As organizations connect branch locations directly to the Internet — rather than backhauling Internet traffic to headquarters over multiprotocol label switching (MPLS) services — they need to ensure the security of those remote site connections. InSpeed Quality Service (IQS) establishes a virtual private network (VPN) to protect company data as it travels over the Internet.
IT pros talk about using VPN tunnels to transmit data securely from one point to another. The word “tunnel” is used as a metaphor for a private pathway through an unsecured network such as the Internet. The tunnel is created using encryption to encapsulate the data packets. Because the data is encrypted, only the designated recipient can read it.
Organizations set up VPNs to connect two or more sites to one another, or to allow remote users to securely access company resources. There are three primary VPN topologies:
- Point to point: This is the simplest form of VPN, in which one site connects to another. The VPN is set up and configured at each endpoint.
- Hub and spoke: Each remote site is a “spoke” that connect to the headquarters “hub” via a separate VPN tunnel. The remote sites communicate with one another by going through headquarters.
- Full Mesh: All sites are connected to one another. This is the most complex VPN topology, but also the most flexible and reliable.
Organizations have traditionally used the hub-and-spoke topology because it’s relatively easy to implement and requires only one VPN connection between each remote site and the hub. However, the hub-and-spoke model has a “single point of failure” — if headquarters loses connectivity, the entire VPN fails. It also creates latency because all traffic is traveling through a single chokepoint. Remote locations are unable to access multiple data centers, or collaborate with one another.
The full mesh topology eliminates the single point of failure, reduces latency and is capable of handling larger amounts of network traffic. However, a full mesh VPN traditionally has been expensive to set up due to the hardware required for each remote site. If not designed properly, the WAN will not route traffic in the most efficient manner. Full mesh VPNs are also highly dynamic and complex to maintain using legacy tools.
SD-WAN simplifies all of this by automatically establishing and configuring each VPN connection. A mesh of virtual links is created dynamically and layered on top of the physical WAN infrastructure. With IQS, a site can be set up with a single click and managed through a centralized, cloud-based console.
InSpeed’s SD-WAN solution is cost-efficient as well. Everything is handled by a small, onsite appliance that self-configures and automatically connects to the InSpeed cloud. It’s plug-and-play simple and so inexpensive that it can be used by employees who work from home. IT teams don’t have to worry about support headaches associated with legacy VPN technologies.
Many organizations are finding that the traditional hub-and-spoke VPN topology no longer meets their operational requirements. InSpeed makes it easy to set up and administer a full mesh, site-to-site VPN, ensuring robust security over any Internet connection.