What is Cloud VPN?
Cloud VPN is a technology that has been designed to help your users across your company to access your company's applications, data, and files through a website or a VPN application. It is different from traditional static VPNs, because it provides you a secure connection that you can even deploy rapidly and globally.
You have seen a dramatic rise in telework driven by the COVID-19 pandemic. It also demonstrated the limitations of traditional site VPNs. Many organizations discovered that their existing VPN solutions were unable to meet the needs of a mostly or wholly remote workforce. Hardware VPN appliances were overwhelmed, and it led to inefficient routing of cloud-bound traffic through the headquarters network. It resulted in increased network latency. Thus, Cloud VPNs have become a key requirement...it makes sense to transition your VPN solutions to the cloud as well.
These VPNs are based on 'Site-To-Cloud' Architecture, and enable your users to securely access your corporate networks and resources remotely, regardless of where your users are located on the globe. Cloud VPNs ensure that all of your employees whether they are travelling, or working from home, or working on the go, can security access networks.
Cloud VPN securely connects your peer-network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection. Traffic traveling between the two networks is encrypted by one VPN gateway and then decrypted by the other VPN gateway. This action protects your data as it travels over the internet. You can also connect two instances of Cloud VPN to each other.
Cloud VPNs can also be called VPN as a Service (VPNaaS) or hosted VPNs.
-
2-Types of Cloud VPNsThere are two primary categories of Cloud VPNs:
1. HA VPNs
Here HA stands for 'High Availability' and it is the most important parameter for Cloud VPNs. These VPNs let your distant users to connect with your on-premise network, via an 'IPSec' VPN connection. When the vendor creates a HA-VPN gateway for your company, it basically chooses an 'IP Address' from a unique address-pool, which ensures that your company would have a high-availability all the time. So, when you have adequately configures your HA-VPN, it guarantees you a SLA (Service level availability) of 99.98%.
2. Classic VPNs
These VPNs are also known as 'target VPN' gateways. These VPNs would generally offer you a single interface and external IP address. You would have a choice of choosing dynamic or static routing support tunnels. Industry trends have been that such VPNs usually provide you a SLA of 99.9%.
Within the context of discussion about HA-VPNs here, you can have a look at the types of configuration topologies possible...
[A] Two-peer VPN Devices Topology
This topology involves a gateway connecting to two peer-devices, each of which has its own interface and external IP address. If a gateway is hardware-based, a second gateway enables it to offer failover and redundancy. This approach protects your organization against failures and allows you to take a gateway offline to carry out scheduled maintenance or software upgrades.
[B] One-peer VPN Device with Two IP Addresses
This topology involves a single gateway connecting to a peer device with TWO external IP addresses. The, this gateway uses 'two VPN tunnels' connecting to the peer device’s (both) external IP addresses.
[C] One-peer VPN Device with One IP Address
In this topology, the gateway connects to one peer device which would have only ONE external IP address, but the gateway would still create TWO tunnels, both of which will connect to the single IP address that is available at peer-device.
-
Another Differentiator
You can also differentiate between types of cloud VPNs on the basis of your purpose of the VPN...
1. Remote ACCESS
As I mentioned above, the rise of remote-workers has made 'SECURE remote access' a major priority for almost all businesses. You can say that VPN as a Service (VPNaaS) is a cloud VPN solution for these remote workers. Your remote-workers will install a small VPN software on their computer or mobile device and use it to connect to the cloud VPN service. From there, it can be routed to the appropriate SaaS application or other cloud resource. VPNaaS is valuable because it provides your user authentication for cloud-based resources and a secure, encrypted connection between remote-workers and the cloud.
2. Site-to-Site Connections
Not only your remote users need secure VPN connectivity, your company's network also need secure & encrypted tunnel between itself and the cloud. In this case, you might need to place a physical VPN appliance at the periphery of your own enterprise network. This appliance will then connect to a virtualized endpoint in the cloud, and an encrypted tunnel will be made between them. This will secure all traffic between the two network and would operate as a one single connected network, as if they were connected physically because there is no use of any public-facing IP addresses.
-
NOTE:
You should select a cloud VPN gateway that enables dynamic routing, utilizes the Border Gateway Protocol (BGP), and supports active/passive tunnel configuration. HA VPNs are also recommended because they offer 99.99% service availability. You can establish firewall rules that manage how traffic travels across the cloud VPN.
Also don't forget to generate & apply 'strong' pre-shared keys to safeguard data that travels through cloud VPN tunneling.
-
Kindly write 
your comment on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
__
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM