-
Notifications
You must be signed in to change notification settings - Fork 0
Ops 301 Class 10
A site-to-site virtual private network (VPN) refers to a connection set up between multiple networks. This could be a corporate network where multiple offices work in conjunction with each other or a branch office network with a central office and multiple branch locations.
Site-to-site VPNs are useful for companies that prioritize private, protected traffic and are particularly helpful for organizations with more than one office spread out over large geographical locations. These businesses often have to access resources housed on a primary network, which could include servers that facilitate email or store data. In some instances, a server may be the operational hub of an application essential to the company’s business. A site-to-site VPN can, in that case, give all sites full access to the application—as if it were housed within their physical facility.
There are a few different types of VPNs, and each comes with its own benefits. Depending on the needs of your organization, one type may better fit your objectives than others.
Remote Access VPNs
A remote access VPN refers to a temporary connection set up between two or more users and a central location. In most cases, a remote access VPN is used to give each location access to a data center. In some situations, a connection that makes use of Internet Protocol security (IPsec) is sufficient. However, it is also common for an organization to utilize a VPN, which avails them of the security positioned at the gateways at each end of the VPN.
Intranet-based Site-to-Site
An intranet-based site-to-site VPN connects more than one local-area network (LAN) to form a wide-area network (WAN). A company may also use this kind of setup to incorporate software-defined WAN (SD-WAN). Intranet-based site-to-site VPNs are useful tools for combining resources housed in disparate offices securely, as if they were all in the same physical location.
Extranet-based Site-to-Site
Extranet-based site-to-site VPNs are often used by two or more different companies that want to share certain resources but keep others private. With an extranet-based site-to-site VPN, each entity connects to the VPN and chooses what they want to make available to the other companies. In this way, they can collaborate and share without exposing proprietary data.
There are several factors to consider when figuring out whether to implement site-to-site VPN services. In some cases, typical IPsec is sufficient for communication between two or more locations. However, there are a few considerations that may drive a company to use VPN connections instead:
- The number of locations
- Business size
- The distance between each location
- The resources the locations have to share with each other
Watertight Security
The VPN your company chooses must be protected by stringent security measures. The data that travels back and forth must be secure, both as it moves from point to point and while at rest in each location. This involves adequate authorization, authentication, and administration. It is also important for all practices to support the security policies of the organization, including any established best practices that have been developed by the various IT staff in each location.
Ease of Operations
If a VPN is difficult to use, it can cause more frustration than convenience. Users should have the freedom to access the VPN using a web browser. While it is important to ensure ease of access, this should not result in lax security practices. If users have to take an extra step to get into the VPN, the extra security may be worth the additional few moments it takes to gain entry.
This does not mean access has to be cumbersome. In the majority of cases, employees should be able to get into the VPN using mobile devices like laptops, tablets, or smartphones.
With a VPN, you can also make network administration easier. You can manage remote locations from a central office and exercise complete control over the entire network. This gives you the flexibility to upgrade your security measures, including installing new features or updating existing software—all from one location.
Simple and Secure Scalability
It is easy to scale a VPN. You can add a new site, user, office, or partner organization in minutes. If you do not have to put additional VPN clients at each new location, it is quick and inexpensive to incorporate additional connections. Also, in case you need to relocate a satellite office, it is easy to set up another location.
Business Continuity
In the event of a disaster, whether naturally caused or due to an infrastructural issue, it is important to minimize business interruption and get back up and running as soon as possible. A site-to-site VPN lets you leverage remote access immediately after an emergency has been identified.
If, for example, an office is affected by a disaster, employees do not have to stop all production until things are back up and running. They can each be granted access to the site-to-site VPN, connect to the resources at headquarters, and work from home. With a VPN, you can minimize downtime and reduce the financial effects of a disaster.
Flexible Deployment
With a VPN, you have the power to deploy a new solution across a broad network of devices at various physical locations. You can choose which sites to provide the new solution to first, second, and so forth. This could give you the flexibility to offer training or support in controllable phases instead of tackling it all at once and potentially overwhelming your IT team.
ALL content has been cited from Fortinet
This content is relevant to the class subject matter because it pertains directly to protocols we will encounter regularly as security professionals, their best practices, and practical guidance for how to implement them.