VPN Alternative for Web Apps


There are many technologies out there to continue letting let people work while stuck at home.

A big part of the solution you use all comes down to what your typical day looked like. And by typical, I’m talking about life before lockdown. Where you an office-based user? What types of apps did you access? I see about 4 typical scenarios (there are probably more, but these are some of the major ones I see).

  1. Web/SaaS App Users
  2. Client/server users
  3. Desktop Office Users
  4. Desktop Remote Users.

Let’s start with a focus on Web apps.

Web/SaaS App Users

First, I categorize SaaS apps as a browser-based app running in the cloud and hosted by a 3rd party. A Web app is a browser-based app running within the confines of the data center.

Personally, I access roughly 11 different browser-based apps (a fairly even mix of SaaS and web) and most of the time I’m not sure if it is a web app or SaaS app. I can guarantee you that I don’t have the URLs memorized.

The challenge with a Web app is that it sits on the data center’s internal network.

For many, you would simply start a VPN. But have you ever

  • Received a letter from your broadband provider informing you that you were doing something against the usage policy? Your broadband provider is watching you. This doesn’t make me happy, but it is understandable since you are using their service.
  • Accessed personal websites while in the office? Your IT team is watching you. Again, this is understandable as you are on the corporate network and it is the job of IT to secure the environment.
  • Been at home, used your personal device, launched a VPN to access a corporate web app and also accessed external, personal sites? If the VPN isn’t setup and configured correctly, chances are your actions on this personal information is still being monitored.

There is a capability with most VPNs called Split DNS. When you make a request for a website or service, that request is sent to your primary DNS server. With Split DNS, the DNS request gets split between the corporate DNS server (over the VPN) and the user’s public DNS server (not through the VPN). However, what if this isn’t setup correctly? Then every DNS request goes over the VPN. The IT team is able to see what websites you are trying to access.

Many times, user’s have no control over this. And even if they did, how many would be knowledgeable about enabling split DNS?

This is why I avoid using VPNs for work. It has been at least more than 10 years since I used a work-related VPN. I don’t want my IT team to know my banking information, my health information or any of my personal, non-work-related interests.

With Citrix Workspace, we utilize a connector, deployed within the internal network. This connection creates an outbound connection to Citrix Workspace, which simplifies firewall configurations. When the user launches a web app from within Citrix Workspace, only that session utilizes the connection to the internal resource. If the user launches a browser and accesses their banking site, that browser is a different session and does not go through the corporate network.

For users needing to access internal, web-based apps, Citrix Workspace

  1. Doesn’t require the user to install, configure and launch a VPN
  2. Utilizes an outbound connection, simplifying firewall configurations
  3. Only sends app-related user traffic to the internal network.

A user’s private and personal information remains private.

Daniel

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.