Three steps for implementing Always On VPN

Image Credit: Pixabay (Image credit: Image Credit: freeGraphicToday / Pixabay)

Imagine being able to carry a magic vault around with you. Always secure, it allows you to retrieve and use private information located in similar vaults anywhere across the globe at a whim. This is no longer a luxurious dream with Always on VPN.

Virtual private networks (VPN) are a hot tech topic, and they are becoming more prevalent than ever in both public and private environments. Taking advantage of this technology is a must, and why wouldn’t you when methods such as Always On VPN are safe, easy to use and accredited by the national cybersecurity centre?

Always On VPN also uses IPv4, which means that all popular software is compatible with the system. Before stepping into the world of VPN though, it is important to understand how to implement it effectively. This requires technical knowledge, updates and some reconfiguring of server-side systems.  

Step one: understanding

Always On VPN allows secure remote access to corporate networks from a Windows 10 client. In lay terms, it allows workers to access locally stored documents in a secure manner while off-site; reducing travel and streamlining communication.

Technically speaking, Always On VPN allows remote devices to send requests to a secure VPN server. The server then relays the request to a corporate Network Policy Server (NPS) which validates the request and, according to the relevant security criteria, decides how to respond. The VPN server is protected on both sides by firewalls to prevent malicious attacks.

Image Credit: Pixabay

Image Credit: Pixabay (Image credit: Image Credit: IAmMrRob / Pixabay)

Step two: implementing

The first step in implementing Always On VPN is to update the server-side infrastructure. This includes installing a public key infrastructure (PKI) to make sure each user has a valid certificate, a dedicated VPN server and an NPS.

Once the infrastructure is updated, the VPN server will have to be configured to accept remote access requests. A popular method of doing this is using the Internet Key Exchange version two protocol (IKEv2), due to its proven security. Choosing a selection method means that the VPN will need updating to deny all other forms of connection to maintain security.

VPN in place, the NPS can be set up to handle all authentication, authorization, and processing of connection requests from the VPN server. NPS installed means that, after installing the necessary firewalls, all the server-side infrastructure is ready. At this point, the internal domain naming system (DNS) will need updating to handle remote requests to resolve the VPN address.

Step three: roll out

When the infrastructure is in place, it is necessary to make sure that all devices with Always On VPN are using Windows 10. Once the devices are updated with the right operating system, there are a host of different tools for configuration, allowing them to communicate with the corporate infrastructure.  

As part of the roll out you should consider how contractors will use the system and the benefits they can bring. Curo Talent has many years of experience in supplying Microsoft contractors, but all too often the list of candidates is limited by the clients’ need to hire local talent. Always On VPN enables organisations to hire contractors from anywhere in the UK (or overseas) and allow them to work remotely. It also gives firms the security of being able to limit which files a contractor can access.

The final phase in rolling out Always On VPN is teaching your employees how to use it. Luckily the point of the technology is to streamline communication and, as such, there is very little technical knowledge to be acquired. However, even though this is a secure system, refreshing staff on company security policy and IT best practice is always a good idea and can help prevent any unforeseen issues.

IT projects are increasingly global, meaning that being able to access information from multiple sources at once is becoming ever more crucial to success. Being able to carry a vault of your important documents around in your pocket is now becoming more of a necessity than a luxury.

Mark Twining, Partner and Account Manager at Curo Talent

Mark Twining

Mark Twining is a Partner and Account Manager at Curo Talent with strong knowledge of the Microsoft technology and skills landscape in the UK. He works with organisations embarking on key technology projects, providing them access to Curo's community of respected, trusted Microsoft experts to mitigate their risks and maximise their successes.