What Is a VPN Concentrator?

Last Updated: July 30, 2021

A VPN is a tool that businesses can use to encourage secure access to their networks. It allows secure passage of data from its origin to its destination without interference from third parties. VPN concentrators are what businesses use when they need to establish and manage multiple VPN connections simultaneously. Think of them as VPN routers with advanced capabilities, including creating and managing a large number of encrypted VPN tunnels. 

As more businesses are adapting to remote work, VPN concentrators have become important in ensuring that workers are not using vulnerable public networks to access corporate networks. In most cases, you will find VPN concentrators in large enterprises or government institutions. This article focuses on VPN concentrators and what they offer. 

What Is a VPN Concentrator?

A VPN concentrator is a networking device you can use to allow multiple VPN tunnels access to a single network. It creates several encrypted VPN tunnels simultaneously and allows a secure connection between the different VPN nodes. This allows the network administrator/team to manage multiple VPN connections remotely. Think of it as a VPN router but with more functions and the capacity to handle more VPN connections. 

VPN concentrators are usually hardware devices with dedicated software installed to handle the VPN connections. However, there are also software-based VPN concentrators that do not come with dedicated hardware. For a software-based VPN concentrator, you can install it on a device that it’s compatible with, but the number of VPN tunnels you can create and manage depends on the CPU of the device you use. This is because encrypting and decrypting data is resource-intensive; more VPN connections require a high-powered machine. 

There are a few critical factors that determine how businesses choose and set up a VPN concentrator. They include the type and scale of the business, the type of files their employees/users need to access over the VPN connection, and the security standards the company wishes to attain.

How Does a VPN Concentrator Work? 

A VPN concentrator usually stands in front of a corporate network. It stays between the network and the devices connected to it. It is important to note that you have to install your client VPN software on every device connected to the VPN concentrator. When a user starts the client VPN software on their device, it interacts via an encrypted tunnel with the VPN concentrator. First, the data is encrypted before it passes through the VPN tunnel to the VPN concentrator. Next, the VPN concentrator receives the data and decrypts it before sending it to the corporate network. 

When traffic needs to get back to the user device, it first reaches the VPN concentrator, which encrypts the data and sends it via the VPN tunnel to the user device. The VPN client on the user device then receives the traffic and decrypts it. You can either configure the VPN connection to be always on or on-demand. A VPN concentrator works like a regular VPN deployment but can handle thousands of simultaneous VPN connections. Also, VPN concentrators can be configured and deployed in different ways. 

What Protocols Do VPN Concentrators Use?

There are two major encryption protocols that VPN concentrators use for encrypting and decrypting traffic that passes through the tunnel: Internet Protocol Security (IPSec) and Secure Socket Layer (SSL). IPSec works at the network layer of the OSI model and helps keep data secure when you’re on a public network. It is a protocol suite that comprises several protocols used together to ensure a secure connection. 

With IPSec, you need to set up your VPN client on every user device connected to the VPN concentrator. Compared to SSL, it is usually harder to configure, but it is highly secure and effective. Using IPSec works best when employees/users connect to the VPN concentrator from a permanent location. For example, corporations connecting their headquarters to branch offices. IPSec VPNs allow full access to a network, which is why network teams need to configure multiple VPNs for different levels of access. 

On the other hand, SSL provides more versatility compared to IPSec. With SSL, you don’t need to install VPN client software on user devices. In addition, it runs at the application layer of the OSI model, encrypting HTTP traffic instead of IP packets like IPSec does. Therefore, you install SSL VPN clients into browsers or operating systems. Access is based on individual credentials, and the network team can allow access on an application-by-application basis. Plus, you can access an SSL VPN from any remote location. However, users will not be able to have access to shared resources that are not web-based. 

When Do You Need a VPN Concentrator?

Since we have established that a VPN concentrator is like a VPN router that operates on a larger scale, it makes sense that we look at when it becomes necessary for entities to use a VPN concentrator. Due to the scale at which VPN concentrators operate and their cost, small businesses might not need one. A VPN router can meet the security needs of a small business. However, as a medium-sized enterprise business owner, if you have a significant number of remote employees that need secure access to your network, getting a VPN concentrator is not a bad idea. 

A VPN concentrator becomes necessary in large businesses with hundreds or thousands of employees in different locations that need secure remote access to their networks. VPN concentrators also offer more than just encryption and decryption. Some of them have built-in firewall functions and can function as one. At the end of the day, the needs of a business determine whether or not it needs a VPN concentrator. Large business corporations are more likely to deploy a VPN concentrator than SMEs. 

Benefits of Using a VPN Concentrator

VPN concentrators are important in medium-to-large businesses as they keep communication to and from the corporate network secure. While small businesses can use VPN concentrators, it is highly unnecessary as a VPN router is sufficient for keeping their networks secure. Below, we look at the benefits of using a VPN concentrator. 

1. Secure Network

The importance of having a secure network cannot be overemphasized, especially for companies that require a high level of security for sensitive or vital data. A VPN concentrator provides a secure way for employees to access their company’s private network remotely. This prevents malicious entities from having access to corporate data. Companies used the remote desktop application until they discovered it is easier for bad actors to infiltrate their networks. A VPN concentrator takes away that worry and makes it challenging for anyone to break private networks. 

2. Network and Server Access

The sheer number of simultaneous VPN connections a VPN concentrator can take makes it attractive to large corporations that need to give access to their network to hundreds or thousands of employees at the same time. In addition, employees can also access company servers from anywhere in the world. This is especially important for employees who work from home and need to access their corporate network on a public connection. 

VPN Concentrator Vs. VPN Router

Deciding if you need a VPN concentrator or a VPN router usually boils down to the number of VPN connections you need. A VPN concentrator and a VPN router are similar, but there are also differences that highlight the need for one over the other. The most crucial difference between both devices is the sheer number of simultaneous VPN connections they can handle. A VPN concentrator can take way more simultaneous VPN connections than a VPN router. 

With a VPN concentrator, you can create and manage thousands of VPN connections. Therefore, VPN concentrators are preferable for use in the corporate environment (medium-to-large corporations). On the other hand, VPN routers are what you need if you own a small business or want multiple VPN connections in your home. Besides, a VPN concentrator costs more than a VPN router; it will be pointless to purchase such an advanced device and fail to take advantage of its abilities. 

In addition, it is easier to set up and manage a VPN router than a VPN concentrator. For example, setting up a VPN concentrator will require you to configure VPN clients on all devices connecting to it. On the other hand, you don’t need to configure VPN clients on devices that connect to a VPN router.  

VPN Concentrator Vs. Site-To-Site VPN

A VPN concentrator and site-to-site VPN connections are similar in that they both offer encryption and decryption services. The major differences between both of them lie in the capacity of VPN connections they can handle and their purposes. A site-to-site VPN connection is usually a network-to-network connection. For example, you would use a site-to-site connection to connect a corporate network and a branch office network. It is usually a permanent connection that corporate entities use to link their offices, and the link is generally between two networking devices. 

On the other hand, a VPN concentrator provides remote access from anywhere to corporate networks. Unlike site-to-site connections, you don’t need to be in a specific geographical area to have access to the network. Plus, VPN concentrators handle multiple users at the same time. As a result, it is your go-to if a corporate entity needs hundreds or thousands of VPN connections to work simultaneously. 

Best VPN Concentrators

There are a few brands that represent a significant part of the VPN concentrator market. Below, we take a look at the best brands that manufacture VPN concentrators. 

1. Cisco Meraki VPN Concentrator

Industry leader Cisco has been a networking giant for so many years. Its Meraki VPN concentrator brand is one of the most popular in the market. With effective and easy-to-deploy concentrators, Cisco is usually the go-to brand for businesses that need VPN concentrators. It has features such as intrusion prevention, content filtering, malware protection, centralized management, high availability, and firewall capabilities. 

2. ShoreTel VPN Concentrator

ShoreTel is another brand that is necessary if a business needs to add a secure remote IP telephony network to its network. It primarily focuses on creating a secure connection for IP phones and allows multiple simultaneous connections. 

3. Aruba VPN Concentrator

Aruba is another brand that can give corporate employees secure remote access to their networks. Hewlett-Packard owns Aruba, and with their success in the tech industry, businesses can trust them to interconnect their networks with remote users securely. 

Conclusion

There are other alternatives to a VPN concentrator, including a VPN router and site-to-site VPN connections. The security and access needs of a business will determine what VPN solution and deployment it needs. In addition, companies that require a VPN concentrator will need to decide whether to use an IPSec-based VPN or an SSL-based VPN concentrator. We hope this article has given you a better understanding of a VPN concentrator.