporate network returns a response, the VPN gateway performs the reverse process to send an encrypted response back to the VPN client over the internet. Firewalls may also be present to further protect network traffic from unauthorized intruders.
What is a site-to-site VPN?
By contrast, site-to-site VPNs connect multiple networks to each other, typically a branch office network to a company headquarters network. In a site-to-site VPN configuration, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway.
The VPN gateway encapsulates and encrypts outbound traffic, sending it through a VPN tunnel over the internet to a peer VPN gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts the content and relays the data packets toward the target host inside its private network.
Remote access VPN security protocols
When comparing a remote access vs. site-to-site VPN, security is an important factor. Multiple remote access VPN configuration protocols can be used. Each approach requires VPN client software on every remote system, as well as a VPN gateway at the corporate headquarters network. The corporate host supports the same protocols and options or extensions to facilitate access from remote user networks.
The most common secure tunneling protocol used in VPNs of each type is the IPsec encapsulating payload protocol. IPsec is an extension to the standard IP security standard used by the internet and most corporate networks today. Most routers and firewalls now support IPsec.
Alternatives to IPsec VPNs are Secure Sockets Layer (SSL) VPNs. These are often referred to as clientless in that they do not require the use of specialized software on the remote user's computer. In an SSL VPN, the remote user connects to the network through a web browser. Information is encrypted either with SSL or the Transport Layer Security protocol.
Site-to-site VPNs typically use the IPsec protocol. Another site-to-site VPN protocol is MPLS, but MPLS does not provide encryption.
Benefits of remote access VPNs
Remote access VPNs enable remote users to connect to a corporate host network from any location, which makes them beneficial for enterprises with employees and customers who are highly mobile. Data transmitted through remote access VPNs is encrypted, which means remote users can take advantage of public Wi-Fi connections or other places where traffic isn't generally secured.
Benefits of site-to-site VPNs
Site-to-site VPNs connect individual networks to each other, so they are well suited for organizations with multiple locations. Information can be sent securely through site-to-site VPNs, and they can handle mission-critical traffic, such as VoIP communications, which requires low latency and good quality of service.
Site-to-site VPNs also offload encryption and processing overheads from host PCs or devices to a separate security or router component. Additionally, they reduce the need for users to constantly log in or log out of a VPN connection.
Planning considerations for VPNs
When planning remote access VPNs, network administrators should make sure they have a sufficient number of VPN software licenses and sufficient network bandwidth to ensure throughput and minimal latency for remote users. From an operational perspective, periodically use network sniffing and monitoring equipment to ensure the integrity of network traffic.
Dig Deeper on Network Security
Related Q&A from Paul Kirvan
A major element in maintaining business continuity during a pandemic is taking care of employee health. Pandemic-specific planning must be a part of ... Continue Reading
This backup and recovery audit checklist offers a comprehensive group of controls and evidence examples to get you ready for the important process of... Continue Reading
Examine the major elements of an active archiving environment, including the kinds of data that you can use in one and resources to help with ... Continue Reading