Manage Learn to apply best practices and optimize your operations.

Cloud-based remote access: Scenarios for success

The scenarios for installing cloud-based remote access are evolving as vendors bring to market new tools to aid both accessibility and security.

The popularity of the public cloud is in many ways quickly replacing the need for remote access in enterprise organizations....

Instead of having to authenticate into a corporate LAN from the internet, remote users simply connect directly to resources for public SaaS, platform as a service or infrastructure as a service that are readily accessible. Yet despite the diminishing role that remote access technologies may have in the enterprise thanks to cloud computing, they are still required in many situations. Thanks to the wonders of cloud computing, even traditional remote access methods are more seamless and easier to manage than ever. Call it cloud-based remote access.

Varieties of cloud-based remote access

One of the increasingly popular remote access techniques to grant teleworkers access to internal corporate applications and data is to allow them to log into virtual desktops. While a virtual desktop infrastructure (VDI) can be operated on-premises, cloud-based VDI has plenty of benefits. Cloud-based remote access via VDI is often called desktop as a service (DaaS), and it takes away the upfront cost, buildout and management complexities from internal IT staff and offloads those duties to a cloud services provider. A properly tuned DaaS could be the most effective way to offer internal computing resources to remote workers around the globe.

If you prefer to use more locally deployed, software-based remote access technologies like IPsec or SSL virtual private networks (VPNs), the cloud can still assist. Many IT departments have discovered that moving their authentication mechanisms out of their private data centers and to cloud-based remote access allows for easier management and a more streamlined approach. If yours is like many organizations out there, you likely have some apps and data in the cloud and others in a private data center. Early hybrid cloud designs often left the authentication component in the private side of the network. However, now that most organizations are more comfortable with the security and stability of public cloud services, they have found that moving the end-user management and authentication to the cloud allows for a more centralized management experience for both publicly and privately hosted company resources.

In situations where staffers work out of small branch office or teleworkers work out of their homes, many companies are opting to build a different sort of remote access: a static, site-to-site VPN between the corporate LAN and the remote location of those end users. Connectivity still uses the internet for access, but the primary difference is that a hardware appliance is used on both sides of the VPN tunnel for automated authentication and encryption across the virtual tunnel. The benefit to the end user is that they are not required to manually authenticate each time they need to access a company resource. Instead, a site-to-site VPN acts as if it's simply an extension of the corporate LAN.

Previously, the high cost to deploy and remotely manage dozens or hundreds of site-to-site VPN tunnels led many IT departments to use site-to-site VPN deployments sparingly. But thanks to lower hardware costs -- and advancements in cloud management technologies -- offering static VPN tunnels to large numbers of teleworkers is now a reality. Several examples of this exist in the market, including the Cisco Meraki Z1 teleworker gateway appliance that offers a low price point and a cloud-managed interface for ease of troubleshooting by corporate IT staff, as well as entry-level appliances from Fortinet and Checkpoint.

A method for traditionalists

Finally, if you need traditional remote access services but would rather have someone else manage the entire architecture, you can go with a fully managed VPN provider. In this scenario, cloud-based remote access is achieved by allowing a cloud service provider to not only manage authentication but also the authorization, accounting and general maintenance of a standard remote access VPN service. Plenty of service providers offer VPN as a service including technology companies like MegaPath and Zscaler. Wireless carriers such as AT&T and Verizon also offer business-class remote VPN access services that primarily target mobile workforces that use smartphones and tablets to reach corporate resources.

Next Steps

Learn the difference between wireless access points vs wireless routers

What's next: Discover remote access as a service

Wonder what VPN design is best for your company

This was last published in August 2017

Dig Deeper on Network Access Control