The expert view Steve Cassidy
Business VPN provision is a giant, Game of Thrones- style epic battle between different providers. Not just different in their brand, but different in their entire concept. MPLS and its rather lumpen successors are about a third of the VPNs I see; another third are using SSL, while the last third are experimenting with IPv6.
Of these three, the smoothest implementations are in the SSL group, which is why firewalls that work this way are expensively licenced. Businesses that have lots of roaming users love SSL, because it travels in the same socket and format as HTTPS sessions – which means that connection suppliers, dodgy hotels, convention centres and Jon Honeyball’s airline seat in the mid-Atlantic don’t stop your VPN traffic dead in its tracks. SSL also means you can extend your VPN to tablets and phones – something you’ll find much more difficult with MPLS and later equivalent technologies.
Beware, also, handshakes that happen out of sight. Connection providers can tell you they have coverage where your offices sit, and then achieve that by subcontracting with a local supplier. Their traffic - and yours - looks like it’s just the same as back at head office, but actually it’s hiding the subcontractor’s infrastructure. Incredibly, some suppliers I’ve dealt with in Europe are amateurish, verging on irresponsible, about connections they don’t “own”, most often because they feel denied the chance of some local sell-through or bundled telephony deal.
With all that said, VPNs are worth the bother. Having a completely reachable, open address space across all your locations makes the support and troubleshooting process so much easier: certainly easier than relying on traffic crossing the public internet to get work done. These days, most cloud services require you to make a secure link before you can do anything, which turns your cloud portfolio of servers into a virtual branch when looked at from the perspective of a hub and spoke VPN. And nobody’s cloud data centre is going to accept a connection over MPLS. Ring them and ask, and you might hear a little bit of laughter.