As discussed in a separate post, there are two general types of Virtual Private Network (VPN), namely remote-access VPN and Site-to-Site VPN. The former is discussed in a previous post. The focus of discussion is now on site-to-site VPN. Actually, this type of VPN service has some specific purposes, particularly for businesses, which have some branch offices in separate locations.
This type of VPN is different from remote access VPN, which connects PC to server. Meanwhile, site-to-site VPN connects network-to-network. In other words, the VPN tunnel ends in two devices, usually called routers, which are equipped with firewall protection.
When to Use Site-to-Site VPN Service
Site-to-Site VPN allows branch offices or unit offices in geographically separate locations to get connected each other. This VPN is also useful when a company wants its employees to create site-to-site VPN to connect employees’ home network to the office network. This allows the employees to work from home and get connected to the corporate network resources. The connection usually happens by means a VPN gateway device, or a router.
However, you need to meet some requirements before setting up site-to-site VPN service. The first is physical location. There must be two common private networks, which you usually connect to. If you lack these locations, a software VPN can be a solution (discussed in a separate post).
There are two sub-types of site-to-site VPN, namely intranet or extranet based VPN. Intranet-based VPN is a connection between propriety networks in an organization. Meanwhile, an extranet-based VPN is a connection between an organization’s propriety and external partner networks. The external partners can be partner companies, customers, or suppliers.
Extranet VPN allows the company and external partners to work together within a secure network environment. Meanwhile, the external partners are actually unable to access the company’s intranet resources. In other words, a company, which has some branch offices or unit offices and has extensive partnerships with external resources, needs both intranet and extranet VPNs.
Advantages and Disadvantages of Site-to-Site VPN Service
The main advantage of site-to-site VPN is that it uses up fewer hardware resources, like memory and processor speed, in your PC. The processing and encryption occur in the security device or router. In addition, the routers are constantly plugged in. Therefore, it enables continuous connection among some devices in separate locations. Other advantages include the following:
When combined with IPsec, a site-to-site VPN helps in securing the connections and data traffic. The encryption process begins since the journey through the tunnel begins from a site to another. This type VPN minimizes the risk of hackers’ attacks, viruses, and malicious contents from getting into the tunnel.
The traffic is secured by a digital signature authentication, which serves as a prerequisite (or “ticket” to enter the tunnel. Therefore, a public key infrastructure (PKI) is necessary.
As the VPN is scalable, adding a new site or a new office into the network is hassle free. The same case applies when the company needs to relocate an office to a different location. Setting up the VPN in a new location is relatively painless. Even though your company has more than 1000 computers, they do not need to run client software, as they do with remote-access VPN.
Ideal for Smaller Companies
Just like large companies, small companies or startups need a secured connection between the units. If they have limited budget to invest in security products, a site-to-site VPN is the choice. Besides ease in setup process, it is also supported by more powerful security, thanks to the encryption process.
However, site-to-site VPN also has some disadvantages, particularly when it comes to encryption traffic. The VPNs are static. Connection only exists between two remote terminals. In other words, connection is only possible from the devices, which are connected to the terminal. Therefore, you cannot connect the device anywhere.
Furthermore, the users need some technical knowledge on how to set up the VPN correctly, how to match both tunnels such as private keys, how to use encryption algorithm, how to manage remote traffic, and many more.
Site-to-Site VPN Service: The Bottom Line
This type of VPN service is a good choice for companies, which have some units or branches in separate locations, and companies, which have regular connections with external partners like suppliers and customers. It allows connection between the company’s resources in a secure and private way. The risks for malware, virus, or hacker attacks are also minimized.
However, this may not be a choice for companies, whose teams are mobile. For instance, team members who often do field visits or surveys cannot depend upon a site-to-site VPN, since the connection is static in nature.