The Advantages of Cloud VPN
Co-Founder and Vice President of Products, VeloCloud
September 12, 2014
SD-WAN brings security to Internet connectivity
Today we were asked what shifts in business needs are impacting VPN, a technology that has been around since the 1990s. The most significant trend is the shift towards public cloud data centers and SaaS applications. Businesses today are less inclined to buy, install and maintain their own compute resources and enterprise applications. These businesses desire the flexibility and scalability provided by cloud delivered services that can be consumed on a pay-as-you-grow basis.
So why not seek this same advantage for VPN services that most enterprises rely on? Furthermore, since the applications and data that users need to access are now more distributed throughout the cloud, building and maintaining a traditional VPN is now more complex and often less efficient.
A traditional company network for distributed workers and offices would first consist of a private network infrastructure connecting large offices to the headquarters and datacenters. Then for smaller offices where a private connection such as a T1/MPLS connection is too expensive, an IPsec based site-to-site VPN over the Internet would be used. Finally, mobile workers might connect over SSL based remote access.
“Big changes are underway,” says Elizabeth Weise in an article in the Sep 23 issue of USA Today. “With the advent of cloud computing and a mobile workforce that expects – and is expected to – work anywhere, any time on anything, new ways to access VPN-like services are popping up right and left. Other companies have appeared that do most of the security in the cloud, sometimes with the addition of low-cost routers. These allow a corporate users to create their own easy-to-construct networks.”
These VPNs over broadband Internet would provide the security via encryption that private networks deliver for the larger branches. However, the reliability and the performance characteristics of private, dedicated circuits has not been addressed by traditional VPN technology. Reliability and performance are becoming increasingly important as businesses become more application-centric and utilize more real-time collaboration, VOIP and videoconferencing.
VeloCloud’s cloud-delivered SD-WAN brings the dual advantages of security, as well as the private network like availability and application performance to broadband Internet connectivity.
VeloCloud provides the following unique benefits to VPN:
#1 Enterprise Grade Performance and Availability
VeloCloud combines standard IPsec VPN with innovative “dynamic multi-path optimization” between branches provisioned with Edge appliances and headquarter sites or datacenters served by cloud gateways. Traditional IPsec over Internet improves neither the performance nor the availability of the underlying transport. While other emerging cloud based VPNs may simplify VPN deployment, with neither an on-premises CPE nor dual-ended optimization technologies, they lack the architecture to deliver performance improvements. The increasing use of VOIP and other network sensitive applications requires optimization among branches and to headquarters.
#2 Interoperability with Existing VPN Networks
Solutions for traditional site-to-site VPN will favor the deployment of the same vendor’s gateway in the headquarters or data center locations to achieve integrated manageability. This requirement imposes a CAPEX investment for each headquarters and datacenter site, as well as the IT effort to qualify and install equipment in these complex networks.
However most enterprises will have existing VPN capabilities and capacity. Traditional solutions for branches might provide some support for multi-vendor interoperability. But these solutions will require using two management systems for repeatedly adding matching branch and datacenter configurations for each and every new branch or branch reconfiguration including ISP / public address changes.
VeloCloud cloud VPN delivers the ideal solution. No additional datacenter equipment is required if IPsec VPN is already available. The cloud VPN services are interoperable via the one-time configuration of standard VPNC compliant IPsec to existing headquarter sites.
Subsequently ongoing new branch additions or reconfigurations are automatically connected to the cloud VPN without requiring any incremental touches to the headquarters site network.
#3 Ease of Branch Deployments
Branches are automatically connected to the cloud VPN, with access to headquarters sites whether served by VeloCloud or third-party VPN networks as outlined in earlier sections. Group configuration and policy templates called “profiles” ensure 1000s of remote sites can be deployed as easily as one site.
Cloud managed Edge appliances simplify branch deployment, and eliminate the need for troublesome end point VPN clients. New branches are easily provisioned to the cloud VPN with a single-click, eliminating complex configurations. Each branch automatically connects to the cloud VPN and directly to other branches and data centers. Additionally, automated IP address management simplifies the assignment and tracking of unique IP address blocks per remote site.
In summary, cloud-delivered SD-WAN simplifies the provisioning of remote branches while adding enterprise performance and availability to VPN and other Internet delivered services. As Gartner mentions in the USA Today article, “The market’s being disrupted as we speak.”
Add a comment.