The demand for secure remote access is growing rapidly driven by the new wave of Internet of Things. More and more systems are automated and require maintenance, troubleshooting, upgrades and remote access in a secure way. It is no longer economically viable to physically go onsite and connect locally to perform these tasks. This is especially true in case of control systems that are deployed in large numbers and only require access on an occasional basis.


Every remote access solution requires three components, the client on the connecting system, the server and the client on the remote device. The VPN server will connect both sides (tunnels) of the client together to allow remote access. A number of challenges are associated with the current solutions:

On the user client side:

For the most solutions dedicated clients are required. This implies that for different operating systems (Linux, MAC, Windows) and devices (iOS, PC, Android) dedicated clients need to be available and maintained, including support for different operating systems flavours and versions. Moreover the setup of such clients is not always straightforward and requires a fair amount of technical knowledge/support.

The server side:

A permanent tunnel is created from the remote device to the VPN server as most devices have connections that do not have a publically accessible IP address and are therefore not directly reachable (they receive a private IP address and are behind NAT/NAPT). Maintaining a permanent VPN tunnel to the VPN server requires highend, dedicated server hardware (VPN concentrator) and makes the solution complex and expensive. Also, to connect different customers (multi-tenant support) and ensure clear network separation, a complex network setup is required.

The remote device:

The remote device is permanently connected to the VPN server (as explained in the previous point). The traffic associated to keep the VPN tunnel open can be large especially in mobile networks.