A VPN concentrator is a more robust alternative to ordinary VPN routers that can configure countless virtual private networks and manage them within a system of remote access points. Designed specifically for large organizations, it streamlines the process of maintaining numerous VPN tunnels and offers additional, scalable options for ensuring network integrity.
That unique combination of capabilities makes VPN concentrators a common sight in massive site-to-site VPN systems. In other words, they’re at the heart of networking solutions made primarily for remote user authentication and access instead of obfuscating one’s identity.
Such specialized hardware partially or entirely automates the processes of assigning IP addresses to clients and verifying data transfers, all the while handling end-to-end traffic encryption – a core characteristic of virtual private networks.
With scalability being the name of the game, many modern VPN concentrators can handle thousands of access nodes simultaneously. They are an impressive feat of network engineering and, therefore, entirely unnecessary in a home environment. In fact, not even every enterprise use case warrants an investment in such comprehensive technologies.
SSL vs. IPSec
The main differentiating factor in this highly specialized product category is the type of data packet encryption on offer, which comes down to a choice between IPSec and SSL.
IPSec concentrators are generally viewed as more secure, albeit also more cumbersome to initialize. That’s because they only provide access to preconfigured clients via dedicated software, meaning their real-world applications should be limited to connecting devices at fixed locations.
On the other hand, an SSL-compatible VPN concentrator creates and manages nodes for universal remote access. Everything a client would need in this setup would be an Internet connection and valid login credentials. Likewise, administrators can deploy such solutions rather swiftly as they allow them to circumvent manual configurations. That’s particularly true with mobile integrations which can be rather complicated if you’re dealing with an embedded IPSec system.
A natural drawback of this design is that SSL platforms are somewhat less secure given how they can theoretically be compromised from any location instead of just preconfigured ones. Top network hardware companies still recommend SSL VPN concentrators to most businesses due to their accessibility and significantly easier distribution.
After all, the Secure Sockets Layer protocol isn’t anything to scoff at, even if it’s not the most paranoid, multilayered solution out there. Another thing to consider is that virtually every contemporary browser in existence already supports SSL, which further adds to its ease of deployment.
Do I need a VPN concentrator?
To put it bluntly, if you’re reading this overview of VPN concentrators, an IPSec-based solution would probably be overkill for your needs. On the off chance that’s not the case, refer to the documentation of the enterprise software in use at your organization as any app only compatible with IPSec encryption should clearly be labeled as such.
That isn’t to say you automatically need to pull the trigger on an SSL alternative. You see, another way to answer the question of what is a VPN concentrator is to explain what it isn’t: an option for connecting only a handful of remote sites. Regardless of the encryption protocol in use, this sort of gear shines in an entirely opposite scenario which requires secure communications between a large number of clients, locations, or both – often simultaneously.
All of that makes identifying the approximate number of remote sites you need to connect via VPN rerouting your top priority. While you’re at it, do a liberal assessment of the number of simultaneous connections your infrastructure should support. Then and only then will you be able to decide on the kind of a VPN concentrator you need, assuming you need such specialized hardware at all.
For additional details on the matter, administrators should check in with their network hardware suppliers of choice as many manufacturers are now offering extremely capable VPN routers as simpler alternatives to more convoluted aggregators.
“What is a VPN concentrator?” was written by Dominik Bosnjak, a long-time VPN-user-turned-advocate who spends more time scrutinizing VPN Providers on a daily basis than he’d like to admit. When he isn’t writing VPN Guides and covering general Tech News, he’s probably spending time with his dog, video games, or both. Fun fact: the Shih Tzu in question is the only remaining creature in Dominik’s life who hasn’t told him they’re sick of him talking about Best VPN practices and government-sponsored erosion of digital privacy which made using the Internet less convenient over the years. He occasionally dabbles in video editing, Wall Street memes, and demonstrating a remarkable lack of guitar-playing ability.
If you want more tidbit-sized rants about any of those things, you can find him on Twitter @dddominikk.