Cloud VPN: An Overview
A cloud virtual private network (cloud VPN) is a form of technology designed to help users access their organization’s applications, data, and files through a website or an application. Unlike traditional or staticVPNs, a cloud VPN provides a secure connection that can be rapidly deployed globally.
Site-to-cloud VPN architecture
A site-to-cloud VPN architecture enables users to securely access corporate networks and resources remotely, regardless of where they are located. It ensures employees who are traveling, working from home, or working on the go can securely access networks and removes the need for fixed desks in an office.
Classification of Cloud VPNs
Two classifications of cloud VPN models are typically available to organizations.
HA VPNs
A high-availability VPN (HA VPN) enables organizations to securely connect their on-premises network to their VPN cloud via an IPsec VPN connection. When an HA VPN gateway is created, the provider automatically chooses an IP address from a unique address pool, which ensures high availability. As a result, HA VPN, when adequately configured, guarantees a service level availability of 99.99%.
Classic VPNs
Classic VPN gateways, or target VPN gateways, offer organizations a single interface and external IP address alongside dynamic or static routing support tunnels. Classic VPNs provide 99.9% service availability.
Categories of VPN Configurations
Two core categories of VPN configurations can be used to deploy VPNs over public networks.
Site-to-Site VPN configurations
Asite-to-site VPNconfiguration enables information to be sent securely across multiple local-area networks (LANs) to multiple office networks. The process routes packets over a secure VPN tunnel between two routers or gateway devices. As a result, two private networks, or sites, can share data across an insecure network without information being intercepted by an unauthorized user.
Site-to-site VPNs increase flexibility and scalability because the gateway VPN only has to support IPsec functionality. This minimizes installation and management costs, frees up memory consumption, and increases processing speed. However, it can increase computing power utilization, which can decrease communication speed.
Site-to-Cloud VPN configurations
A site-to-cloud configuration, or secure client-to-gateway connection, enables a client from an insecure remote location to access internal data located outside an organization’s LAN. A user needs to connect to the VPN to obtain secure access to the LAN, which can typically be managed by configuring a device like a router or a computer operating system. This configuration is often utilized by access VPNs or extranet VPNs.
Cloud VPN Topologies
The following cloud VPN topologies relate to HA VPN classifications.
Two-peer VPN devices
The two-peer VPN devices topology involves a gateway connecting to two peer devices, each of which has its own interface and external IP address. If a gateway is hardware-based, a second gateway enables it to offerfailoverand redundancy. This protects an organization against failures and allows them to take a gateway offline to carry out scheduled maintenance or software upgrades.
One-peer VPN device with two IP addresses
This topology involves a single gateway connecting to a peer device with two external IP addresses. The gateway uses two VPN tunnels connecting to the peer device’s external IP addresses.
One-peer VPN device with one IP address
In this option, the gateway connects to one peer device with one external IP address. It also uses two tunnels, both of which connect to one IP address.