26 Jul VPN client, know the types and applications
When the subject is interconnection between business units, involving different locations, VPN is a strongly addressed and widely diffused topic in the market.
VPN (Virtual Private Network) enables data traffic privately, on public or shared (usually unsafe) networks, using tunneling and encryption capabilities to ensure security.
The content of this blog post aims to clarify points associated with the use of VPN client in corporate structures, by presenting concepts and scenarios the technology can be applied to.
Types of VPN connections
From the point of view of topology, there are two main categories of VPN connections.
Client-to-Site (or Remote Access) and Site-to-Site (or Gateway-to-Gateway).
The difference between them is simple: Client-to-Site VPN is characterized by single user connections. In contrast, Site-to-Site VPNs deal with remote connections between entire networks.
What are VPN Client and VPN Gateway
For the operation of the VPN, in addition to the network where the data will be transported (which is usually the Internet), there are two basic requirements: a VPN gateway and a VPN client.
Within a context of VPN infrastructure, VPN Gateway is an asset that enables and maintains access to the other endpoint, in both Client-to-Site and Site-to-Site concept.
A VPN Client is used to search for the access provided by the VPN Gateway in order to establish a connection, building a secure tunnel to traffic data of users and corporations.
In simplified language, it is a “client-server” structure (VPN Gateway is the server and VPN Client is the client).
Client-to-Site VPN Applications
For a better understanding of the client-to-site VPN application, consider the example below:
Imagine a scenario of a company, with a customer base in other states and needs to develop on-site visits to customers from time to time. The day-to-day of that collaborator is quite busy, requiring, frequently, the execution of remote activities. During the period outside the company, the employee needs access to the internal management systems and directories of the corporate network, as if working locally, but connecting through different networks and in different locations (companies, hotels, restaurants, airports).
In order to make feasible such a scenario, ensuring the security in the communication of corporate data, it is advisable to establish a structure with VPN Gateway in the company’s office and a VPN client installed in the device used by the collaborator to make the remote accesses. This type of communication indicates the use of a certificate generated through the VPN Gateway, which may have expiration date and access credentials to increase communications security.
- Connection: Client-to-Site;
- VPN Gateway: Installed in the company structure;
- VPN Client: Installed on the device used by the collaborator (laptop, cell phone, etc.)
Site-to-Site VPN Applications
Another scenario that can be applied to the secure communication structure using VPN is that of companies that need to interconnect business units (head office and branch), with several users in different locations, and there is no direct connection type (an optical fiber, for example) between networks.
To make unit networks communicate transparently and securely, it is recommended to use a Site-to-Site VPN tunnel by connecting to corporate networks using VPN assets. In such a scenario, the branch office must have a VPN Client configured on its local network, with certificate generated in the VPN gateway of the head office and the access credentials. Thus, this secure connection, closed by the VPN tunnel, is made available to the entire network, without the need for each user or device to have a VPN Client configured individually to traffic between networks.
- Connection: Site-to-Site
- VPN Gateway: Head office
- VPN Client: Branch office
Knowing a little more about the ways of using VPNs enables the implementation of a security layer for access to corporate data, whether it is demand generated by users in transit or demands associated with the integration of business units.