6. Can I use VPNs in virtual environments?
Yes, and doing so may enhance VPN security.
Many vendors are coming out with versions of their VPN software that run on virtual server platforms. This is desirable for businesses in the midst of virtualization of servers as a way to reduce the number of devices and the electrical power expended in data centers.
The trade-off is that means not using VPN appliances, which are a popular means of deploying VPN gateways because they are separate devices managed separately.
On the client side of the VPN, a remote machine can help improve VPN security, according to VMware.
Users can configure remote virtual desktops so that they must access corporate sites via a VPN gateway. At the same time, the physical host that the virtual desktop runs on can be barred from the VPN.
So the virtual machine becomes the entity that joins the VPN, meaning that any compromises of the host machine itself are isolated on the physical machine and cannot spread through the VPN into the corporate network.
Virtual machine policies can restrict virtual desktops so they can access nothing but the VPN, making them insulated from attacks originating outside the VPN. "You isolate the virtual machine from everything except the corporate VPN server," VMware says.
Further virtual machine policies can encrypt all data in the virtual machine and block the data from being transferred out of the virtual machine, making it even less likely that data accessed via VPN can be compromised.
Virtual machine expiration policies can further secure VPNs. If a contractor, for example, is granted corporate VPN access via a virtual desktop on the contractor's own machine, the virtual machine can be configured to expire at a certain time, say, the date the contract runs out, VMware says.