The need for creating secure logical networks over public and insecure communication lines, such as the Internet, continues to grow. Organizations desire and many times require secure communications with remote clients or services. As a practical matter, dedicated communication lines and equipment are not viable options, since these are unnecessarily expensive and require ongoing maintenance and support. Thus, organizations have opted for a less expensive option and an easier option to implement and deploy. This option is referred to as a Virtual Private Network (VPN).
A VPN uses an insecure network (e.g., Internet or public telecommunications infrastructure) for providing secure communications between remote clients or services. A VPN requires participants to have a common infrastructure to support common encryption, decryption, security, and certain protocols. Data is encrypted from one participant and tunneled using a secure protocol to another participant, where that data is decrypted and consumed. In some cases, even the address of the participants in a VPN is encrypted.
With VPN techniques there are local computing environments associated with local clients or services and a remote computing environments associated with remote clients of services. Conventionally, each local client needs to support VPN communications and directly establish secure communications (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS)) with a VPN server. This means each local client needs client-side software and a custom configuration in order to participate in a desired VPN with a remote client or service.
As is readily apparent, implementation of conventional VPN techniques within local networking environments can be challenging and time consuming, since each client of the local environment needs to be configured, maintained, and supported. However, often there is little concern with the security of communications being compromised within a local and trusted networking environment.
That is, security concerns are mainly associated with specific communications exiting and coming into the local networking environment over the insecure network connection (e.g., Internet). Thus, managing VPN techniques at each individual local client or service within the local networking environment is excessive and not necessary in order to ensure proper security. In other words, a single local service could ensure that all local clients participating within a VPN distribute and receive secure communications over the insecure network with desired remote clients or services. In this manner, clients or services can participate in a VPN via the service without having any individual and specific configuration, support, or maintenance being required.
Another drawback to traditional VPN techniques is that caching of data communicated during a VPN session is not available. This means that clients, who manage their own VPN session experience slower communication rates with their desired remote clients or services. Thus, there is a need for accelerating data delivery via local caching to local clients during VPN sessions.
Thus, improved techniques for transparently administering VPNs are needed.