A site-to-site VPN allows workers to securely access resources from a remote location.
For companies looking to create more-secure networks for their employees, a virtual private network (VPN) is an excellent option. There are two primary VPN types: remote access and site-to-site. Remote access VPNs connect users to a remote server to access a private network. A site-to-site VPN provides users in different locations with the ability to access other users' resources. If you're unsure which type of VPN is right for your business, read on to learn more about site-to-site VPNs, how they work and the benefits of implementing one within your business.
What is a site-to-site VPN?
A site-to-site VPN connects users in different locations within an entire network. Through this network, the users can exchange data from their own locations while that information is encrypted and secured through the VPN. Users working in separate offices can still be connected to one another and all of their internal resources. This keeps all users connected even when they are working remotely while securing the information exchanged between them.
"A site-to-site VPN is a tunnel that is configured between two firewalls at different locations," said Andrius Ulenskas, technical director at Hyve Managed Hosting. "It is usually connected to your data center and office, or [used] to connect two companies that are doing business together."
There are two main methods for how a site-to-site VPN is established: the internet VPN method and the multiprotocol label switching (MPLS) VPN method.
An internet VPN is created through an organization's existing network and the public internet. An organization creates a VPN gateway, which consists of a router, firewall or security application. The VPN gateway encrypts all outbound data from a site through its VPN tunnel and then sends the data over the public internet to a second site. Once the second site receives the information, it is decrypted and then able to be used by whoever wants to access it.
An MPLS VPN is a fairly new method of creating a site-to-site VPN. Whereas an internet VPN is established through the public internet, an MPLS VPN is connected through a carrier-provided MPLS cloud. Working through a cloud means the VPN belongs to its provider and not the company using the VPN. MPLS VPNs are more easily deployable and provide optimal performance for bandwidth-intensive networks.
How do site-to-site VPNs work?
Site-to-site VPNs create a "tunnel" between networks to connect and share info and encrypt that info so "eavesdroppers" can't read it. At the end of each VPN tunnel, the network encrypts the original IP packet, adds a VPN header, establishes a new IP header and then sends that encrypted package back to the other end of the VPN tunnel.
What is needed to set up a site-to-site VPN?
To set up a site-to-site VPN, an organization must first determine which method they'll be using. If an organization is interested in the internet VPN method, they'll need a strong internet connection. Businesses that want to use the MPLS VPN method will need to sign up for and install their VPN with the carrier. Regardless of the VPN type, all user devices need to be compatible with the network.
Every organization should have at least two routers to support their VPN tunnels or an established firewall. You should talk with IT to choose specific hardware that will fit in with or expand upon your organization's current technological systems. Because technology is always advancing, it's beneficial to update your existing systems so they are more secure.
Benefits of site-to-site VPNs for businesses
Here are some of the advantages of using a site-to-site VPN at your business:
High level of security
VPNs, including site-to-site VPNs, offer organizations a high level of security and data protection. All information and traffic sent between one source on the network to another is encrypted through the VPN. The encrypted information can be decrypted only through the VPN, protecting users from any attempts to hack your devices and steal information.
Site-to-site VPNs offer an incredibly tight and secure connection for any data through the system. They protect an organization's internal network, even when its users are working remotely. Managers and leaders can have peace of mind knowing that no matter what location their employees are working from, their information and exchanges will be secure through the VPN.
Using a site-to-site VPN gives an organization more control over their business. Often, certain network resources can be accessed only while a user is physically in the office or at a certain site. But because anyone who accesses the site-to-site VPN is considered an internal user, access control rules are easier to define. Traffic from a site-to-site VPN is still considered internal, meaning the VPN tunnels can access these network resources.
If your company is looking to grow and add branches or offices, a site-to-site VPN is easy to expand upon; you can easily add new users or offices to the network. There is no hassle of connecting each new device or installing new systems.
Drawbacks of site-to-site VPNs
Although site-to-site VPNs offer a lot of flexibility for an organization, there are some drawbacks as well.
They may not make sense for remote work.
Because of the coronavirus pandemic, more employers have shifted to remote work, and this trend will continue even after the virus is contained. As businesses have moved their data and applications to the cloud so remote workers can access them, it's less practical to route traffic through an on-site data center. Network clouds have been a primary reason businesses have shifted away from site-to-site VPNs.
Network speeds may be slower.
Every VPN tunnel is used exclusively by a certain user and is independent of other users on the network. This means the entire network may slow down if the VPN has multiple users or large files are being transferred. By contrast, with a remote VPN, everyone uses the same network.
They can be a lot to manage.
Site-to-site VPNs require a unique connection for each pair of connected sites. For an organization with lots of users, it can become overwhelming and costly for an IT department to monitor and centralize the network.
Site-to-site vs. remote access VPNs for business
Organizations looking to secure their systems and set up a VPN will have to choose between site-to-site and remote access VPNs. Site-to-site VPNs are better suited to businesses with multiple locations, whereas remote access VPNs are appropriate for businesses with employees working from many remote locations.
"For a small business, a solution that provides site-to-site VPN and enables remote access is a good starting point," said Heather Paunet, senior vice president of products at Untangle Inc. "Even small businesses can be spread across multiple offices with many branch offices. Connecting the offices with site-to-site VPN enables each office to access the same corporate network. Remote access gives employees that same experience when they are working from home, which is likely to stay popular even after the pandemic is over."
If you're trying to determine which type of VPN to use for your business, the first step should be to assess your needs and long-term goals. Here are some factors to consider when researching which type of VPN to use:
- Business size
- Number of employees
- Employees' locations
- Number of offices
- Security infrastructure
- Information exchanged
- Long-term goals
If a business is anticipating remote work for the long term, a remote access VPN may be a good alternative to a site-to-site VPN. For businesses that expect to return to a more traditional office setting, on the other hand, a site-to-site VPN is better for keeping all locations and networks connected.
Cloud providers and hybrid remote access VPNs are becoming more popular solutions for updating or modifying existing organizations' VPNs. The choice ultimately comes down to your business's workflow, security needs and expectations for growth.