Varieties of cloud-based remote access

​One of the increasingly popular remote access techniques to grant teleworkers access to internal corporate applications and data is to allow them to log into virtual desktops. While a virtual desktop infrastructure(VDI) can be operated on-premises, cloud-based VDI has plenty of benefits.

Cloud-based remote access via VDI is often called desktop as a service(DaaS), and it takes away the upfront cost, buildout and management complexities from internal IT staff and offloads those duties to a cloud services provider. A properly tuned DaaS could be the most effective way to offer internal computing resources to remote workers around the globe.

If you prefer to use more locally deployed, software-based remote access technologies like IPsec or SSL virtual private networks (VPNs), the cloud can still assist. Many IT departments have discovered that moving their authentication mechanisms out of their private data centers and to cloud-based remote access allows for easier management and a more streamlined approach. If yours is like many organizations out there, you likely have some apps and data in the cloud and others in a private data center. Early hybrid cloud designs often left the authentication component in the private side of the network. However, now that most organizations are more comfortable with the security and stability of public cloud services, they have found that moving the end-user management and authentication to the cloud allows for a more centralized management experience for both publicly and privately hosted company resources.

In situations where staffers work out of small branch office or teleworkers work out of their homes, many companies are opting to build a different sort of remote access: a static, site-to-site VPN between the corporate LAN and the remote location of those end users. Connectivity still uses the internet for access, but the primary difference is that a hardware appliance. 
is used on both sides of the VPN tunnel for automated authentication and encryption across the virtual tunnel. The benefit to the end user is that they are not required to manually authenticate each time they need to access a company resource. Instead, a site-to-site VPN acts as if it's simply an extension of the corporate LAN.

Previously, the high cost to deploy and remotely manage dozens or hundreds of site-to-site VPN tunnels led many IT departments to use site-to-site VPN deployments sparingly. But thanks to lower hardware costs -- and advancements in cloud management technologies -- offering static VPN tunnels to large numbers of teleworkers is now a reality. Several examples of this exist in the market, including the Cisco Meraki Z1teleworker gateway appliance that offers a low price point and a cloud-managed interface for ease of troubleshooting by corporate IT staff, as well as entry-level appliances from Fortinet and Checkpoint.
​
Finally, if you need traditional remote access services but would rather have someone else manage the entire architecture, you can go with a fully managed VPN provider. In this scenario, cloud-based remote access is achieved by allowing a cloud service provider to not only manage authentication but also the authorization, accounting and general maintenance of a standard remote access VPN service. Plenty of service providers offer VPN as a service including technology companies like MegaPath and Zscaler. Wireless carriers such as AT&T and Verizon also offer business-class remote VPN access services that primarily target mobile workforces that use smartphones and tablets to reach corporate resources.
by Andrew Froehlich