Cool Networks – Secure Connections

Virtual Private Networks

Definition: What is a VPN?

A Virtual Private Network (VPN) is a communication network connecting computer systems. It behaves like a normal computer network and is also used like a normal network, i.e. the connected systems send their data to the network and it is the task of the network to ensure that the data arrives at the destination address.

Unlike conventional computer networks, a VPN only exists virtually, i.e. not physically. The network is therefore not built using physical network components (network cards, cables, switches, routers, etc.), but is mapped onto existing networks by software. For this purpose, the VPN software establishes connections between participating systems, which transparently pass the hardware of the underlying network, i.e. the components of the underlying physical network are practically non-existent for the systems connected to the VPN. These connections are also called “tunnels” – the physical network is “tunneled”.

The tunnels make the network private, i.e. not usable by outside third parties. To protect the data flowing through the VPN, the connections are also encrypted. The content of the transmitted data is therefore not readable in the network components used and cannot be changed without the VPN noticing. This enables the establishment of a protected private network across public networks such as the Internet.

Applications

– Securely connect multiple offices of an organization to a local network of the organization,
Secure access from a single system (e.g. an employee’s computer) to the local network of an organization, especially from unsecured environments (home office, public WLAN, etc.),
Seamless roaming on mobile systems – a computer connected via a VPN retains its fixed address despite a change of access network (mobile phone, public WLAN, home network, etc.).
Direct connection of two computers for special security of communication between these systems (e.g. direct connection of two servers, administrator access to servers),
Separation of network areas within a physical network,
Virtual roaming: By using different access points in different countries (e.g. Germany, USA), it looks to the remote server (e.g. a web server) as if a request came from the country of the access point. This is used, for example, to view web content destined for other countries or to circumvent licensing restrictions on content (e.g. video streams).

VPN Gateways and Cloud VPN

A VPN gateway is an access point to a VPN to which systems from outside (VPN clients) connect to participate in the VPN and exchange data with other systems in the VPN. When connecting to a VPN, VPN clients identify themselves via various mechanisms, e.g. by username and password or by using known keys (public keys, pre-shared keys).

In a conventional corporate network, a VPN gateway is typically an appliance, i.e. a special computer system connected to the local network and running the VPN software.

In contrast, a Cloud VPN is purely virtual. The VPN gateway is operated in the cloud, i.e. on servers in secure data centers, “as a service”. One of the advantages of this approach is that data does not flow through the company network when exchanged between VPN clients that are not directly connected to the local company network (mobile systems, home office) and servers on the Internet. Thus, the Internet connection of the company network is spared, and the bandwidth can be used for other applications. When using Software as a Service (SaaS) applications from the cloud, for example, this considerably reduces data transfer in the company network’s Internet connection.