VPN Wired

Your Online Security Advisor

Nord_W

What is a Site-to-Site VPN?

Site-to-Site VPN

VPN is a virtual and private network that utilizes a public channel for secure and remote communication. Although VPNs are now a household name, there was once a time when they existed exclusively for corporate use. Before the augmentation of the internet, businesses worried about their communication over long distances. Thus, there was a need for a remote yet secure mode of communication. This came true with the advent of PPTP (point-to-point tunneling protocol), which became the building block for a VPN. It gave rise to a technical implementation within the corporate framework. This application was the site-to-site VPN.

Although the tech is decades old and phasing out, many businesses around the globe still rely on it to facilitate remote communication. Today, we will learn more about this implementation of a VPN. We will gander a detailed working of the technology and figure out why it is becoming obsolete.

Site-to-site VPN: A Definition

Site-to-site VPNs are the traditional implementation of a corporate VPN. In many ways, they even predate the internet. Although today remote-access VPNs are prevalent (such as your typical consumer VPN, many of which we reviewed) in the corporate scenario, there once was a time when S2S VPNs reigned supreme.

The value of the S2S VPN lies in its ability to connect entire networks like LAN (Local Area Network) or WAN (Wide Area Network), for example, spread across multiple locations. But the sole limitation that resulted in the upheaval of this tech was the fact that it was limited to fixed physical sites. Unlike its counterpart, a site-to-site VPN needs preplanning and assistance. To successfully connect two distinct networks, you require hardware, physical servers, and communication lines, among other things.

Site-to-site VPNs may be troublesome to install, but they operate with ease. There is no apparent need for VPN clients as it relies on VPN gateways (such as routers, concentrators, firewalls, etc.) to keep data between two networks encrypted. Thus, it saves the IT department the hassle of installing software on the user’s end. However, this approach reduces the security of the network. Other glaring disadvantages regarding an S2S VPN pushed it towards obsolescence. You can learn more about the numerous advantages and disadvantages of the site-to-site VPN in detail with our article.

To conclude, site-to-site VPNs are virtual tunnels connecting two or more networks. They link a remote workplace to the central office, though this connection is fixed and limited by physical factors. Furthermore, there is an apparent lack of credentials or VPN clients that reduces the credibility of this tech. By linking multiple S2S VPNs, a corporate can, in essence, create its WAN (Wide Area Network).

There are two different ways of creating an S2S VPN, namely:

  1. Intranet method, based on the public network
  2. Extranet method, based on MPLS (MultiProtocol Label Switching)

Due to these methods, there are two types of site-to-site VPNs.

  • Intranet-based S2S VPN
  • Extranet-based MPLS VPN

How does S2S VPN work?

Communication over the internet is out in the open. If someone dedicated enough wants to intercept and mine your data, then it is not that hard. This openness causes the internet to be unsafe. Initially, it didn’t warrant much attention, but as people started craving privacy, many companies initiated offering VPNs as a method that could ensure internet safety. However, the story of VPNs didn’t begin here. They started as a way for businesses to protect their data. Even today, most VPN applications exist solely for the sake of corporate establishment. But how does this VPN work, especially with the site-to-site VPN?

Like other implementations, an S2S utilizes tunneling to connect the remote workforce to a central authority. However, in the case of S2S VPNs, there is an apparent lack of VPN clients or credentials. The VPN employs gateways at network endpoints and facilitates tunnels between two such gateways. An employee using the corporate network won’t find anything remiss, but unbeknownst to them, the entire traffic is encrypted. Here is a simplified process of what happens when you connect to an S2S VPN:

  1. The employee logs into the corporate network to access a resource.
  2. The request travels towards the network endpoint and reaches the VPN gateway.
  3. The gateway understands the request and routes the data towards the required network. However, the data traveling from the gateway would be subject to encryption.
  4. Then this data reaches the entry point of the central network or HUB.
  5. Now the respective gateway will receive the data and decrypt it before passing it to the NAS.
  6. After that, the relevant response will use the same channel to travel back to the employee device under encryption.

Types of corporate VPNs

VPNs have broad classifications. There are consumer VPNs and corporate VPNs. Similarly, some VPNs differ based on the protocols used. But for the general distinction, we can divide corporate implementation of VPNs under two distinct categories: remote access and site-to-site. Although individual VPNs are also remote access in nature. Furthermore, we can classify these VPNs based on their activity or protocols. Primarily, there are the following VPN implementations available for corporate use:

  1. Remote Access VPN — Remote access VPNs are the current market standard. They are “temporary” VPNs that can create a network on the go. They do not get limited by physical location. Typically, a remote access VPN requires a client to establish a tunnel between the user and a central database. Recently, remote access VPNs have garnered much fanfare due to their ability to promote remote workforce sans branch offices. They also aid in the WFH (work from home) culture.
    1. IPsec VPN — Remote access VPNs that utilize the IPsec suite of protocols. These VPNs need a client and proper authentication. They are more secure and can work exclusively.
    2. SSL VPN — SSL VPNs forgo the use of clients. Instead, they can provide access over any browser given proper authentication. They are much faster than IPsec VPNs but less secure.
  2. Site-to-site VPN — S2S VPNs also link remote workplaces. But they rely on physical location and connect whole networks instead of individual accounts, using the HUB and spoke architecture to connect remote networks to a central authority. But they do not use clients or credentials and are less secure.
    1. Intranet-based S2S — Intranet S2S connects multiple LANs into a WAN. It is the internal network that uses a public network to facilitate the pooling of resources under a central authority.
    2. Extranet-based S2S — Extranet S2S allows external communication. The VPN ensures your internal resources are not accessible and facilitates communication between your partners, clients, collaborators, etc. It enhances security and eases the burden on the central network.

Why are site-to-site VPNs becoming obsolete?

A site-to-site VPN is the best choice for a company with multiple remote branches. However, it is not suitable for an individual remote workforce. Furthermore, a remote access VPN is everything an S2S VPN is and much more. Understandable, the tech is over two decades old, and it has long since stagnated. Today, there are many alternatives available that can get the job done at a lower cost and without much hassle.

Integration of cloud and remote workforce that spend most of their time outside an office makes the idea of an onsite data center a little apprehensive. Then there is the ever-dynamic technology that keeps coming up with something new. Today, a resource shared over a cloud via the public internet makes more sense to companies than S2S VPNs.

Alternates to site-to-site VPN

There are 3 prominent replacements for S2S VPNs:

  1. SASE — Secure Access Service Edge (SASE) is a cybersecurity model that delivers networking and network security services companies need directly through a cloud infrastructure. Furthermore, it allows companies to connect their remote branches and route traffic to the public or private clouds, software-as-a-service (SaaS) applications, or the internet. Moreover, they can manage and control access.
  2. SD-WAN VPN — An SD-WAN (Software-Defined Wide Area Network) simplifies the management and operation of a WAN by separating the networking hardware from its software. In simple words, it works as a combination of Intranet bases S2S and MPLS VPNs.
  3. Remote Access VPN — Remote access VPN is similar to S2S but adaptable to render individual workforce.