What is Virtual private network (VPN)

VPN is a virtual private network connection over a public-access network, such as the Internet.

A VPN has three primary goals.

  1. Privacy — Communicating parties want to make sure that no one else can read or see their communication. VPN products typically use encryption to address privacy.
  2. Integrity — a guarantee that the data arrives exactly as the sender intended (i.e., no one tampered with the message in transit). VPN products typically use an agreed-upon public-key private-key pair to address integrity.
  3. Authenticity — a confirmation that the sender and receiver are who they say they are. VPN products typically employ digital certificates to address authenticity.

Because a VPN connection occurs over a nonsecure network medium, you must implement security measures. A VPN connection usually takes the form of a standard TCP/IP connection with an IP packet wrapped around the original packet. An encrypted payload inside this encapsulated packet is difficult to tamper with. This secure encapsulation is often called a tunnel. A server, called a gateway, on the corporate LAN acts as the tunnel coordinator and endpoint. Remote laptops or machines, called clients, typically run some form of VPN client software that monitors the tunnelling with the gateway.

How VPN has evolved in cloud:

A virtual network gateway is composed of two or more virtual machines that are deployed to a specific subnet you create, which is called the gateway subnet. The VMs that are located in the gateway subnet are created when you create the virtual network gateway. Virtual network gateway VMs are configured to contain routing tables and gateway services specific to the gateway. You can’t directly configure the VMs that are part of the virtual network gateway and you should never deploy additional resources to the gateway subnet.

VPN gateways can be deployed in Azure Availability Zones. This brings resiliency, scalability, and higher availability to virtual network gateways. Deploying gateways in Azure Availability Zones physically and logically separates gateways within a region, while protecting your on-premises network connectivity to Azure from zone-level failures.