As companies around the world are now realizing: A concept for digital working from the home or when on the move is essential for maintaining profitability. Be it a precautionary measure or a strategy in the interest of business continuity management, accessing corporate data, e-mails, networks, servers, telephones and digital services from home and when on the road is absolutely essential in this digital age.
From an employee perspective, it is just plain practical: The home office makes it easier to balance work and family life, and for many commuters it is a relief to not have to be physically present at the workplace so often. However, site connectivity needs to be implemented effectively for everything to work properly, i.e. teleworking stations have to be fully integrated into the company network. This article is about the necessary considerations.
Extending the company network into the home
One prerequisite for any connection is a standard internet connection via DSL, cable or cellular networking, which every modern company has today. The connection is secured by a virtual private network (VPN). In the same way as a company networks its sites, VPN enables mobile employees and home offices to be quickly and, most importantly, securely integrated into the company network. The only “must have” is one small software tool: A VPN client on your laptop or PC. Once configured, one click is all it takes to establish a strongly encrypted VPN channel over the best available medium. Mobile devices such as smartphones and tablet PCs can also communicate securely with the company via VPN. An app is used to establish a secure VPN connection to the central company gateway.
The solution for the secure home office – LANCOM Advanced VPN Client
With our tried and tested solution, the LANCOM Advanced VPN Client, employees can access the company network via a secure VPN tunnel with just one click. Equipped with a stateful inspection firewall, the software VPN client automatically detects secure and unsecure networks for protected communication over the Internet at all times. Security for company data is the top priority: VPN tunnels are established using encryption technologies such as the highly efficient VPN protocol IKEv2. Also, the LANCOM Advanced VPN Client supports the latest encryption algorithms including AES-CBC or AES-GCM, the signature functions SHA-256, SHA-384 or SHA-512, and current Diffie-Hellmann groups.
Many paths lead to the goal
The LANCOM Advanced VPN Client on the employees’ laptops is configured remotely by the central IT department and is very easy to do. Access to the company headquarters is easily set up with a “1-Click Setup Wizard”. The configuration is exported to a file and then imported to the VPN client as a profile. It includes all of the information about the configuration of the VPN peer at the headquarters, and is supplemented by randomly generated values, such as the pre-shared key. This allows multiple VPN access accounts to be created for employees and set up in the shortest possible time—a real time saver for admins. The VPN handshake between the VPN gateway at the company and the software VPN client takes place in different ways—depending on the company’s size and requirements:
For small to medium-sized companies, this is easy to set up and operate based on password entry (i.e. authentication by pre-shared key, PSK)
For larger scenarios with stronger security requirements: the use of IKEv2 with digital certificates
- For large-scale scenarios with Windows server infrastructure: IKEv2 EAP for authentication via the Windows server by means of user name and password
For large-scale scenarios with central user administration: Direct and inexpensive authentication via a RADIUS server
Support of both IPv4 and the increasing number of IPv6 connections means that smooth workflows are assured. Thanks to seamless roaming, VPN connections remain intact even when changing the connection medium. For example, this keeps VPN connections alive even when traveling by train and moving between mobile phone cells. Likewise, users in buildings who roam from cellular to Wi-Fi or Ethernet enjoy an “always on” experience.
Clearing up any concerns
Large numbers of users in the home office can push the company network to its limits; load can be relieved if Internet traffic can be routed directly to the Internet, for example when an employee is in a trusted network. Data intended for the company network is still routed through the VPN tunnel (split tunneling). However, if the employee is in an open, unencrypted Wi-Fi, i.e. with an unsecure connection, all data is securely encrypted by the VPN tunnel to the central office, and from there it is securely routed to the Internet (full tunneling).
When it comes to the costs of security infrastructure for mobile working, companies often shy away from the investment. It’s easy to put those prejudices to rest: All you need at the company location is a single device in the form of a VPN-capable router, a central VPN gateway, or a VPN-capable firewall. All the employees need is the inexpensive LANCOM Advanced VPN Client, which is compatible with the products from many different manufacturers. An investment that pays off—on both sides.
Tip: You will find an extensive collection of information and assistance for the configuration on our website: Knowledge Base.
Our world is constantly changing—mobility is becoming a vital factor for many companies and their employees. A VPN client enables employees to use their laptops, tablets and smartphones to connect to the Internet and enjoy secure access to your company network and confidential data, wherever they are. This gives them maximum flexibility, whether they are traveling on business or working from home.