This week we will highlight the benefits and drawbacks of a software solution and briefly discuss the most common designs, hybrid.
Software solutions come in two main varieties, a solution installed and maintained by yourself, or one maintained by a provider on your behalf.
The main drawbacks of software solutions include:
- Hardware solutions have dedicated hardware and often have dedicated processor optimized for encrypting and decrypting. Software solutions often run-on standard server hardware.
- Most of these solutions are not provided by firewall and routing vendors and you could lose the ability to have integrated reporting.
- If self-hosted, you need to stay abreast of security vulnerabilities for both the OS and the VPN application
- If hosted by a service provider, you need to have trust that they are staying abreast of security and have the chance that a breach would affect all their clients including you.
The main reasons people choose software solutions:
- Opportunity to make changes to open-source solutions, to match specific requirements.
- Makes sense as a remote worker solution
- usually only a few devices
- allows for a mobile work force
- does not affect other devices on a network
Software as main site solution.
Software solutions have been around for a long time and have been a popular alternative. Opensource solutions like OpenVPN, which is popular for their community (free edition) as well as the commercial solution, is a well-known example. So much so, that you have been able to find OpenVPN clients on routers and other devices, such as SIP phones, for quite a few years now.
Using a software solution, as the hub that all other sites or remote workers connect to, usually means you have a locally installed instance. Also becoming more common, with clouds being extended into the local office network with VPNs or peering connections, is a cloud-hosted instance.
Considerations on where to host a software solution come down to avoiding bottlenecks. Most software solutions do not allow inter-branch or inter remote worker connections. This means hosting your solution outside of your network, or one solution for multiple sites requires network throughput planning at the central point. You might have large internet connectivity at one site, but if the connectivity at the main site is smaller or the same but supports multiple sites, it will serve as a bottleneck and degrade the experience. Although, a single hosted location for all sites, has the benefit of being easier to maintain and monitor.
With hardware solutions, like the DMVPN solution from cisco, there is the ability for the hub to just act as a control. When the spoke network connects to the hub, the hub then lets the other spokes know about the IP and availability of this network. The spokes can then connect to each other. With software solutions, this is less common. As predominantly still used as the solution for remote workers, there are very few solutions supporting this inter-client connection, as the requirement would still be low for this design.
Software as a remote site solution and its role in Hybrid designs.
Where software VPNs have been the most common, is as a VPN client on a remote worker’s device. With remote workers rarely requiring more than one device to have remote access, a software application installed instead of a hardware device makes more sense.
Therefore Hybrid designs are the most common. With a hardware device, such as a firewall or router, at the main site and software clients on the remote worker devices.
Most mobile devices have had software clients since the early days of smartphones.
In this series we have discussed, hardware solutions, software solutions, the zero trust model, and the common hybrid design. Next, we will be talking about common technologies employed, securing remote administration, and finally discussing securing remote workers or sites when using some specific services such as voice or video solutions.