VPN is a virtual private network connection over a public-access network, such as the Internet.
A VPN has three primary goals.
- Privacy — Communicating parties want to make sure that no one else can read or see their communication. VPN products typically use encryption to address privacy.
- Integrity — a guarantee that the data arrives exactly as the sender intended (i.e., no one tampered with the message in transit). VPN products typically use an agreed-upon public-key private-key pair to address integrity.
- Authenticity — a confirmation that the sender and receiver are who they say they are. VPN products typically employ digital certificates to address authenticity.
Because a VPN connection occurs over a nonsecure network medium, you must implement security measures. A VPN connection usually takes the form of a standard TCP/IP connection with an IP packet wrapped around the original packet. An encrypted payload inside this encapsulated packet is difficult to tamper with. This secure encapsulation is often called a tunnel. A server, called a gateway, on the corporate LAN acts as the tunnel coordinator and endpoint. Remote laptops or machines, called clients, typically run some form of VPN client software that monitors the tunnelling with the gateway.
How VPN has evolved in cloud:
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.
A virtual network gateway is composed of two or more virtual machines that are deployed to a specific subnet you create, which is called the gateway subnet. The VMs that are located in the gateway subnet are created when you create the virtual network gateway. Virtual network gateway VMs are configured to contain routing tables and gateway services specific to the gateway. You can’t directly configure the VMs that are part of the virtual network gateway and you should never deploy additional resources to the gateway subnet.
VPN gateways can be deployed in Azure Availability Zones. This brings resiliency, scalability, and higher availability to virtual network gateways. Deploying gateways in Azure Availability Zones physically and logically separates gateways within a region, while protecting your on-premises network connectivity to Azure from zone-level failures.