VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. To ensure safety, data travels through secure tunnels, and VPN users must use authentication methods — including passwords, tokens or other unique identification procedures — to gain access to the VPN server.
VPNs are used by remote workers who need access to corporate resources, consumers who may want to download files and business travelers who may want to log into sites that are geographically restricted. VPN services are critical conduits through which data can be transported safely and securely.
How a VPN works and why you should use one
The two most common types of VPNs are remote access VPNs and site-to-site VPNs.
A remote access VPN uses a public telecommunication infrastructure like the internet to provide remote users with secure access to their organization’s network. This is especially important when employees are using a public Wi-Fi hotspot or other avenues to access the internet and connect to their corporate network.
A VPN client on a remote user’s computer or mobile device connects to a VPN gateway on the organization’s network. The gateway typically requires the device to authenticate its identity. Then, it creates a network link back to the device that allows it to reach internal network resources — e.g., file servers, printers and intranets — as though the gateway is on the network locally.
A remote-access VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection, although SSL VPNs are often focused on supplying secure access to a single application rather than to the entire internal network.
Some VPNs provide Layer 2 access to the target network; these require a tunneling protocol like the Point-to-Point Tunneling Protocol or the Layer 2 Tunneling Protocol running across the base IPsec connection.
In addition to IPsec and SSL, other protocols used to secure VPN connectivity and encrypt data are Transport Layer Security and OpenVPN.
A site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another — usually a small branch connecting to a data center. End-node devices in the remote location do not need VPN clients because the gateway handles the connection.
Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. Here, too, it is possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (virtual private LAN service) running across the base transport.
VPN services can also be defined as connections between specific computers, typically servers in separate data centers, when security requirements for their exchanges exceed what the enterprise network can deliver. Increasingly, enterprises also use VPN connections in either remote access mode or site-to-site mode to connect — or connect to — resources in a public infrastructure-as-a-service environment.
Newer hybrid-access scenarios put the VPN gateway itself in the cloud, with a secure link from the cloud service provider into the internal network.
Benefits of using a VPN
The justification for using VPN access instead of a private network usually boils down to cost and feasibility: It is either not feasible to have a private network — e.g., for a traveling sales rep — or it is too costly to do so.
In addition to providing a secure way for remote users to transmit or access information, VPN services are used for other purposes, as well. VPNs can hide a user’s browsing activity, which is particularly helpful with public Wi-Fi connections. VPNs also allow users to connect to sites that may be blocked geographically.
VPN performance may be affected by a variety of factors, among them, the speed of users’ internet connections, the types of protocols an internet service provider uses and the types of encryption the VPN uses. VPN services performance can also be affected by poor quality of service and conditions that are outside IT’s control.