Traditional client VPN's require users to choose to connect and when they are not connected, the security and visibility of the device is removed. When a traditional VPN is not connected, the machine is offline and cannot be patched, scanned or managed. Traditional VPN's require the use of cached credentials and can result in users passwords being out of sync.
The always on VPN uses machine based tunnels, connecting as soon as the machine is booted, before a user logs in. All user authentication is then completed against a Domain Controller.
Whilst connected the machine is fully reachable by all patch and endpoint management tools as if the device was at ‘head office’. The connection is authenticated by certificates, with easy deployment via Group Policy. The VPN is location aware; it only connects when the device is outside the corporate network.
As more people are working remotely or from home, always on VPN is a necessity for all organisations. Always on VPN can scale from a single connection to tens of thousands. Combining the always on VPN with a Next Generation Threat Extraction equipped firewall means that all user traffic is checked for malware and content. When integrated with the features that a hyperscale cloud can provide, always on VPN can be used across the world; with the machines making connections to their closest firewall whilst having the resiliance to connect to others if needed.