In this write-up we explore the transition of dial-up to always on world. Traditional VPN is going through same process and transition from dial-up IPSEC VPN to always on Zscaler ZPA.
Traditional Dial up
When I started to use internet in the 90’s, I was using dial-up modem over a public switched telephone network to get connected. That is the only way for user to connect to the internet or any servers at that time. I fondly remember the joy of the dial-up modem gibberish sound on the background; that means a good proper connection is imminent and we are ready to use the internet. Each dial-up could be taking a good 1-2 minutes to negotiate and get stabilize. A group of us will be hoarding the PSTN line for hours to play our favourite multi-player games “Quakes”. Telephone operators were fumed as this mean that we were hoarding their lines in the telephone exchange and decreased their quality of services (as lines are packed and voice call users might not able to make a calls if there is a congestion). Our online games were also more often disrupted with disconnection, reason could be from line quality or exchanges itself. During peak hours for internet (8pm-11pm) , we will be having difficulty dialing in and everyone will dial harder and pray for the connection not to disconnect.
Always on Broadband
Once Broadband (DSL and FTTH) is introduced we do not have this issue anymore as it is “always-on” concept. I can use internet at anytime, anywhere (with WIFI) and do not need to do the dial-up anymore. We all get used to this new convenience.
VPN is a concept that using tunnelling technology to allow user on public internet to connect to their corporate server in office. Like the dial-up experience, user also need to establish the IPSEC or SSL VPN connection to their corporate VPN appliances. Each “dial-up” will take up 1-2 minutes to establish the connection. Once the user on corporate network, they can perform all tasks and they are expected to drop off their connection or else other users will be deprived from dial into the corporate network.
Administrator of the VPN appliance might also implementing time-out that automatically drop the user connection after a certain period of time in order to ensure there is enough resource to let other user dial in. As more corporate had been moving to real time update on enterprise applications and team collaboration, it is important that all information is synchronisation instantly. This means they need to have their VPN connection on most of the time and this is also true when they are working from home. With traditional VPN that expected user to dial-in and disconnect, it is really counter intuitive as user are expected to work like in office environment and yet they will be end up managing the dial-up on and off network to get into the corporate resources.
Always on experience with Zscaler ZPA
With Zscaler ZPA, user will get the same experience as “broadband” with always-on concept. Zscaler ZPA a full cloud with secure zero trust model that allows user to have always-on their corporate network even they work from home as long there are internet. Once authenticated each user can access to their enterprise applications and tools that can be micro-segmented based on user. With enterprise applications resided in multi-cloud (e.g. AWS, AZURE, GCP, Alibaba Cloud), it is more important that user can connect directly through Zscaler to these clouds rather than tunnel through corporate HQ and only route back to clouds through multiple internal hops. I am sure users will prefer always-on experience and faster speed access to multi-cloud once they are required to accessing corporate resources up to 8 hours a day (during the covid-19 lockdown).
As Zscaler ZPA is a true cloud model, scalability for it is matter of hours rather than weeks (to wait for VPN appliances to be shipped and deployed), corporate IT admin can benefits for it with the sudden change of requirement for all users to work from home or even other locations.