1
00:00:00,000 --> 00:00:18,440
Hey everyone and welcome back. So now what I want to draw your attention to is the concept

2
00:00:18,440 --> 00:00:25,800
of a virtual private network. Now no doubt at some point you have heard this term before

3
00:00:25,800 --> 00:00:33,439
even by its short hand version a VPN and you may be able to infer by the name alone that

4
00:00:33,439 --> 00:00:40,120
this has something to do with privacy and networking but the reality is we want to understand

5
00:00:40,120 --> 00:00:46,760
the concept and the architecture of VPNs a little bit more before configuring our own

6
00:00:46,760 --> 00:00:53,519
VPN connection. So let's talk a little bit about why a VPN would even be needed. So check

7
00:00:53,520 --> 00:00:59,280
this out imagine that you had some type of site this could be a company. Let's imagine that this is

8
00:00:59,280 --> 00:01:05,040
in the United Kingdom. This could be one big office with multiple floors whatever it may be. And

9
00:01:05,040 --> 00:01:11,000
on those floors whatever it may be you may have lots and lots of people connected on machines

10
00:01:11,000 --> 00:01:18,120
and all the way across at the other side of the world. Let's maybe say you have an office in the

11
00:01:18,120 --> 00:01:25,320
United States and again lots of users within this building. Okay so we have these two distinct

12
00:01:25,320 --> 00:01:33,359
offices and that is all very well and good. Now we know that locally if the people in the USA

13
00:01:33,359 --> 00:01:38,640
wanted to connect to the public internet we could just have a connection to an ISP which would be

14
00:01:38,640 --> 00:01:44,680
your internet service provider and that would allow the people in the USA to ultimately route

15
00:01:44,720 --> 00:01:50,200
through this ISP and visit all of the sites on the internet that they would have to actually access

16
00:01:50,200 --> 00:01:57,400
to use for their job. Similarly if we were in the United Kingdom we could do the same thing.

17
00:01:57,400 --> 00:02:04,400
Connect to an ISP and suddenly all the users within this building now have internet access. The

18
00:02:04,400 --> 00:02:12,520
question remains though is what if we happen to need connectivity between these two sites? Well I

19
00:02:13,000 --> 00:02:19,520
suppose if they were close enough we could just connect one big cable between these two sites to

20
00:02:19,520 --> 00:02:25,360
ultimately link and transit data across that particular link. But as we know the distance here

21
00:02:25,360 --> 00:02:32,240
from the UK to the USA is not trivial so this is not really the solution that we can just use.

22
00:02:32,240 --> 00:02:40,160
Ultimately what we're talking about here is a wide area network. This is a type of network that is

23
00:02:40,199 --> 00:02:44,879
going to spread over a large expanse. It means that we're not going to be able to just you know

24
00:02:44,879 --> 00:02:50,759
just like we could with a switch and a router grab some simple ethernet cable and plug in and

25
00:02:50,759 --> 00:02:57,439
connect these two devices or these two sites in this case. Instead we have to be a little bit more

26
00:02:57,439 --> 00:03:03,319
creative and this is why we have these whole different technologies known as WAN technologies

27
00:03:03,359 --> 00:03:12,799
to handle those large geographical areas. So one thing we can do is we can rent a line. So really

28
00:03:12,799 --> 00:03:18,359
what we would have here is if I just briefly draw this one more time. We have our site in the UK

29
00:03:18,359 --> 00:03:27,639
and our site in the USA. Both of these sites could ultimately rent a circuit known as an MPLS

30
00:03:27,959 --> 00:03:33,879
circuit. This is going to be provided by an external carrier who have massive infrastructure so

31
00:03:33,879 --> 00:03:38,439
that it's not just you walking out and plugging in a cable. You're actually renting an entire

32
00:03:38,439 --> 00:03:44,000
infrastructure puts in place which is going to cost millions and millions and millions of pounds

33
00:03:44,000 --> 00:03:49,759
or dollars whatever it may be. So you really rent this service and what this would allow you to do

34
00:03:49,759 --> 00:03:55,839
it means you can have this private connection all the way from the UK all the way to the USA

35
00:03:55,840 --> 00:04:02,680
and this pipe ultimately which you have is going to be your little pipe. So inherently because

36
00:04:02,680 --> 00:04:08,800
you're the only one who is using this particular circuit. There is a built-in security to that

37
00:04:08,800 --> 00:04:14,400
circuit because well it's only you that is using it. Obviously there has to be some trust of the

38
00:04:14,400 --> 00:04:21,199
third party whereby who you are actually renting the MPLS circuit from. But can you imagine what

39
00:04:21,279 --> 00:04:27,199
may be the problem in utilizing this type of solution. You're going to this third party and

40
00:04:27,199 --> 00:04:35,680
you are renting one particular line to connect these two sites. So if it isn't cleared quite just

41
00:04:35,680 --> 00:04:41,519
yet the problem here is that this can be quite expensive you know and because of the expense it

42
00:04:41,519 --> 00:04:48,560
really does hurt scalability. Let's say then that we happen to grow our company and we have more

43
00:04:48,639 --> 00:04:53,120
sites popping up then how are we going to interconnect all of those other sites. I mean it

44
00:04:53,120 --> 00:05:02,000
does become problematic. So this became a bit of an issue with companies worldwide and whilst MPLS

45
00:05:02,000 --> 00:05:06,879
certainly does have its place it certainly has its place for things such as voice technology whereby

46
00:05:06,879 --> 00:05:14,959
you can really control the quality of your voice packets. The reality is this is not the most

47
00:05:14,959 --> 00:05:21,519
affordable solution and in the corporate world the dollar counts most so very often what happened

48
00:05:21,519 --> 00:05:28,399
is that people were looking for other solutions. Now one big wide area network that we all use all

49
00:05:28,399 --> 00:05:35,919
the time is the internet. Think about it if I happen to be here in Scotland in the United Kingdom

50
00:05:35,919 --> 00:05:42,879
and I want to talk to my friend Trevor in the USA. Well we can actually talk to each other say for

51
00:05:42,879 --> 00:05:49,839
example over Slack or over Discord whatever it may be and the way the connection is facilitated

52
00:05:49,839 --> 00:05:55,920
is actually using the public internet. So that got people thinking if we can ultimately communicate

53
00:05:55,920 --> 00:06:02,879
long distance over the public internet internet connections are not very expensive then why can't

54
00:06:02,879 --> 00:06:08,719
we implement this in a corporate setting and this really is the type of solution what we're talking

55
00:06:08,720 --> 00:06:18,640
about therefore we could then have our USA office as well as our UK office and we want to facilitate

56
00:06:18,640 --> 00:06:25,280
this connection by both sites reaching out to the public internet. Now I want to be clear here what

57
00:06:25,280 --> 00:06:32,480
we're not talking about is just using something like say a chat application like Slack or Discord.

58
00:06:32,560 --> 00:06:40,000
What we actually want here is we want a connection that is going to use the public internet but over

59
00:06:40,000 --> 00:06:45,759
that public internet we're going to create a very specific tunnel. Now that tunnel is going to do

60
00:06:45,759 --> 00:06:53,120
something pretty cool so let's imagine that we had some type of internal IP address like say let's

61
00:06:53,120 --> 00:07:03,280
say 192.168 and this could be 1.0 slash 24 that would be the private IP addressing within

62
00:07:03,280 --> 00:07:08,399
this corporation remember we talked about that we can have private IP addresses and then at the

63
00:07:08,399 --> 00:07:14,959
edge we could have a public facing IP address which would be translated using network address

64
00:07:14,959 --> 00:07:20,639
translation we talked about this earlier on within this course but crucially internally

65
00:07:20,639 --> 00:07:26,319
we have this internal private IP addressing. Now if you recall when we talked about NAT,

66
00:07:26,959 --> 00:07:32,959
NAT is ultimately going to hide away this private IP address and from anyone who is external say

67
00:07:32,959 --> 00:07:40,000
for example people here in the USA if we want to communicate they would ultimately talk to our

68
00:07:40,000 --> 00:07:46,399
public global IP address which would then be translated by the default gateway and facilitate

69
00:07:46,399 --> 00:07:53,599
that connection into the private network but the site here could not actually see this internal

70
00:07:53,599 --> 00:08:00,239
addressing. Now here is the difference let's imagine that this site here is going to have a

71
00:08:00,239 --> 00:08:07,759
private addressing of 192.168 and let's just say this was 2.0 slash 24 so whilst we are building

72
00:08:07,759 --> 00:08:14,799
the connection over the internet the net effect is it's going to feel like there is just one big

73
00:08:14,800 --> 00:08:22,000
cable directly connecting these two sites that is how it is logically going to be implemented even

74
00:08:22,000 --> 00:08:28,480
if not the physical architecture and that would mean that what we could do here is we would have a

75
00:08:28,480 --> 00:08:34,720
tunnel interface created let's just call this ton zero and on this side here we would call this

76
00:08:34,720 --> 00:08:41,759
ton zero again this interface does not physically exist it's just a logical construct so what I

77
00:08:41,759 --> 00:08:49,519
could do is I can make the tunnel IP address here 10 let's just say 20 30.1 and that would be a slash

78
00:08:49,519 --> 00:09:02,240
24 and this one could be 10 20 32 and these two IP addresses would be on the same network so that

79
00:09:02,240 --> 00:09:11,039
this site here can talk to this site here over this network and if we have private IP addressing

80
00:09:11,039 --> 00:09:16,959
on other interfaces say for example these two here we can ultimately advertise them via routing

81
00:09:16,959 --> 00:09:24,959
protocols if we so wish meaning that the USA site over the internet ultimately can see the private IP

82
00:09:24,959 --> 00:09:33,919
addressing advertised by the UK site and vice versa now this is not just the benefit of using VPNs of

83
00:09:33,919 --> 00:09:41,439
course for the regular end user been able to see internal IP addressing is not very useful but the

84
00:09:41,439 --> 00:09:50,159
reality is for sharing local and private resources say for example a server or a printer that is on

85
00:09:50,159 --> 00:09:57,279
this particular network in the UK it can feel like that server or printer physically resides in the

86
00:09:57,279 --> 00:10:04,959
USA sites to an end user even though its physical location is on the other side of the world because

87
00:10:05,600 --> 00:10:12,879
like I say we are constructing this tunnel interface over the public internet so really what we're

88
00:10:12,879 --> 00:10:21,439
doing is that we are allowing remote sites and their resources to appear as if they are actually

89
00:10:21,440 --> 00:10:27,920
local to us so things which are otherwise hidden behind firewalls things which are otherwise

90
00:10:27,920 --> 00:10:35,200
addressed internally servers suddenly become accessible to remote systems and again we can do

91
00:10:35,200 --> 00:10:42,480
this in an inexpensive way by utilizing a simple cheap internet connection so no more big expense

92
00:10:43,120 --> 00:10:48,640
and because we're going to utilize cryptography we're also going to have a fully encrypted

93
00:10:48,639 --> 00:10:55,600
connection which is secure as well as you guessed it as in the name private so when we have a solution

94
00:10:55,600 --> 00:11:02,319
which is private secure as well as inexpensive you can clearly see why VPNs are very very popular

95
00:11:02,319 --> 00:11:08,240
in the enterprise world now one thing to note about VPNs is that we can have different types of

96
00:11:08,240 --> 00:11:15,919
VPNs we could have a site to site VPN and that is the architecture which I just described we have

97
00:11:16,479 --> 00:11:21,839
one location say for example like I say in the UK we could have another one in the USA

98
00:11:21,839 --> 00:11:30,719
two separate sites however we can also just set up a remote access VPN and this is very very popular

99
00:11:30,719 --> 00:11:36,959
this would mean that again you could have one main headquarters let's just say your headquarters

100
00:11:36,959 --> 00:11:45,039
were located in New York City and within these headquarters you had lots of important servers

101
00:11:45,039 --> 00:11:52,159
which maybe be internal databases whatever it may be and you happen to have some type of remote

102
00:11:52,159 --> 00:11:58,959
user so this could be an employee with a laptop what if that employee wants to access the internal

103
00:11:58,959 --> 00:12:06,480
resources of the headquarters but like I say this happens to be a remote worker meaning that this

104
00:12:06,480 --> 00:12:14,319
employee he or she could take their laptop on a train and one day let's say they're in a conference

105
00:12:15,039 --> 00:12:22,240
in London and then the next day they have to get a flight to go to Berlin so even if this remote

106
00:12:22,240 --> 00:12:29,679
worker is continually on planes trains and automobiles it doesn't actually matter because via the

107
00:12:29,679 --> 00:12:38,319
software on their laptop they can ultimately still utilize an internet connection and build that tunnel

108
00:12:38,319 --> 00:12:44,559
from their wi-fi connection whatever it may be in London into the headquarters so that they can

109
00:12:44,559 --> 00:12:51,279
access the internal sites or the internal resources should I say on the site or like I say they shut

110
00:12:51,279 --> 00:12:58,000
down the connection they go to Berlin they then re-establish their VPN connection they can then

111
00:12:58,000 --> 00:13:05,839
VPN back into the headquarters this time via Berlin ultimately the net effect is the same we have

112
00:13:05,839 --> 00:13:11,599
the privacy and the security of the connection itself because it's going to be encrypted and

113
00:13:11,680 --> 00:13:18,240
it's not going to be expensive at all and in fact the remote worker may just be using a public wi-fi

114
00:13:18,240 --> 00:13:24,639
connection that is costing them nothing so you can see the advantages of that but ultimately

115
00:13:24,639 --> 00:13:31,279
realistically what we're talking about with the VPN is just a secure cheap way to connect sites or

116
00:13:31,279 --> 00:13:39,120
people over a relatively large area and make them appear as if they're working within the same office

117
00:13:39,120 --> 00:13:44,879
side by side so that really is the general gist of what a VPN is going to give us we still have

118
00:13:44,879 --> 00:13:50,000
more components to look at within the VPN and that's what we'll be doing in the very next nugget

119
00:13:50,000 --> 00:13:53,840
so I hope it's been informative for you and I'd like to thank you for viewing