A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organisation's network. The intention of the VPN is to offer the same kind of connectivity options that users receive from leased lines but at lower costs.
While the Internet uses point-to-point (PPP) protocol for remote access, VPN technology has tweaked this protocol with additional functions. It makes use of different protocols such as PPTP-Point-to-point tunnelling protocol, L2TP-Layer-2 tunnelling protocol and IPSec- IP security protocol, each capable of catering to specific requirements.
There are many different types of VPNs available. They are: PPTP VPN (Dial-up VPN); Site-to-Site VPN; Point-to-Point VPN; and MPLS VPNs.
A growing business has to expand its offices beyond its original location and open up new branch offices at other locations. By deploying a site-to-site VPN solution businesses can network their locations in a scalable and cost effective way. Usually office locations are connected via dedicated WAN (wide area network) but dedicated leased lines that are used in WAN for connecting multiple sites are expensive.
Though leased lines offered secure connection to a company’s private network, they have to be constantly monitored and their deployment is difficult. The scalable option available to companies is site-to-site VPN.
A business’ central office network and its remotes offices’ network are connected in a site-to-site VPN through the Internet which is a public infrastructure. The Internet is loaded with hackers, viruses and other malicious contents and site-to-site VPN offers security to business transactions by creating a "tunnel" through the Internet from one office (site) to another. The traffic that goes through this tunnel is encrypted to protect any sensitive data.
Site-to-site connectivity is achieved usually by IPSec deployments which has its distinct set of disadvantages. IPSec allows encrypted connection but in order to allow resource allocation to two sides of the connection the entire network has to be opened up which exposes it to both the sides. To overcome this, extensive ACLs and security policies have to be configured to authorise business access which is time consuming and error-prone.
Site-to-site VPN features granular access control and the ability to connect sites at the network, host, and application level. Permanent connections between two sides can be set up and access to only key applications or host servers can be enabled. This removes the need for any complex ACL configurations, unwanted network exposure and related security risks. Site-to-site VPNs also integrate network features such as routing, quality of service, and multicast support.
Site-to-site VPN does not require a dedicated line to link the network. Each site has its own Internet connection which may not be from the same ISP or even the same type. Also the routers at the end of each side do the routing and encryption functions and users need not go through any procedures such as ‘dial-up’ to set up a connection between sites.
Site-to-site VPNs offer greater scalability – it is easy to add a new site or an office to the network; all the new location has to have is a connection to the Internet. Adding a new office also means heavier load on the VPN gateway but users can easily overcome this by deploying software-based VPN gateway solutions that will allow them to seamlessly upgrade their hardware in order to handle the new extra load.
Apart from being scalable and secure, site-to-site VPNs are also flexible. If a business decides to relocate a remote site to another place it is very easy to set up the VPN at the new place. The non-dependence on dedicated line to establish a network significantly brings down the infrastructure costs.
Also there are various approaches available to deploy a site-to-site VPN. Users can prefer the one that is ideal for them. Some of types of VPNs include: Rule-based VPNs; Static route-based VPNs; Intranet-based VPN; Extranet-based VPN and many more.