What Is a Site-to-Site VPN and Does Your Business Need One for 2020?
If you’re wondering what a site-to-site VPN is, and whether having one is right for your business, you’ve come to the right place. We’ll show you how site-to-site VPNs came into being and evolved, how they work, and how to choose between a site-to-site VPN and the other business VPN options on the market.
Initially, VPNs (virtual private networks) were developed to give companies a way to connect remote offices or workers to the local-area network (LAN) within the company’s main office. To this day, the primary purpose of a corporate VPN is to provide secure remote access to private company resources.
Personal vs. Corporate VPNs – What’s the Difference?
With the democratization of the internet, everyday users began to seek ways to access the web securely and anonymously. This demand gave rise to personal (consumer) VPN services, which are designed for individuals who wish to hide their IP addresses. Masking your location makes it possible to download torrents anonymously, access geoblocked content, protect your devices when you use public wi-fi, and more.
However, most personal VPNs don’t meet the needs of businesses. They were built to protect a single person’s internet connection, not a company-wide network that carries and stores thousands of terabytes of sensitive data.
A site-to-site VPN is just one of many corporate VPN types in use today. Below, we’ll explain the basics of site-to-site VPN configuration. We’ll also compare site-to-site VPNs to other corporate VPN solutions to help you find the one that’s ideal for your company’s needs.
What Is a Site-to-Site VPN?
A site-to-site VPN allows a business with offices in multiple locations to establish secure connections between the various LANs at these offices over the internet. For example, a site-to-site VPN might connect a branch office LAN to the main network at company headquarters.
A site-to-site VPN therefore extends the company’s network, making computer resources at one location available to employees at other locations. This capability makes a site-to-site VPN an attractive option for a growing corporation with branch offices around the world.
The two main techniques for establishing a site-to-site VPN are:
- Internet VPN method
- Multiprotocol Label Switching (MPLS) VPN method
The difference between internet-based and MPLS VPNs lies in the connections they use, and whether the company’s own network or the VPN provider’s network performs the virtual tunneling.
Creating an Internet-Based Site-to-Site VPN
The internet VPN method utilizes a company’s existing network, together with the public internet infrastructure. In order to set up an internet-based site-to-site VPN between two sites, a VPN gateway (router, firewall, VPN concentrator, or security appliance) such as the Cisco Adaptive Security Appliance (ASA) is required at both sites.
The VPN gateway encapsulates and encrypts all outbound data traffic from one site, sending it through a VPN tunnel over the public internet to a peer VPN gateway at the second site. Upon receiving the transmission, the peer VPN gateway decrypts the content and relays the data onto that office’s LAN.
Creating an MPLS Site-to-Site VPN
While internet site-to-site VPNs have been around for many years, MPLS is a relatively new method of establishing a site-to-site VPN. In this method, the VPN connection is established by connecting to a carrier-provided MPLS cloud, instead of to public internet.
Thus, an MPLS VPN uses infrastructure belonging to the VPN provider, not the company using the VPN. To configure an MPLS VPN, a business security solutions provider creates virtual connections between the client company’s office sites across the provider’s own MPLS network.
The primary advantages of MPLS VPNs are ease of deployment and optimal network performance. MPLS VPNs are ideally suited for bandwidth-intensive and delay-sensitive applications, such as video conferencing and VoIP.
The disadvantage of MPLS VPNs has always been cost. Private IP services like MPLS site-to-site VPNs are very expensive, particularly for international connections.
Is a Site-to-Site VPN Right for My Business?
No matter which configuration method is used, creating and maintaining a site-to-site VPN requires a significant investment of financial and human resources. Before considering such an investment, you need to first figure out if a site-to-site VPN is right for your business.
Most companies that use site-to-site VPNs have the service set up by a business security solutions company such as Cisco, Palo Alto Networks, or Checkpoint. Typically, the site-to-site VPN is just one part of a larger package of security services.
Some of the key factors to consider when deciding if a site-to-site VPN is right for your company are:
- size of the business
- number of locations
- geographical spread (how far apart locations are from each other)
- resource-sharing requirements
If your business is spread across multiple locations and employees at every location need to access resources at the main office, you should consider deploying a site-to-site VPN.
An Example of a Company that Needs a Site-to-Site VPN
Consider a London-based consulting firm that decides to open branch offices in New York, Beijing, and Tel-Aviv. There will be 10 to 20 employees at each location who need to access a shared file server, e-mail, and other company resources at the central office.
One option is to use a dedicated connection from each site. However, each location’s network demands are relatively small, so a dedicated connection to each site does not make business sense.
The company can instead purchase local internet connections and create an internet-based site-to-site VPN that connects the locations. Even though creating and maintaining the VPN involves substantial costs, doing so will save the company thousands of dollars per month compared to the cost of dedicated connections for all locations.
What Are the Alternatives to a Site-to-Site VPN?
There are other ways besides deploying a site-to-site VPN to keep multiple locations or mobile workers remotely connected to your main business LAN. These alternatives might be more convenient and practical solutions for small- and medium-sized businesses with multiple locations. The most popular alternatives to site-to-site VPNs include:
1. Remote-Access VPN
Corporate VPNs can be either site-to-site (connecting two or more LANs in different locations) or remote-access (connecting individual computers to a LAN). Remote-access VPNs allow employees to access their company’s LAN from home or anywhere in the world.
In order to set up a remote-access VPN, each user’s device must have VPN client software installed, or the user must have access to a web-based VPN client. Whenever the user’s device sends data, the VPN client software encapsulates and encrypts that traffic, and then sends it over the internet to the VPN gateway for the company LAN.
When the VPN gateway receives any remote user’s encrypted transmission, it decrypts and relays the traffic onto the company LAN, just like a site-to-site VPN gateway does.
For organizations with multiple offices with no more than three to five employees, a remote-access VPN may be the ideal choice. The cost is much lower than creating a site-to-site VPN to connect the entire LANs of various locations.
In comparison to a full site-to-site VPN configuration, a remote-access VPN will involve some compromises in speed and overall network performance. However, for smaller organizations, these issues will be very minor, often not even noticeable.
2. SD-WAN VPN
In the past, network management approaches were designed around employees using separate branch LANs to accessing on-premises applications. Today, most business applications are hosted in a cloud. This shift has given rise to the SD-WAN VPN, an alternative business VPN technology that is more dynamic than a remote-access VPN.
An SD-WAN (software-defined wide area network) simplifies the management and operation of a WAN by separating the networking hardware from its control mechanism (software). As organizations become more geographically dispersed and use a growing number of cloud-based applications, traditional WANs are struggling to keep up with the amount of data being transmitted.
A good SD-WAN VPN combines the cost benefits of internet-based site-to-site VPNs with the performance and agility of MPLS VPNs. With an SD-WAN, organizations can replace at least some of their high-priced MPLS circuits with more economical internet connections. The optimization and multi-path capabilities of an SD-WAN ensure performance stays high enough for each location’s workload, even though public internet infrastructure is used.
SD-WAN products can be physical appliances or virtual appliances. They are placed in remote and branch offices, corporate data centers, and, increasingly, on cloud platforms.
3. Cloud VPN
A cloud VPN allows businesses to maintain and protect their private cloud resources by providing employees with VPN access to those resources via the internet.
Just as the name implies, a Cloud VPN is a cloud-based infrastructure that delivers VPN services. Many businesses are migrating their business applications to the cloud, and employees are increasingly relying on their mobile devices and laptops to access these applications.
Business cloud service providers supply the network infrastructure to house applications and make them available remotely. However, they do not provide security for personal mobile devices and laptops used by employees (bring-your-own-device, or BYOD). A cloud VPN fills that gap by securing employee devices.
For organizations whose business LAN environment or day-to-day business applications have moved to the cloud, a Cloud VPN is often the best alternative for cheap and secure access.
Perimeter 81is a VPN provider specializing in Cloud VPNs. Most cloud service providers such as Google and Amazon also offer Cloud VPN services.Learn More About Cloud VPN Business Plans.
4. Business VPN Plan from a Consumer VPN Provider
Although the above three alternatives are more affordable and less labor-intensive to set up than a site-to-site VPN, they still require a substantial investment. If your business can’t yet afford a complete security package from one of the big corporate VPN providers, there is another way to get the benefits of a VPN service.
Although providers of personal VPNs primarily focus on the needs of individual users, a few premium consumer VPN providers offer business VPN plans.
These VPN services are not practical or cost-effective for large global organizations. However, for small and mid-sized businesses with just a few locations, they offer a way to fully protect company data without the infrastructure of a corporate VPN.
Some of the benefits of purchasing a business VPN plan from a consumer VPN provider include:
- Remote-access VPN functionality to connect workers to the LAN
- Improved security for employee devices
- End-to-end data encryption
- Secure access to cloud applications
The consumer VPN providers that we recommend for business VPN use are shown below. Business and enterprise plans from these providers are designed for multiple users or teams, with a dedicated server and IP address to guarantee consistent quality of service.
Personal VPN Services with Available Business and Enterprise Plans
Our #1 overall consumer VPN provider, NordVPN offers custom plans for small businesses. An industry leader in network reliability and security, NordVPN is an ideal choice if your business handles a lot of sensitive information.
ExpressVPN is the fastest personal VPN we’ve tested. It has servers in more than 90 countries, making it a great choice if your small business has locations spread out across the world. Knowledgeable customer service agents are available 24/7.
- Perimeter 81
A cloud-based service from consumer VPN provider SaferVPN, Perimeter 81 was designed for small businesses. The simple software and easy access to private servers have impressed our experts.
PureVPN offers exceptional global reach, with servers in over 140 countries. The provider’s business plans are perfect for small companies that send employees all over the world, and users appreciate the network’s speed.
- Torguard VPN
As the name suggests, developers created Torguard VPN for use with torrenting websites. The high speeds and privacy protection that torrenters love also make this VPN a nice choice for small businesses.
Comparison of Features of Various Business VPN Solutions
To help you decide which VPN solution best fits your company’s needs, here is a summary of the pros and cons of each option:
|Features||Site-to-Site VPN||Remote Access VPN||SD-WAN |
|Cloud VPN||Consumer VPN Business Plan|
|Ideal for||Connecting two or more networks (LANs)||Connecting devices to a single network||Connecting two or more networks (LANs)||Cloud-hosted infrastructure||Connecting office networks and remote workers to the internet securely|
|Ease of Deployment||Complex||Easy||Complex||Easy||Easy|
|Skill Level |
Required for Setup
|Highly skilled technology experts||Skilled tech pros||Highly skilled technology experts||Skilled tech pros or skilled users with help||Skilled users with help from a skilled VPN support team|
|Performance||Excellent/best||Good to Very Good||Excellent||Very good||Good|
|Target Market||Large Business||Any Size Business||Large Business||Any Size Business||Small to Medium Business|
Fig 1.0 Comparing the various business VPN technologies
A site-to-site VPN enables organizations to securely connect geographically separated LANs in order to provide employees at all locations with secure access to network resources.
Although it offers numerous benefits for a large organization, a site-to-site VPN comes at a high cost in both dollars and human resources. For most small- and mid-sized business, it is worthwhile to consider more affordable and convenient methods to connect multiple LANs or provide secure access to remote workers.
Alternative solutions that still offer VPN security include:
- Remote-access VPN
- SD-WAN VPN
- Cloud VPN
- Business VPN plan from a consumer VPN provider
Which VPN technology is best for your company depends on many factors, but one thing is certain: with the amount of corporate data that now routinely moves between business locations, employee devices, and the cloud, no business should be without a comprehensive security plan that includes a VPN.
By routing data in motion through a securely encrypted tunnel, a reliable business VPN greatly reduces your organization’s risk of data exposure and network hacking, while minimizing downtime.