How a VPN Works

How can you connect two networks in geographically separate locations without installing a private connection between them? How can a software development company provide remote services to allow users to access corporate services that need to remain protected from the prying eyes of the public Internet? The answer to both questions is to use a Virtual Private Network (VPN). VPNs provide virtual network links based on encrypting and isolating traffic at the packet level while using commodity Internet services for transport. The two most common uses of VPN are to link branch offices or remote sites together (called LAN-to-LAN tunneling, or L2L) and to provide remote access to office environments (called Remote Access [RA] VPN).

L2L tunnels are used widely for private communications between corporate networks and other trusted networks, which could be remote offices or other corporate-controlled networks, or third parties (for example, for outsourcing or Business-to-Business [B2B] data exchange). The L2L tunnel can be thought of as the “industrial-strength” VPN approach, typically used in the same way that a point-to-point circuit or private network link would be used. VPNs are a default approach to secured communications between any two parties, because the conditions and traffic allowed on the VPN can be strictly controlled from either end of the tunnel. L2L VPNs typically require a device on both sides of the connection that can support the same features and capabilities, as all settings need to be identical on both endpoints of a VPN for a tunnel to be created. While there is no way to provide Quality of Service (QoS) with Internet-based VPNs, since the routing of the traffic is still at the discretion of the layer three pathway, they are fast, convenient, and secure.

RA VPN services enable users to work from a remote location as if they were physically in an office. For both convenience and cost reasons, RA VPN services are becoming more prolific as telecommuting and third-party system access become increasingly important to a variety of businesses.

How a VPN

Works The goal of a VPN is to provide a secured communication channel through a network, most commonly a private tunnel through the Internet. To do this, the traffic is encapsulated with a header that provides routing information that helps the traffic get to the destination. The traffic is also encrypted, which provides integrity, confidentiality, and authenticity. VPN has great importance to software development companies in India.

A VPN is referred to as a tunnel because the client does not know or care about the actual path between the two endpoints. There are many types of non-encrypted tunnels available today, such as Generic Routing Encapsulation (GRE) tunnels, which make two places on a network appear closer together. While a VPN topographically does the same thing, the private component of VPN refers to the encryption. For example, suppose a branch office is linked to the corporate network by a VPN. There might be a Border Gateway Protocol (BGP) autonomous system (AS) path 15 hops over the public Internet between the corporate VPN device and the branch office’s endpoint device, but once the VPN is established, any clients using this connection will only see the single hop between the VPN endpoints.

A trace route over a VPN can neatly illustrate this concept. Figure demonstrates this logic. In the figure, the Internet cloud represents all of the potential connections and transit points that might actually be taken by packets traveling from the client to the server. The path from client to server represents the logical tunnel—to the client the connection looks like a direct path through the Internet.

Most VPN tunnels allow for the encapsulation of all common types of network traffic over the VPN link. IPv6 connections can also be transported across IPv4 networks using tunneling, but these types of tunnels are not necessarily encrypted, and by themselves are not a VPN (they are referred to as dual-stack tunnels, and there are a few different methods for using them). The ultimate goal of VPN service is to allow clients to have the same functional capabilities through the tunnel that they would have if they were locally connected to their corporate network—in short, secure remote access. Ref – custom software development companies

Cloud selection basis - few other parameters

We are exploring other few factors that helps in deciding cloud vendor. Software companies in India recommend following factors/elements to be considered.

• Speed to deliver or network throughput
• Data in Motion
• Logging and Audit
• Help and Support
• Additional features

We will discuss each point in detail.

• Speed to Deliver and Network Throughput

The speed at which the user can push or pull data to cloud storage determines the throughput. If the cloud provider went “low end” on their choice of upstream networks (high packet loss) or under provisioned bandwidth for the storage deals they sell (thin pipes), that “unlimited storage” deal suddenly looks a cloud mirage. It’s always better to insist on a trial period (most providers offer them) and monitor throughput both up and down with real data over a number of days.

• Data in Motion

However, if the cloud providers offer multiple methods (or protocols) to access their service, users may opt to use a weaker than default option; e.g. FTP or WebDAV with no SSL. One thing to avoid is confusing the encryption endpoint cloud providers use when the users of cloud push/pull the data, with the encryption they use on their website. So users might check their website SSL certificate, see it’s issued by a reputable CA and feel reassured.

In reality, the company devices will communicate with their storage endpoints running on different servers with different SSL/TLS setup. And this is where problems can creep in. For example; a provider may require user to use their software to access their service. Their software may not be programmed to verify the SSL certificate of the storage endpoint (this is not specific to storage security; it’s surprisingly common across SSL clients). But since users are using their software, they won’t see any message alerts or pop-up boxes warning that their SSL session is subject to a man in the middle attack.

• Logging/Audit:         

Some cloud storage providers do not provide any user accessible logs. What data was accessed by who and when is kept hidden many times. It’s safe to assume that if they do not expose this data to users via their website or an API, the users will not be able to obtain this information. This is nearly always the case on free plans. Logging and audit features tend to come with “Professional” and “Enterprise plans”.

Storage providers offering monthly plans generally do not charge separately for logging – it’s usually baked in (but do double-check before signing up).

Supplemental to logging and audit trails is whether the storage provider exposes an event API. This is like an activity feed that a program can subscribe to and react to events. For example; if company business partner started erasing all the shared files, one could find out in real-time… Real-time notifications (with a way to program a “reaction”) may be the fastest way to learn when cloud account or file has been compromised."

• Help and Support

Help and support for Cloud and Online Services and provided with Links to customer service, technical solutions, and answers to top cloud computing issues. Also if the users don't find the solution, they can have more options in the troubleshooting tool and provide with recommendations. Having a 24/7 support is what the users shall look for considering the users reside in different time zone.

• Additional services

"Cloud storage providers oversell storage to survive in a competitive market: for every 1GB of space they “have”, they will sell it many times over. This is a common business practice and works when there is reasonably predictable consumer behavior. In short: the majority of “pre-paid” customers don’t use all the resource they are entitled to.

1. - Software development companies in India