Conventionally, Information Technology (IT) departments and the like see data and computing assets in three possible domains, namely (1) internal networks, (2) private clouds, and (3) public clouds or Software-as-a-Service (SaaS). As computing moves to the cloud, users may access internal data such as through database applications, etc. through a VPN, access their own documents via a public cloud (e.g., Microsoft OneDrive, Google Drive, Dropbox, Apple iCloud, etc.), etc. This distribution of data and computing assets makes it very difficult for an enterprise user to connect seamlessly to applications (“apps”) in these domains (without regard to their topology/connectivity/location), and, for the IT administrator, it is difficult to enforce a single, coherent set of policies across these three domains. Note, that the enterprise users can be nomadic in nature or be situated in untrusted branch offices. The current state of the art requires the IT admin to hairpin all end-user traffic back to the corporate data center via a traditional VPN (e.g., Secure Sockets Layer (SSL) or Internet Protocol Security (IPsec))—and then jump to the other domains via point-to-point dedicated VPNs. This approach increases the incoming and outgoing bandwidth to the corporate data center linearly with every new branch or nomadic user. This increase in traffic is completely un-necessary—since most of the inbound VPN traffic will go out through a dedicated VPN to the private cloud.
A second alternative is to install a Firewall & VPN server in every private cloud and setup application routing rules—so that apps can talk between the domains and across multiple private cloud instances. Disadvantageously, this greatly increases administrative complexity and adds multiple points of security weakness. Thus, there is a need in the market for a “Global VPN” that leverages the cloud to maintain a single secure VPN to the cloud—and direct traffic to various enterprises assets per authentication and security policies—and in particular, provide a safe path from the cloud back to enterprise data center.