A virtual private network (VPN) refers to the establishment of a private network on a public network for encrypted communication.
A virtual private network (VPN) refers to the establishment of a private network on a public network for encrypted communication. It is widely used in enterprise networks. The VPN gateway realizes remote access through the encryption of the data packet and the conversion of the destination address of the data packet. VPN can be implemented in a variety of ways such as servers, hardware, and software.
Virtual Private Network(VPN) Definition
Virtual Private Network(VPN) is a remote access technology, simply put it is to use a public network to set up a private network. For example, an employee of a company travels to another place, and he wants to access the server resources of the company's intranet. This type of access is remote access.
In the traditional enterprise network configuration, if remote access is required, the traditional method is to rent a DDN (digital data network) dedicated line or frame relay. Such a communication scheme will inevitably lead to high network communication and maintenance costs. For mobile users (mobile office workers) and remote individual users, they generally enter the corporate LAN through a dial-up line (Internet), but this will inevitably bring security risks.
If you want employees to access intranet resources remotely, the solution to using VPN is to set up a VPN server in the intranet. After the employees connect to the Internet locally, they connect to the Virtual Private Network(VPN) server through the Internet, and then enter the corporate intranet through the Virtual Private Network(VPN) server. In order to ensure data security, the communication data between the Virtual Private Network(VPN) server and the client is encrypted.
With data encryption, it can be considered that data is safely transmitted on a dedicated data link. It's like setting up a private network, but in fact Virtual Private Network(VPN) uses public links on the Internet. In essence, it uses encryption technology to encapsulate a data communication tunnel on the public network. With Virtual Private Network(VPN) technology, users can use Virtual Private Network(VPN) to access internal network resources whether they are on a business trip or work at home as long as they can access the Internet. This is why VPNs are so widely used in enterprises.
Virtual Private Network(VPN) Principle
- Under normal circumstances, the Virtual Private Network(VPN) gateway adopts a dual network card structure, and the external network card uses the public network IP to access the Internet.
- The terminal A of the network one (assumed to be the public internet) accesses the terminal B of the network two (assumed to be the company's intranet), and the destination address of the access data packet sent by it is the internal IP address of the terminal B.
- The Virtual Private Network(VPN) gateway of network one checks its destination address when it receives the access packet sent by terminal A. If the destination address belongs to the address of network two, then the data packet is encapsulated. The encapsulation method varies according to the VPN technology used. At the same time, the VPN gateway will construct a new VPN data packet, and use the encapsulated original data packet as the load of the VPN data packet. The destination address of the VPN data packet is the external address of the VPN gateway of network two.
- The Virtual Private Network(VPN) gateway of network one sends VPN packets to the Internet. Since the destination address of the VPN data packet is the external address of the VPN gateway of network two, the data packet will be correctly sent to the VPN gateway of network two by the route in the Internet.
- The VPN gateway of network two checks the received data packet, and if it finds that the data packet is sent from the VPN gateway of network one, it can determine that the data packet is a VPN data packet, and unpack the data packet. The process of unpacking is mainly to strip the header of the VPN data packet, and then reverse the data packet to restore the original data packet.
- The VPN gateway of network two sends the restored original data packet to the target terminal B. Since the destination address of the original data packet is the IP of terminal B, the data packet can be sent to terminal B correctly. From the perspective of terminal B, the data packet it receives is the same as the one directly sent from terminal A.
- The data packet processing process from terminal B back to terminal A is the same as the above process. In this way, the terminals in the two networks can communicate with each other.
How to Realize Virtual Private Network(VPN)
There are many ways to implement Virtual Private Network(VPN), the following four are commonly used:
- Virtual Private Network(VPN) server: In a large local network, Virtual Private Network(VPN) can be realized by building a VPN server in the network center.
- Virtual Private Network(VPN) Software: VPN can be realized through dedicated software.
- Virtual Private Network(VPN) Hardware: VPN can be realized through dedicated hardware.
- Integrated Virtual Private Network(VPN): Some hardware devices contain VPN functions, such as routers, firewalls, etc., but hardware devices with VPN functions are usually more expensive than those without this function generally.
Virtual Private Network(VPN) Pros and Cons
Virtual Private Network(VPN) Pros
- VPN enables mobile employees, remote employees, business partners and others to connect to the corporate network using locally available high-speed broadband network connections. In addition, high-speed broadband Internet connections provide a cost-effective way to connect to remote offices. In addition, high-speed broadband Internet connections provide a cost-effective way to connect to remote offices.
- A well-designed broadband VPN is modular and upgradeable. VPN allows users to use a very easy to set up Internet infrastructure, allowing new users to quickly and easily add to the network. This capability means that enterprises can provide a large amount of capacity and applications without adding additional infrastructure.
- VPN can provide a high level of security. It uses advanced encryption and identification protocols to protect data from snooping, preventing data thieves and other unauthorized users from accessing this data.
- Full control, virtual private network allows users to use the facilities and services of the ISP, while fully controlling their own network. Users only use the network resources provided by the ISP, and can manage other security settings and network management changes by themselves.
Virtual Private Network(VPN) Cons
- Enterprises cannot directly control the reliability and performance of Internet-based VPNs. Organizations must rely on Internet service providers that provide VPNs to ensure the operation of services. This factor makes it very important for companies to sign a service-level agreement with an Internet service provider, an agreement to guarantee various performance indicators.
- It is not easy for enterprises to create and deploy VPN circuits. This technology requires a high-level understanding of network and security issues, and requires careful planning and configuration. Therefore, it is a good idea to choose an Internet service provider to be responsible for most things running a VPN.
- VPN products and solutions from different vendors are always incompatible because many vendors are unwilling or unable to comply with VPN technical standards. Therefore, the mixed-use of products from different manufacturers may cause technical problems. On the other hand, using equipment from one supplier may increase costs.
- When using wireless devices, VPNs have security risks. Roaming between access points is particularly problematic. When users roam between access points, any solution that uses advanced encryption technology may be compromised.
Virtual Private Network (VPN) Gateway is an Internet-based service that securely and reliably connects enterprise data centers, office networks, or Internet-facing terminals to Alibaba Cloud Virtual Private Cloud (VPC) networks through encrypted connections. VPN Gateway supports both IPsec-VPN connection and SSL-VPN connection.
Alibaba Cloud Identity as a Service (IDaaS) is a centralized platform that provides management over identities, permissions, and applications for enterprise users. You can use this service to integrate and manage identities in your office administration system, business system, and third-party SaaS systems deployed on-premises or on the cloud. This way, you can access all applications and services with one account.
VPN Gateway is used to transmit encrypted traffic between Alibaba Cloud VPCs and enterprise data centers, enterprise office networks, or Internet platforms over the Internet. You can use this service to establish reliable and secure connections for data transmission. According to China’s regulations and laws, Alibaba Cloud VPN Gateway cannot be used as an Internet access service.