From the beginning, a VPN was meant to secure a connection that has to transit through a public network (mainly via TCP-IP connections like the internet). For IT managers, the challenge consisted of finding out the best encryption method that should be applied through this tunnel: what was the right protocol? How long should be the encryption key? How was the VPN implementation designed: was it a peer-to-peer connection, or a VPN connection meant to connect a roaming user? At this stage, things were dealt with in-house and IT managers had control over both endpoints of the VPN tunnel. Learn about cloud VPN solutions.
Things are meant to change
But things were meant to change, especially once cloud computing has seen a wide adoption: slowly, but surely, some pieces of the in-house IT infrastructure have moved to the cloud, thereby introducing a third-party player into the equation: IT managers are “losing control” over some part of the infrastructure that they are using.
But this radical change isn’t limited to the in-house side of IT; it also affected the end-user side: applications and storage are also moving from their desktop to the cloud.
To give some overview of the cloud VPN solutions, let’s consider it from two points of views.
1- Cloud computing for end-user customer
At this stage, most cloud computing services (e-mail, file sharing, music listening and other online applications) are using SSL connections. However, for some specific uses (public WI-FI, for example), end-users are opting for third-party VPN solution providers to secure their connection. This is a best practice that has been advised to users for years. Robust and proven solutions come from HideMyAss, PureVPN, NordVPN, ExpressVPN, ibVPN for that purpose.
Another increasingly popular use of VPN is to override geolocation-limited online services. Sites like Hulu, Spotify, BBC iPlayer or others only allow viewers from specific countries to access their services: VPN service is mainly used here for “borrowing” an IP address from authorized countries. The same principles are also used to overcome internet censorship that some countries are applying.
2- Cloud computing and corporate/enterprise services
On the corporate side, the major use of VPN remains in-house mainly for branching remote offices or for giving a solution to teleworkers and travelers. As users are becoming more mobile and devices are becoming more diverse (laptops with different OS, smartphones, tablets …), some applications are brought to the cloud (example: Salesforce, e-mail access or even file storage): they are usually accessed publicly via cloud provider specific API or via SSL.
For deeper cloud computing integration, different options are brought to the market to extend the enterprise network infrastructure to the cloud. Three major options can be identified here:
- Extend in-house network infrastructure to the cloud. Cloud services in this category include Amazon EC2, GoGrid, IBM SmartCloud, VMWare/Terremark vCloudExpress. They usually have their own API or system for accessing or managing their services;
- Build a virtual network on the cloud: the idea here is to build a virtual network on top of the cloud provider’s infrastructure. Connections from outside of the cloud or between clouds are made via IPsec and SSL;
- Build a direct private pipe between the enterprise network and the cloud: Amazon Direct Connect illustrates this scenario. Direct connection to EC2 can be made through this private pipe, but it is expected that enterprises would want an additional encryption layer.
As you would see, I’ve dealt with the relationship between cloud computing and VPN for the last couple of days, do you think there’s going to be a major change that will arise from the integration of those two concepts? If so, what would that be? What do you think of cloud VPN solutions?