Always On VPN (2024)

Easily integrate a unified security solution across your organization’s cloud-hybrid network, with the Perimeter 81’s Always On VPN solution.

What is an Always On VPN?

Always On VPN is Microsoft’s technology for Windows 10 clients that replaces Direct Access and provides secure remote access for clients.

Replacing Microsoft’s older Direct Access technology, the VPN connection is “always on” and securely connected to the internet after the connection is established.

Supported clients of Always On VPN versus DirectAccess include domain-joined and non-domain-joined clients, Azure AD-joined devices, and BYOD configurations.

Active VPN profiles connect automatically and remain connected for scenarios such as user sign-in, network state changes, or changes in the state of a device screen.

Always On VPN allows IT administrators to create secure VPN connections to applications hosted on Azure with minimal configuration.

To support Always On VPN, point-to-site VPN connections must be enabled on the Azure VPN gateway.

Through an Always On VPN, enterprises are able to deploy a VPN connection with minimal additional rules or settings, meaning users will experience a smoother, faster and more reliable connection.

By implementing Always On VPN with Azure, organizations can also easily automate identity and access management processes and allow employees to connect and access applications.

What are the Benefits of Always On VPN Technology?

Always On VPN technology provides significant advantages for enterprise customers that are looking for simplified access to internet services, while preventing service disruptions when employees are on the go.

Always On VPN has several benefits over Direct Access technology including:

Platform Integration
Always On VPNs tightly integrate with the Windows operating system and third-party solutions for many advanced VPN connection types.

Security
Always On VPN security restricts application traffic and the authentication methods for connection initiation.

VPN Connectivity
Always On VPN, with or without Device Tunneling, automatically establishes secure connections through user or device authentication.

Networking Control
Always On VPNs allow IT administrators to set granular routing policies from users to the application level. This helps secure access to critical business applications that require special remote access.

Configuration and Compatibility
Always On VPNs can be deployed using the IKEv2 protocol to facilitate interoperability with third-party VPN gateways supporting this industry-standard tunneling protocol.

How Does an Always On VPN Work?

Always On VPN connections use two types of tunnels: device tunnels and user tunnels for secure remote access services.

Device tunnels connect to VPN servers before users sign in to a network approved device. Connectivity use cases needing pre-sign authorization or device management scenarios also can enjoy device tunneling.

User tunnels, on the other hand, connect only after users sign into their device for accessing organization resources through the Always On VPN service.

Because device and user tunnels operate separately from their VPN profiles, they can be connected at the same time and use different authentication methods or configuration settings.

Always On VPNs use the default Windows 10 built-in Extensible Authentication Protocol (EAP) for secure authentication via username and password or certificate-based login methods. EAP-based authentication can be used only with a built-in VPN type such as IKEv2, L2TP, PPTP or Automatic.

What Type of Security Does Always On VPN Technology Provide?

Always On VPNs provide various security functions including per-app VPN capabilities, rules-based traffic filtering, customized IPsec cryptography algorithms and native Extensible Authentication Protocol (EAP) support. Two types of filtering rules are available: App-based rules and traffic-based rules.

Per-app VPN services provide application-based traffic filtering to restrict access to a specific application versus all applications on the VPN, while automatically initiating when the VPN service starts.

Traffic-based firewall rules specify network access requirements for ports, addresses, and protocols. These match traffic to specific conditions with access permissions for the VPN interface.

Always On VPN also supports the use of both RSA and elliptic curve cryptography–based custom cryptographic algorithms to meet government and organizational security policies.

Moreover, Always On VPNs support Native Extensible Authentication Protocol (EAP) that supports Microsoft and third-party EAP authentication workflows. EAP provides secure authentication for the following authentication types:

• Username and password
• Physical and virtual smart cards
• User certificates
• Windows Hello for Business
• MFA support by way of EAP RADIUS integration

Application vendors can control third-party VPN plug-in authentication methods including custom credential types and one-time password (OTP) support.

Protect Your Organization’s Resources with Perimeter 81

Highlighting the Benefits of Always On VPN

1. Platform Integration
2. Cloud Agnostic Integration
3. Secure, integrated network access
4. Networking Control
5. Configuration and Compatibility

Combined with SASE our Always On VPN Consists of 4 Primary Capabilities

Unified Network Platform
One cloud-based platform capable of access management, monitoring, permissioning, and other IT necessities.

Multi-Tenant Cloud
Divide the network into segments according to your security policies. Segregation protects network resources.

Easy to Use Clients
Support for 2FA and single sign-on across mobile devices using iOS and Android, PC and Mac desktops and the web.

Zero Trust Access
Requiring both user and device authentication, this multilayered model hinges security on users, not perimeters.

What Perimeter 81 Offers Your Organization

Security on All Devices: BYOD policies multiply the number and variety of devices connecting to your network. Always On VPNs can offer authorized, secure access for all devices and remote workers no matter the details.

Cloud Agnostic Integration: The ease with which a VPN alternative integrates into any cloud-based platform or service (as well as local environments) enables organizations to protect all their resources in a unified fashion.

Superior Quality Assurance: Connecting to the Business VPN through a diverse global server array helps the QA and marketing teams determine how best to target different markets, and how successful current efforts are.

Safe Remote Access: Automatic Wi-Fi security lets remote workers connect to sensitive resources from the public internet without fear of exposure, while encrypted tunnels shield data sharing from prying eyes.

Precise User Segmentation: Beyond the capabilities of traditional Cloud VPNs, the addition of granular policy-based permissioning helps organizations exercise greater control over those entering their network.

IP Whitelisting: Explicitly define the IP addresses that are allowed to access the network, granting IT teams a stronger grip on security and also the ability to assign static IPs to automatically trusted sources of traffic.

The Perimeter 81 Always On VPN Includes:

• Manage cloud resources in a unified platform
• 24/7 knowledgeable customer support
• Unlimited bandwidth and data availability
• Automatic Wi-Fi security
• Comprehensive auditing and reporting capabilities
• Multiple global private and public VPN gateways