A service such as a virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection, such as through the use of dedicated connections, virtual tunneling protocols, with or without traffic encryptions.
Different tunneling protocols can be used to provide VPN solutions depending on the technology deployed. In order to enable communication from a device (e.g. a PC, laptop, or handheld device) from anywhere in the Internet, VPN solutions have to ensure that the used communication protocol is able to traverse firewalls and a plethora of devices en-route to the VPN server end-point. SSL (Secure Sockets Layer) (TCP port 443) communication is allowed by wide verity of intermediate devices and hence can traverse firewalls.
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, HTTPS is not a protocol in and of itself, but is the result of layering the Hypertext Transfer Protocol (HTTP) on top of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The use of HTTPS helps to prevent wiretapping and man-in-the-middle attacks on communications.
A problem in using SSL with a VPN as a service is that the VPN service provider has to dedicate a separate public IP (Internet Protocol) address for each tenant of the service, as the destination TCP port has to be 443. This can be expensive, because public IP addresses, specifically in the IPV4 (Internet Protocol version 4) Internet, are a scarce and expensive resource. Furthermore, current VPN gateway solutions are single tenanted, such that each gateway is able to support only a single tenant. In such a scenario, the service provider deploys a separate machine for each tenant.