Nowadays the availability of Internet access is one of the main requirements for successful business. Services such as IP PBXs, virtual workstations, browser-accessible applications, cloud storage and accounting services have entered the IT business portfolio. Cloud-based corporate VPN providers such as Google Cloud, Amazon VPC, Aerohive Networks provide a single point of entry for all offices and a control panel for internal network, filters and Internet access via VPN.
The main problem with such topologies is the lack of flexibility in the presence of heterogeneous traffic with different requirements for QoS, loss or routing. In addition, the entire data infrastructure is completely dependent on the ISP, which controls all traffic.
The network part of such systems is built on the basis of IPSEC, SSL/TLS protocols or software encryption methods and often requires a dedicated white IP-address (a variant of site-to-site connection). For example, Google VPN uses IPSEC with AES and 128-bit key, ESP SHA1 hashing for signature, shared key specified by the client, and turned off NAT-T support. This means that many businesses will not be able to use it because of legal requirements to protect information. In addition, VPN settings need to be configured on each router individually, and there is no single centralized system. Routers that support IPSEC tunneling are also not always available to small and medium-sized businesses due to the high cost of ownership.
Many cloud-based VPN providers (e.g., Aerohive, VeloCloud) use closed protocols and software clients, which reduces the scope of their use only by endpoints or server systems.
Many VPN developers (e.g. OpenVPN, OpenSwan, GoVPN) provide the tools to implement such servers on IaaS cloud platforms. In this case, the entire configuration is carried out by the company, which is not suitable for small and medium-sized businesses. Currently, there are no ready-made flexible and simple solutions for them, focused on the use of mass inexpensive equipment. In addition, it is desirable for enterprises to have in the VPN channel QoS, separate routing, redundancy, the use of multiple providers, etc.
Also there are decisions of economic level – Cisco Meraki AutoVPN, Juniper AutoVPN and so forth. They allow to organize VPN-hubs on the equipment with the minimum expenses on configuration, but demand presence of a white IP-address and the allocated equipment, also they are badly compatible with NAT providers.