What is a VPN and how does it work?

Virtual Private Network

In today's digital workspace, secure access to internal resources is crucial. VPNs offer a secure path to file servers and applications but come with challenges like slow transfers and difficult setups. Discover VPN operations, common issues, and efficient alternatives to maintain your team's productivity anywhere.

VPN in a Nutshell

A VPN is a client-server technology where the VPN server, often integrated with the company firewall, is set up on the company side to accept connections from remote devices. Remote employees must install and configure a VPN client to access company IT resources behind the firewall. The VPN client and server emulate network traffic at the TCP/IP level, or network level in general via software, giving the remote machine a virtual company network address. This allows communication with internal resources, like file servers. User authentication is typically required, necessitating connection to the company's Active Directory. The VPN client often needs a company-specific secret, making provisioning and configuration dependent on company policies and varying in complexity.

Security Risk and Mitigation

Since the VPN server emulates the company network for remote devices, these devices can send network traffic to internal resources, posing a security risk. IT teams have developed several countermeasures to mitigate this risk. First, they require the VPN client to be installed within the company network, configuring it with a company secret to prevent unauthorized access. Second, they mandate specific OS patches, minimum OS versions, and up-to-date antivirus software before allowing VPN connections. Finally, deploying zero-trust VPN clients that block various TCP ports by default ensures only authorized traffic reaches internal resources.

Because the VPN client effectively installs a virtual network card capable of accessing the internal network, most IT teams reserve it for power users only, providing normal users with more limited access, such as via Remote Desktops.

How VPNs Work: Remote Access and Site-to-Site Connections

If employees work from the same building, all access points are part of the Local Area Network (LAN), eliminating the need for a VPN. However, when a company's IT infrastructure spans multiple sites, a site-to-site VPN connects these locations into a single continuous IP-address network space. Employees typically remain unaware of site-to-site VPNs, continuing to work on applications and files as if everything is local.

For employees working remotely, such as traveling or visiting clients, a remote access VPN (also known as a client-to-site VPN) is necessary. These remote workers must install an authorized VPN client on their devices, such as laptops, and log in with their Active Directory credentials. Once the remote access VPN is successfully running, the remote device sets up a virtual network interface, routing company-oriented traffic through this new interface. This allows direct communication with internal IT resources, like file servers. The virtual network interface intercepts network traffic, forwards it to the VPN server at the company firewall, and the VPN server relays the traffic within the company network. Similarly, any traffic bound for the remote virtual network interface is intercepted by the VPN server and forwarded to the remote VPN client, enabling seamless back-and-forth communication.

Common VPN Issues

First of all, VPN is a critical enabler for remote work. The global virtual private network (VPN) market was valued at $42.4 billion in 2023 and is expected to grow to $133 billion by 2032, according to IMARC Group. This billion-dollar market size highlights its significance in the IT department's toolset.

Despite its widespread use, VPNs are not without issues for some users and companies. Let's explore these common issues below.

Provisioning and Support

In the VPN model, edge device users (employees) are often perceived as the weak spot. While VPN technology itself can be very secure, with top-notch encryption and integration with Active Directory and Single Sign-On, once the connection is established, controlling user actions and preventing rogue software on remote devices is challenging. This security concern requires careful provisioning of the VPN client, leading to management overhead.

Additionally, the stability of the Internet is not comparable to a Local Area Network. Network glitches can break the VPN connection, causing issues such as "I can't save my files" and other network errors, which generate support tickets and disrupt remote work.

Working on Large Files

VPN clients can emulate a private network interface, allowing access to a company's internal network. However, physical distance, latency, and transfer speeds remain obstacles for remote work. While small file transfers may experience negligible delays, large files, such as those produced by Photoshop and AutoCAD, face significant challenges moving between the company's internal file server and remote devices.

Within the company network, speeds typically exceed 1Gbps, but over the Internet, ISP routing speeds are often below 100Mbps, resulting in a potential 10x to 100x slowdown, especially in crowded areas. Longer transfer times also increase the likelihood of failures due to Internet glitches.

total cost of ownership increases with VPN issues

VPN Issues Summary


While VPNs facilitate connectivity to the company network, managing remote devices presents significant challenges. This results in security vulnerabilities, management overhead, increased support demands, and performance issues.

Security

Remote devices expose the network to virus and ransomware attacks, increasing the overall security risk.

Management

IT teams face additional overhead in provisioning and monitoring remote devices for software patches and antivirus policies.

Support

Providing VPN setup and troubleshooting network errors from remote users leads to increased support demands.

Performance 

Remote users experience slower file transfers and higher error rates, impacting operational efficiency.

Alternative #1 - Remote Desktop and VDI

If the inherent security issues with VPNs are a significant concern, switching to Remote Desktop (RDP) and Virtual Desktop Infrastructure (VDI) can mitigate risks while providing remote access. The primary threat from remote devices is ransomware attacks, which exploit the SMB (Server Message Block) protocol over VPN channels to access and modify files on internal file servers. Remote Desktop blocks this SMB protocol channel, as it only provides a graphical representation of the remote desktop screen, with user inputs triggering screen updates. However, Remote Desktop cannot fully mitigate performance issues, such as slow updates during complex AutoCAD 3D rendering.

VDI extends this concept by hosting desktop environments on centralized servers, allowing users to access their desktops from any device. This further reduces security risks by centralizing data storage and management, ensuring that sensitive data remains within the company's secure environment.

It is common for companies to reserve VPN access for power users who are knowledgeable about virtual network setup and operations, while providing normal users with Remote Desktop or VDI access. This approach limits network exposure to ransomware attacks while still enabling access to internal applications.

Alternative #2 - HTTPS File Gateway for Remote Work

HTTPS-based file gateways provide a secure and efficient solution for remote workers needing access to internal file servers. Unlike VPNs, HTTPS file gateways operate at the application layer, eliminating the need to expose the entire network. This approach enhances security by focusing solely on file access, with file change monitoring on remote devices to mitigate ransomware attacks.

The reduced attack surface also lowers management overhead, simplifying provisioning. HTTPS file gateways include remote access agents that enable offline access and local caching on remote devices. This transforms synchronous file access (as seen with VPNs and Remote Desktops) into an asynchronous pattern, addressing internet instability issues. Local caching significantly reduces access times for infrequently changed files, while HTTPS file streaming speeds up transfers to and from internal file servers.

Thus, HTTPS file gateways effectively address the four main issues associated with VPN solutions: security, management, provisioning, and performance.

Offline Access

Triofox is an HTTPS-based file gateway that offers robust offline access features. It provides remote access agents for Windows, macOS, mobile phones, and web browsers. On Windows and macOS, the agent creates a mapped drive and supports local caching and offline editing. Files are first saved to the local cache, mitigating the impact of Internet glitches. Once the connection is restored, the files are scheduled to save back to the company's internal file servers. This functionality is similar to common file sync and share products, but with the crucial difference that the file repository remains on your own on-premises servers.

HTTP Streaming

An HTTPS-based file gateway leverages the HTTPS protocol to stream files to and from the company's internal file servers. Unlike the SMB protocol, which requires the sender to wait for an acknowledgment of each block before sending the next, the HTTPS protocol streams continuously without waiting for such acknowledgments. This streaming capability, combined with local caching and offline access, significantly enhances the handling of large files for remote work, providing faster and more efficient file transfers over remote networks. Additionally, HTTPS is universally supported by ISPs, unlike the VPN protocol, which may be blocked in certain locations, such as hotels.

File Sharing

VPNs are not designed for external file sharing because provisioning VPN access typically requires setup within the company network, along with recent OS patches, versions, and antivirus software on remote devices. This complicates file sharing with external parties, whose own company policies might conflict with these requirements. Consequently, manufacturers often resort to alternative methods such as FTP, WebDav, or file sharing sites. However, Triofox simplifies this process by providing external file sharing capabilities by default, making it an efficient and secure solution for sharing files with external collaborators.

Industries That May Need an Alternative to VPNs

Certain industries may require alternatives to VPNs, especially those dealing with large files. For instance, the architecture, engineering, and construction (AEC) industry needs to provide remote employees with efficient access to AutoCAD and SolidWorks, which typically handle large, interconnected files. Additionally, the design and manufacturing industries can benefit from an HTTPS-based file gateway, which offers better performance and security for remote work involving substantial file transfers.

AEC Industry

The AEC industry relies heavily on 3D rendering software like AutoCAD and SolidWorks, which present unique challenges. These files are typically large, and accessing them over a VPN, especially across continents, can take over 10 minutes to open. Additionally, AutoCAD files require frequent pinning, zooming, and 3D animation, with recent enhancements offering virtual reality of 3D models. These operations necessitate constant reading and writing to the files. HTTPS streaming can significantly speed up file opening times, while local caching improves animation and virtual reality rendering performance, making it a more efficient solution for the AEC industry.

Design Industry

The design industry extensively uses Adobe products like Photoshop and InDesign, which can create significant challenges due to file size and complexity. Photoshop files can easily exceed one gigabyte, while InDesign files often reference multiple interconnected files, triggering frequent access over VPN. Additionally, designers often need to browse and select from large folders of graphic files, which is difficult over a VPN connection. HTTPS streaming file access and offline editing in asynchronous mode can resolve these issues, providing faster, more efficient access and improved performance for handling large and complex design files.

File gateways are not the optimal solution for every scenario. For industries that are dealing with large files, it works better than traditional VPN solutions.

Manufacturer Industry

The manufacturing industry often requires frequent file sharing between parties, particularly for design files. For 2D objects, such as wallpaper or carpet graphics, exchanging and approving Photoshop files is essential. For 3D objects, like motorcycles, sharing AutoCAD design files is necessary. VPNs are not ideal for this purpose due to the complexities of provisioning a VPN client with internal Active Directory identity for external parties. Consequently, files are often zipped and sent via ad-hoc file sharing mechanisms. An HTTPS file gateway simplifies this process, offering web-based file sharing similar to Dropbox and OneDrive as a default feature, streamlining collaboration and file exchange.

VPN summary:

  1. BRIDGE - Connects different sites and connect client devices to company network
  2. Network relay - VPN client and server renders virtual network interfaces and intercept network traffics and relay to the other side.
  3. If Security is a Concern - Using alternatives such as Remote Desktop, VDI or using HTTPS-based file gateway to close down the open network exposure.
  4. If Speed is a Concern - Using HTTPS streaming and offline editing to speed up file operation

Solving Large File Remote Access Problem

Discover how Triofox's HTTPS-based File Gateway revolutionizes file access for remote teams, transforming large file transfers for architecture, engineering, and media. Triofox provides unparalleled speed with HTTPS streaming, versatile remote access across all devices, and seamless Single Sign-On integration. Enjoy offline access and local caching, meeting the demands of industries requiring frequent large file interactions. This solution is ideal for architecture firms, engineering companies, construction firms, and media companies, enhancing productivity and secure file sharing. Triofox's technology addresses common challenges faced with traditional protocols, offering a faster, more secure, and flexible file access solution.

Ready to elevate file servers from local office to the cloud and boost mobile workforce productivity?