If you’re offsite at a hotel or coffee shop, it helps to have a secure connection back to the corporate network. In this video, you’ll learn how VPN concentrators are used to provide large-scale VPN connectivity when you’re away from the office.
<< Previous: Packet ShapersNext: VPN Connections >>
VPN stands for virtual private network. And as the name implies, it’s one way to communicate from one location to another over a public network, but somehow manage to keep all of your communication private. And we do that through an encryption mechanism that’s incorporated into something called a VPN concentrator.
A concentrator is a centralized device that is used to encrypt and decrypt this information. The encryption process and the decryption process uses a lot of CPU power. And if you have many, many people that are on the outside the need access to your internal network, you need one device that’s specially designed to keep up with this high load and still be able to maintain all the encryption and decryption capabilities that you need.
There are many ways to deploy this. Generally, it’s done through specialized hardware so that you can maintain these very high speeds. But it could also be done through software. As long as you have a central processing unit that’s able to keep up with the load, you may not need a specialized piece of hardware to perform this concentration.
You can see this often used in tandem with some client software that’s running in your operating system. It’s communicating back to the concentrator, and that’s where all of the communication is encrypted, between that concentrator and the end station running that operating system. Here’s what this looks like.
This is a scenario where I have my corporate organization. Everything inside of that bubble is generally trusted, and everybody can talk to everybody else as long as they’re inside of that network. On my corporate network is a VPN concentrator. And it, of course, can communicate to all of those devices as well. It’s usually a device that’s accessible from the internet, because that’s where we need to have all of this private communication.
So we’re at a coffee shop with our laptop. We’ll start up our VPN software, and it will create what we call an encrypted tunnel back to the VPN concentrator. This is simply a connection back where we’re going to send all of the traffic in an encrypted form. So our laptop is smart enough to encrypt that data and send it through that tunnel to the VPN concentrator.
At that point, the VPN concentrator will decrypt the information and send it in the clear into our corporate network. So if we’re talking to a file server, we’ll be able to communicate to that file server. When the file server responds back to you, it goes through the VPN concentrator where it is again encrypted and sent back to you and decrypted on your laptop.
This means that we can be in a coffee shop. We can go to a conference. We can visit a hotel and use the local network, but still maintain a secure connection back to our corporate environment and be assured that nobody’s going to see any of the data going back and forth.