What Is a VPN Concentrator?
Posts by Colin TanMarch 26, 2023
Unless you are in the internet security business or an employee of a large corporation, you may have a question about ‘what is a VPN concentrator?’
You know what VPNs (Virtual Private Networks) do, even if you do not understand the technicalities.
It spoofs your location and encrypts your connection, making your data unreadable to third parties.
So, how is a VPN concentrator different from it?
Well, remote employees use it to connect to the centralized network of their office.
Let us explain it in detail and how it is useful to you.
What Is a VPN Concentrator?
A VPN concentrator is a device similar to a pre-configured router.
Instead of only providing protection to the devices connected to the office network, it encrypts devices signing in from outside the office.
Employees could work from their homes, cafe, or even bus stop.
There are three components to a VPN concentrator. First is the hardware appliance, which large companies usually keep at their headquarters.
It comes with a complimentary software the branch office can download to their employees’ devices.
When an employee brings this device home, they will still be protected by the VPN concentrator.
This is part of the reason you cannot access any site you want using a company device.
Your superiors have already blacklisted and whitelisted websites and have trusted the VPN concentrator to maintain the instructions.
The third component is the VPN concentrator’s ability to support multiple VPN connections, thus handling a large workload typical of a huge corporation.
It manages those connections, even making the decision to create or terminate them.
Additionally, organizations select one high-powered device to act as the control center of the VPN concentrator.
Now that we know what is a VPN concentrator let’s discuss how it works and why you should get one.
How Does a VPN Concentrator Work?
To understand how a VPN concentrator works, you must first understand the difference between the two main encryption types.
These are transport mode and tunnel mode.
In transport mode, the data carried from your side is encrypted but not the destination.
The IP header will remain unprotected if the other end user is not using a VPN application too.
The tunnel mode encrypts the entire data packet and assigns it a new IP and header.
It essentially creates protected tunnels through which your IP address and web traffic pass before connecting to a centralized network.
It is the guardhouse of the network and typically stays at the forefront or operates behind a firewall.
Why Should You Use a VPN Concentrator?
If you are in charge of the virtual security of a large company, you should be using a VPN concentrator.
It is the most cost-effective solution, especially if you have many remote employees.
A VPN concentrator is like an efficient router with a long network range. You can connect up to 5000 to 10,000 devices to a single concentrator.
No need to download a separate application like NordVPN or Surfshark for every device and then configure the settings.
Nor do you have to buy multiple VPN-configured routers to ensure every device is protected.
Instead, you can change the settings from the main device and automatically apply it to every device connected- a feat possible due to the Scalable Encryption Processing (SEP) modules.
It takes the work off the hands of the employees to ensure no data is exchanged over an unprotected network.
They can focus on their actual task. All you have to do is assign one person as a VPN administrator.
This person will decide the kind of sites they want users to access and for how long.
It is simple on their end, too, as they only have to press a few buttons to get the right settings.
A VPN concentrator, while initially expensive, is a good cost-cutting option.
One main hardware and one main software option mean companies do not have to employ more than one VPN administrator.
Plus, it is not only about the employees.
A VPN concentrator creates secure tunnels for the exchange of sensitive information.
It is useful to higher-ups who may be traveling for work and have to connect to the business network.
VPN concentrator always encrypts the data before passing it through the tunnel.
If the data and tunnel are encrypted, hackers will have too tough a time decrypting any of it.
In other words, you will need a VPN concentrator if you want your customers’ data to remain iron safe.
Types of VPN Concentrators
VPN concentrators are categorized based on how many VPN connections they can support and the encryption protocol type.
Many concentrators come with dedicated software that establishes the encryption and decryption settings on your behalf.
If you do not understand the mechanics of VPN concentrators all too well, this is a handy tool.
However, this combination of features means the concentrator package can cost around $8ooo to $10,000.
Mid-sized companies or those on a tight budget tend to use open-source software such as OpenVPN or Vyos to assemble their personal concentrator.
After all, the basic boils down to having an appliance, software, and the proper encryption protocol.
Now, it depends on the scale of your business and how many devices you have to connect.
You can easily go for affordable brands, such as the Cisco Meraki.
It has all the primary protocols and the maximum features a VPN concentrator could require.
Another viable option is the Palo Alto concentrators. While it is by no means cheaper, it has every feature you could dream of.
You can also look into VPN service providers, who tend to have a business wing for VPN concentrators.
Take a look at some of the most popular VPN concentrator brands:
- Cisco Meraki: Cisco is easily among the most recognizable names in the VPN concentrator market. Their concentrators are tailor-made for large organizations with startingly easy installation terms.
Built-in features include masking data packets in the event of a connection failure. It can also be set up as a router. - ShoreTel: ShoreTel concentrators focus more on IP support, generating new IP addresses in seconds. The model is especially compatible with IP phones.
Basically, you have to hook up the ShoreTel phone to a broadband router, and it would act like a local network in turn.
They have two types of models- the 4500 and the 5300. Both support 10 and 100 devices, respectively. However, it is also cheaper than its alternatives. - Aruba: The subsidiary of Hewlett-Packard offers a wide range of VPN concentrators with reasonable pricing. The models may be complicated for new users but not difficult to figure out with their guided instructions.
Besides the number of tunnels and device connections a VPN concentrator can support, you should also look into the compatible protocols.
We have mentioned the two most sought-after protocols to give you a better idea.
Types of VPN Concentrator Protocols
You can expect most VPN concentrators to use IPSec or SSL encryption protocol.
IPSec Encryption
Internet Protocol Security (IPsec) is best suited for connecting the branch office to the headquarters.
It is known for providing high security but works at its finest when the two ends of the tunnel are stable.
So, rather than taking on a load of multiple employees working remotely, it would secure office to office network.
It is similar to data transfer on a local network. Compatible software must also be downloaded on the client devices for effective transfer.
SSL Encryption
If you have ever bought and set up a website, you are familiar with SSL encryption.
It is the most common security measure for browsers.
The protocol type is Transmission Control Protocol (TCP) Port 443, which is another typical factor for most browsers.
There is no need to install software on the device of remote employees for this encryption to work.
However, this restricts the users to having a secure connection only when they connect from web-based browsers and applications.
SSL is also more expensive than IPSec because it can reach unconnected devices.
VPN Concentrators Features
VPN concentrators also come with curious features such as VPN auditing.
In other words, you can access a list of users who logged into the server and when settings were changed.
Another useful and important feature is multi-site interconnectivity.
You can connect to different types of VPN and compatible VPN concentrators simultaneously with a VPN concentrator.
The device would not cause any issues regardless of the VPN service it connects to.
Of course, the most advantageous feature is the one where remote devices can access the tunnel created by the VPN concentrator.
It is why offices get the appliance, so remote employees can work without worrying about insecure data exchange.
It also allows VPN administrators to tweak the setting of each device if required.
VPN Concentrator vs. Site-to-Site VPN
VPN concentrators and Site-to-Site VPNs have the same mechanism for the most part.
The point where they differ is in the kind of connection and the number of VPN connections they can handle.
VPN concentrators can handle remote connections from all devices with compatible software or connected to another VPN concentrator.
10 users can be in 10 different locations, and the connection would still go through the encrypted tunnel created by the concentrator.
Site-to-Site VPNs are exactly what the name suggests.
You can connect two to three sites to each other. The protocols only admit the locations admitted to it.
So, people use Site-to-Site VPNs to connect headquarters to its other two or three branches.
It will cover every device connected to the internet in these offices.
However, if a remote employee working from home were to connect to any of the offices, they would not get VPN protection with Site-to-Site VPNs.
VPN Concentrator vs. VPN Router
VPN Concentrators are far different from VPN routers in their ability.
For one, a few VPN routers can form encrypted tunnels. They mostly work in transport mode.
VPN routers are configured with VPN services such as NordVPN or Surfshark enabled.
However, routers can only cover the site itself.
You can use the router to secure every device in the building, but you cannot do the same for remote employees.
Also, every configuration change you make to the router network applies to every connected device.
VPN concentrator gives you the option to apply changes to a single device or multiple devices.
Plus, VPN routers can only connect to 10 devices at most, and VPN concentrators can handle thousands of devices with ease.
The configuration process is also more difficult with a router over a concentrator.
VPN Concentrator vs. VPN Client
VPN clients are the general VPN services you are aware of. It is services such as NordVPN, Surfshark, and Atlas VPN.
People download the software onto their phones or laptop. They connect to other locations via an encrypted tunnel.
However, it only secures the connection on their end. It is also suited for individual use.
You cannot use a VPN client in an office.
If you do, you will have to go to the device of every employee and change the configuration settings each time every time you want a different protocol.
FAQs
What Is the Difference Between a VPN and VPN Concentrator?
A VPN is an encrypted network for the transfer of important data.
VPN services usually do this by changing your location and splitting the data so severely that third parties cannot read it.
If they can, they would still need advanced knowledge of encryption codes to decode it.
People download this software on their devices, with servers in different places.
VPN concentrators are appliances with dedicated VPN software which help connect devices from various locations through a single server before reaching the main network.
VPN concentrators create encrypted tunnels for the devices to safely transfer data.
Is a VPN Concentrator Hardware or Software?
A VPN concentrator is a hardware similar to a router.
It is a device that can connect to VPN software and other VPN concentrator.
While the source material is an appliance, it still needs a software of some kind of administrator to configure the protocol, location, and connections.
Who Should Get a VPN Concentrator?
Businesses with thousands of employees should get a VPN concentrator.
If your employees have to deal with sensitive data daily and do it from home, a VPN concentrator can ensure the exchange is secure even when working off campus.
Even on-site VPN concentrators can be helpful due to the sheer number of devices an organization has to work with.
It is easier to present your employee with a fully configured laptop rather than change the settings for each device every time.
Final Thoughts
VPN concentrators may be expensive but are also high on the return on investment scale.
It solidifies the connection between the offices and remote locations.
You spend way less time worrying about hackers and can focus on your actual business.
From a business point of view, especially one with plenty of work-from-home employees, VPN concentrators make sense.