VPN technology concepts and development trends

I. VPN concept

VPN is a secure and stable tunnel through a chaotic public Network. Through packets and encrypted transmission of network data, a temporary and secure connection is established in a public network (usually the Internet, in this way, private data can be transmitted on the public network to reach the security level of the private network. If the access method is dial-up, it is called VPDN. Generally, VPN is an extension of the enterprise intranet. It can help remote users, company branches, business partners, and suppliers to establish trusted and secure connections with the company's intranet, it also ensures secure data transmission. VPN can be used for the global Internet access of increasing mobile users to achieve secure connections; it can be used for Virtual Private Lines for secure communication between enterprise websites, it is used to economically and effectively connect commercial partners and users to a secure, out-of-network virtual private network.

Ii. Working Principle of VPN

VPN establishes a private data transmission channel through the public IP network to connect remote branch offices, business partners, and mobile office staff. This reduces the cost of remote access, reduces telephone fees, and provides secure end-to-end data communication.

VPN connection mode:

The similarities and differences between conventional direct dial-up connections and virtual private network connections are that in the previous case, PPP (Point-to-Point Protocol) data packets are transmitted through a dedicated line. In a VPN, a PPP packet flow is sent from a vrolan on the LAN and transmitted through a tunnel on the shared IP network before arriving at the vro on the other LAN.

The key difference between the two is that the tunnel replaces the real dedicated line. A tunnel pulls a serial communication cable from the WAN. So how to form a VPN tunnel?

There are two main ways to establish a tunnel: Client-Initiated or Client-Transparent ). Customer startup requires both the customer and the tunnel server (or gateway) to install the tunnel software. The latter is usually installed on the company's central site. The customer software initializes the tunnel, and the tunnel server terminates the tunnel. The ISP does not have to support the tunnel. Customers and tunnel servers only need to establish tunnels and use user IDs and passwords or digital license authentication. Once the tunnel is established, communication can be performed, just as if the ISP is not involved in the connection.

On the other hand, if you want the tunnel to be transparent to the customer, the ISP's POPs must have the access server that allows the tunnel and the router that may be needed. The customer first calls a dial-up to enter the server. The server must be able to identify the connection and establish a tunnel with a specific remote point. Then, the server establishes a tunnel with the tunnel server. Generally, the user ID and password are used for authentication. In this way, the client establishes a direct conversation with the tunnel server through the tunnel. Although this policy does not require the customer to have specialized software, the customer can only dial to access the correctly configured access server.

Iii. VPN applications

Currently, there are two main technologies used for self-built VPN within an enterprise: IP Sec VPN and ssl vpn. IPSecVPN and ssl vpn mainly address Internet-based remote access and interconnection, although technically, they can also be deployed on other networks (such as leased lines), they lose the flexibility of their applications, they are more suitable for customers that are especially price-sensitive, such as commercial customers.

However, there is a lot of controversy in the industry concerning the IPSec VPN and ssl vpn technologies. Although the most widely used enterprise is IPSec VPN, Infornetics Research shows that the market share of IPSec will decline in the next few years, and ssl vpn will gradually increase. Users often encounter a dilemma when considering which technology to use, that is, the conflict between security and convenience. In fact, no technology is perfect. Only when users have defined their own needs can they select a suitable solution. IPSec VPN is suitable for small and medium-sized enterprises. It has many branches and uses VPN tunnels to connect sites and exchange large data volumes. Employees with a certain scale and experience in IT construction, management, and maintenance. Enterprise Data is sensitive and requires a high security level. Employees of an enterprise cannot access the internal information of an enterprise on any computer. A firewall and anti-virus software should be configured for the laptops or computers of mobile office employees. Ssl vpn is more suitable for enterprises that require strong flexibility. employees must be able to easily access internal resources in different locations, and may use various mobile terminals or devices. The IT maintenance level of enterprises is low, employees know little about IT technology, and there is not much investment in IT.

Three Benefits of ssl vpn:

1. It is easy to use and can be installed and used immediately without configuration;

2. directly use the embedded SSL protocol without a client, and almost all browsers support the SSL protocol.

3. Good compatibility. It supports a series of terminal devices, such as computers, PDAs, smartphones, and 3G mobile phones, and applications connected to a large number of mobile users.

Disadvantages of SSL VPN

It is only suitable for Site-to-LAN (Point-to-Network) connections and cannot meet the requirements of LAN-to-lan vpn.

Iv. Development Trend of VPN

According to the current market situation, IPSec still occupies the largest market share, but its drawbacks have been revealed. Some users have begun to deploy two solutions at the same time, for example, remote access to office via ssl vpn, and the connection between sites through IPSec. In the next few years, the two solutions will coexist, but ssl vpn will be favored by enterprise users because of its ease of use, low deployment and maintenance costs, there will be more room for development.

At the winter tour held in June November by Sangfor technology, related personnel said: ssl vpn and multi-functional VPN products will gradually become a hot spot in the market. The user's needs are gradually evolving to the efficiency, manageability, and scalability of the VPN network by simply implementing the basic requirement of "connection" through VPN. In addition, VPN applications for Mobile Office are also developing rapidly. With the most obvious features of ssl vpn without Client installation, ssl vpn has significant advantages in the mobile office field that are easy to use and easy to manage. VPN, as a gateway product and user (especially for small and medium-sized enterprises), also hopes that the gateway not only has a single VPN function, it can integrate practical functions such as firewall, Gateway anti-virus, and spam filtering. VPN networks with a large number of gateways require further manageability of the entire network.