VPNs in a World of Everything Remote. Managing Devices & Remote Services
Customers are contemplating alternatives to do EVERYTHING REMOTE and need solid technology solutions that are easy and fast to deploy, secure and can be managed remotely.
Many MSPs and integrators are being asked for ways to enable remote users to securely connect to companies’ digital services and resources.
Don't Risk Your Network: Port Forwarding is a Security Threat
The first thing that may come to mind is setting up some port forward rules in the company router facing the public Internet. That is the least desirable way to do this as it represents a security threat by leaving these services open to the world since simple passwords and the login prompts of many devices and service as not safe enough to withstand brute force attacks or smart attacks that identify devices they can find and know all known weaknesses of of specific devices to automatically hack them. It won’t be long before a malicious port scanner discovers the ports you have forwarded and starts trying to hack your internal devices. Most solutions also are tedious for the IT Team that now need to manage security and access. Of course this might infringe security regulatory rules such as HIPAA, PCI, SOX, GDPR and others.
More experienced and secure conscious IT professionals will recommend establishing VPN tunnels from remote users’ computers or networks. That is when the quest to find, learn and test an easy to configure, affordable VPN server device starts. Don’t spend days or weeks on this with trial and error.
Advanced routers offer VPN and firewall features
The VPN server and firewall functions are now incorporated in smarter, advanced routers. Such routers can be called next generation routers, security routers, VPN routers, Internet Gateways, etc. Unfortunately most are difficult to set up and expensive, especially, when licenses need to be paid to enable VPN features. Once some hidden recurrent licensing costs are uncovered, it can quickly become a non-viable solution for SMBs. Good news is that there are SMB friendly solutions.
One way to VPN a remote user is setting up VPN directly from their computers. Another way is establishing a LAN-to-LAN VPN between remote user networks and companies LAN. The latter option is better when the remote network is a SoHo or branch office and there is a need to connect multiple devices seamlessly.
A solution we like to promote that has all that is needed: VPN, firewall and security options, does not break the bank, and does not require licenses is from DrayTek.
Now let’s explore the VPN options for remote users:
VPN remote users directly from their computers or mobile devices
Also referred to as Host-to-LAN or Remote Dial-in VPN, it usually requires the use of a VPN client installed in the remote computer or device but can also work with the devices’ OS native VPN clients.
There are multiple types of VPNs with different levels of encryption and performance. The most common ones nowadays are SSL VPN, OpenVPN(r) and a few flavors of IPsec.
DrayTek offers a free VPN client for Windows, Mac OS, Android and iOS and supports all the VPN types mentioned. Of course there are preferred VPN types for improved performance and security depending on the OS of the device running the client. If you prefer not to install any VPN client and use the OS built-in VPN you can also do. Here is the recommended VPN types for DrayTek routers running DrayOS, Models 2133, 2926, 2952, 3910:
LAN to LAN VPN
LAN to LAN ( Lan2Lan ) VPNs have been used for many years by large and medium enterprises. IT requires a router or VPN device in both local and remote sites and is mostly used to interconnect branch offices and Extranets. In the past, it was also required to have a very specialized technician to set it up and support it. Many encryption methods and terms used would scare away new users creating an entry barrier to new players.
The nineties have passed and complex command line configurations are not needed anymore. Friendly GUIs and simple one or two page documents are more than enough for an IT technician with limited experience to successfully setup secure LAN to LAN VPN tunnels.
In addition to Point-to-Point connections between two sites, Lan2Lan VPN can be used to connect multiple offices in Hub-and-Spoke or Mesh VPN topologies. At this point advanced routing and firewalling is needed to direct the traffic flow.
Some Lan2Lan VPN endpoints even offer redundancy and failover. A VPN Trunk can also be used to group VPN tunnels going over distinct ISPs and offer aggregation and failover capabilities.
Recommended Security: IPsec Tunnels with AES-SHA256 Encryption
Almost all Lan2Lan VPN endpoints support IPsec and since it is a standard interconnection between VPN endpoints from multiple vendors is possible. DrayTek has been an excellent option as an addition to existing VPN networks as it can establish VPN tunnels to mainstream Networking/VPN product manufacturers.
Multiple Lan2Lan connections involving a number of routers can be challenging to manage. The solution you pick should provide a way to configure, manage and monitor all the VPN tunnels from a single central Interface. Again, DrayTek fulfills this need with its ACS centralized cloud management.
To have the answer ready on which model your customer needs, and deliver the answer to their Everything Remote question, simply click & pick the solid technology solution that’s easy to deploy remotely, keeps your clients secure, while managing their experience, like only you can, right here.
