What is a VPN and why is it important for SD-WAN?

Internet-based virtual private networks (VPNs) were introduced in the 1990s as a way to securely provide cost-effective connectivity over the insecure Internet, and the support that VPNs provide for SD-WAN technology has made the technology more popular today.

Definition of VPN

A Virtual Private Network (VPN) is defined as the creation of a secure network over a less secure network transmission, such as the Internet.

VPN is used to connect two or more nodes in a network, and is most commonly used to connect individual users' machines to an endpoint, or as a connection between endpoints. It can also connect two users, but the use case is rare and so deployment is rare.

One possible use case is connecting objects to the Internet. Although this use case is relatively rare now, as the Internet of Things develops, the number of devices connected to the Internet via VPN will continue to increase.

[[229417]]

Remote Access VPN

Remote access VPNs are the most common type and allow users to access company resources without being directly connected to the corporate network. Remote access VPNs are usually temporary connections and are closed when the user finishes their work.

To ensure privacy, a secure channel is established between user endpoints (such as laptops, mobile devices or home computers), the call is established and some kind of authentication is performed, such as password, token, biometrics.

Sometimes the username and password are embedded in the VPN software on the user side to make it easier for the user to connect, but some form of authentication is always required.

Advantages of Remote Access VPN

The advantage of using a remote access VPN is that workers can connect to company resources regardless of their location, without the need for a dedicated physical link. This reduces costs and enables connections that were not previously possible.

Remote Access VPN Challenges

The downside to remote access via VPN is that performance can vary widely depending on a number of factors. These factors include the internet service being used, the encryption method, and the endpoint the user is connecting to. These issues are far beyond the control of a company's IT department, making it difficult to do much to improve performance.

Any enterprise service can be accessed through a remote access VPN, and most enterprise services will work, but applications that consume a lot of bandwidth or have low latency requirements may be greatly affected.

IPSec vs. SSL VPN

Remote access VPNs typically use IPSec or SSL to securely connect users to a corporate network, with one significant difference: IPSec VPNs enable employees to access corporate resources as if they were in the office, so all shared drives, applications, and other resources are visible.

SSL VPNs typically provide connectivity for a single application rather than an entire internal network. SSL VPNs are growing in popularity because the SSL protocol requires fewer computing resources, giving IT greater control over what remote users access. Limiting access to specific applications can protect an organization in the event that a user's device is compromised.

SSL VPN and IoT

The Internet of Things includes a wide variety of devices, many of which are sensors for corporate networks that need to collect a variety of data. A common requirement is that these devices be able to communicate with the corporate network, and SSL VPNs are an ideal way to do this, as they can be configured to restrict access to all but the services that the IoT devices need to perform their functions.

The need for remote access VPNs is fading

As software as a service (SaaS) becomes more popular, the need for IT departments to provide remote access VPNs is decreasing. Applications and data are moving from corporate data centers to the cloud, where users can access these services directly.

End-to-end VPN

An end-to-end VPN connects a branch office to the corporate network by implementing network connectivity on a network device (a router, firewall, or dedicated VPN appliance) rather than on the end-user device.

One of the reasons for implementing an end-to-end VPN is similar to the reason network professionals implement remote-access VPNs: it is too expensive or impractical to connect sites to dedicated leased lines.

End-to-end MPLS VPN

Another type of end-to-end VPN is to connect to the MPLS cloud provided by the operator instead of the public Internet, thereby offloading the VPN connection to the operator. The service provider establishes a virtual connection between endpoints on its MPLS network.

The main advantages of this type of VPN are network agility and the mesh function of the network. In a typical end-to-end network, each branch is connected to the data center, and any branch will divert traffic to the central hub. With the mesh function, branches can achieve direct connection.

This direct connection is critical for video conferencing and other bandwidth-intensive and latency-sensitive applications, and MPLS VPNs are a perfect fit for this use case.

The downside of MPLS VPN is its cost. Private IP services like MPLS are very expensive, especially for international connections.

VPN and SD-WAN

SD-WAN is a hot topic among network practitioners because it can provide the cost advantages of Internet-based VPNs with the performance and flexibility of MPLS VPNs.

With SD-WAN, enterprises can replace at least some of their high-priced MPLS links with more affordable internet connections and use the optimization and multipathing capabilities of SD-WAN to ensure that performance remains high enough for each workload.

And, because the control elements of an SD-WAN have been decoupled from the infrastructure, the network can be configured through a centralized portal, and changes to the SD-WAN can be accomplished with just a few clicks of the mouse.

VPN technology has been around for decades, and SD-WAN should be called the next major application direction of this technology.