What is a VPN Concentrator and How does it Work?

Updated on: 12 July 2020
Updated on:12 July 2020

The VPN Concentrator is a networking device that allows multiple VPN tunnels to use a single network. VPN tunnels are the name for a secure connection that uses advanced encryption techniques to protect the information flowing across the web.

This facility allows the connection to transit across any network where it might be intercepted and read, without any risk of the data being decipherable. The VPN tunnels function independently from each other. VPN Concentrators are designed specifically for managing VPN communications infrastructures in secure multi-user environments.

A VPN Concentrator can create secure connections across a TCP/IP network such as the Internet. This facility allows users to operate secure private connections over a public network without the fear of any hackers compromising the confidentiality of their messages.

Who uses a VPN Concentrator?

VPN concentrators are used by businesses and organisations that operate multiple systems that are connected using a network. This link might be a public network like the internet or a private network like a rented telephone line. If the operators want their systems to be secure, then using VPNs will protect against any interception of their communications.

VPN concentrators can allow remote individual users to connect securely into a network using a VPN connection. They can also allow multiple users on one system to connect to multiple users on a second network by installing VPN concentrators in both networks.

What does a VPN Concentrator do?

VPN Concentrators use tunnelling protocols to create and manage VPN tunnels. It encapsulates the outgoing network data into encrypted packets and then transmits the data through the VPN tunnel. It receives incoming data, de-encapsulating and decrypting the data.

A VPN Concentrator also manages user authentication and assigns IP addresses to each user. It also manages the cryptographic keys and handles network communications using standard protocols.

In principle, VPN Concentrators act like a router but add an extra layer of security onto the network traffic.

Why use a VPN Concentrator?

VPN concentrators provide a high-performance output, they are very efficient and productive, and they are expandable using Scalable Encryption Processing (SEP) modules. These enable users to increase the overall capacity and performance further.

VPN concentrators are capable of supporting thousands of users. VPN concentrators can operate at the heart of a small business with remote-access users connecting to the VPN network. They are also essential to corporations and organisations, handling more than 10,000 users effortlessly.

Key benefits of a VPN Concentrator

Users from anywhere in the world with access to the internet can securely connect with the business network. Their network traffic being redirected and reshaped by the VPN Concentrator. After the encryption process finishes, it sends the data and requests to the business server down an encrypted tunnel. The creation of the VPN tunnel usually occurs instantly on the generation of a communications request.

When you start up the software, it will automatically create a tunnel leading to the VPN concentrator, so that you can receive any data coming through it. Software apps may be configurable to be Always-On, meaning that anytime you start-up your device, it will always use an encrypted tunnel to connect to the corporate network via the VPN concentrator.

If a business doesn’t secure its networks, then hackers can infiltrate to plant malware or steal confidential data. VPN concentrators provide security and encryption in these business settings. While you might want to use a remote desktop app as a home user, especially if you’re working with a dynamic IP, this is not appropriate for business servers.

At the very least, they should have a VPN router working through the network. At present, this has become a synonym with VPN concentrator, because manufacturers are no longer producing standalone concentrators per se. They incorporate the functions into multipurpose routers which also include a firewall.

The VPN concentrator is a specialised type of router with more advanced protocols and algorithms. There are still regular routers available that you mustn’t confuse with a VPN concentrator.

VPN Concentrator vs VPN router

When choosing between a VPN concentrator and a VPN router capable of tunnelling, then you need to have all the facts. VPN routers vary depending on their underlying features, what kind of remote access you need, and what applications you’re going to use.

The best VPN concentrators, on the other hand, are the type of device that medium-to-large corporations use. They are industrial tools, not aimed at individual home users. Also, they are considerably more expensive than ordinary routers.

If you want your small company to benefit from added security with a lower financial investment, you should start with a VPN-capable router that acts as a gateway checkpoint for your server. It will be harder to set up and configure than the concentrator because you will have to configure VPN clients on all remote devices in use individually.

A third option is a VPN appliance, which is more of a security multitool providing many advanced features but with weaker security than a VPN concentrator or VPN router.

VPN Concentrator vs Site-to-Site VPN

Site-to-site VPN connections are entirely different from concentrators. If you just need to connect two or three sites, then Site-to-Site VPN is probably the best option. This setup is ideal for fixed locations, such as a home office or satellite offices located in other cities. The tunnelling protocols offer access to the same databases and systems.

However, when you need tunnelling protocols to provide remote access from random locations, mobile devices, or for multiple users at once, then a VPN concentrator is the best option.

VPN Concentrator vs IPsec encryption

VPN concentrators generally use either IPsec (Internet Protocol Security) or SSL (Secure Socket Layer) encryption protocols.

The SSL VPN uses the TCP port 443, and because most browsers are also using SLL, this type of traffic matches the best with most networks. Port Forwarding can be used to customise the configuration. This step enables the installation of SSL VPN clients into existing browsers or operating systems and allows access to employ user credentials. You don’t need additional IPsec tunnelling because the SSL VPN functions on the browser, sending data back to the concentrator through the encrypted tunnel.

Using SSL VPNs eliminates the need to configure every end-to-end device and client software manually. However, there are also some applications or software which only allow IPsec VPN connections if you want to access the OS remotely.

IPsec will require separate client software to allow users to connect to the VPN tunnel. It has more configuration potential when compared to the SSL-based VPN concentrators, in terms of both local access and security levels.
However, correctly configuring IPsec client software running on the network through a concentrator is a more complex and time-consuming task.

With mobile networks or remote laptop use, things get a little more complicated. Some connections points might completely block off IPsec traffic as is the case with many Wi-Fi hotspots.

  • Transport mode – the data is encrypted. With the IPsec header and the IPsec trailer established on either side of the data, you use the original IP header to get the data to the remote site
  • Tunnel mode – both the IP header and the data are encrypted. There are still the IPsec header and the IPsec trailer set up around the data, but this time, a completely different IP header is brought forward at the front of the data packet. This way, anyone who intercepts the data will have no idea where it’s headed.

Conclusions

Before starting, you should assess whether your business needs a site-to-site VPN, a VPN router, or a VPN concentrator. There are many different solutions available to secure your networks with reliable encryption and protect them from any external attack. The VPN concentrator is just one of the option and is one of the most sophisticated security network tools available.

While VPN concentrators produced by the large vendors support both SSL VPNs and IPsec VPNs, the lower budget devices tend only to support one of these protocols. Which protocol you should use will depend on your specific requirements. Some apps will not work through an SSL-VPN client. Also, some SSL-VPN solutions may not support centralised storage or shared access to resources such as printers.

IPsec VPNs offer the best options and generally provide more robust security than SSL-based VPNs. Also, the SSL-VPN concentrator will be simpler to configure and manage, decreasing the risk of misconfiguration causing security weaknesses.

Written by: Stephen Mash

Connect with him:

Software and Systems Assurance Specialist Based in West Sussex, England, Stephen has worked as an information security and safety assurance consultant since 1997, specialising in risk management for high integrity systems. Prior to that, he developed safety-critical software-based systems for the aerospace industry. He transitioned from consultancy into the role of technical copywriter and editor in 2019, writing and reviewing materials on behalf of a broad spectrum of clients.

Leave a Reply

Your email address will not be published. Required fields are marked *