In the last decade, the Virtual Private Network (VPN) grew from a niche product for businesses into a global consumer service. Propelled by ubiquitous WiFi, constant connectivity, P2P, and increasing awareness of data privacy issues among the general public, the VPN is no longer an arcane piece of networking technology, but a tool many regard as essential to their online safety and enjoyment.
VPNs are easier to use, less expensive, and more in demand than ever before. The VPN market, illustrated below, is expected to be worth around $35 billion by 2022, more than doubling in size since 2016. Existing VPN giants such as PureVPN are expanding rapidly to meet demand, but the VPN market is not without its challenges.
A global VPN depends on a vast network of servers located in data centers around the world. Leasing and managing reliable servers in secure data centers with low-latency high-volume network connections in thousands of locations is a logistical challenge.
In this article, we’re going to look at what it takes to build a fast and secure VPN service, with a particular focus on server hosting, networks, and data center location.
Why VPN Provider Security Is So Important
The biggest challenges faced by VPN providers are security and privacy. VPN customers are sensitive to any indication that a VPN provider doesn’t take security seriously. Consequently, the best VPN providers are committed to providing rock-solid security and privacy – their business depends on it.
But they are also faced with the constant threat of cybercrime and data theft, DDoS attacks, infiltration by state actors, and the challenges of managing the security of thousands of servers in data centers across the world.
And it’s not only malicious users, criminals, and state actors that VPN providers have to guard against. The VPN industry is extremely competitive, and it’s not uncommon for malicious VPN businesses to deliberately DDoS or otherwise attack their competitors.
Data leaks and security breaches are hugely damaging. VPN users are security conscious. They use a VPN to protect their network traffic from the scrutiny of malicious third-parties. If the provider’s endpoints aren’t adequately secured and private data is exposed, customers will quickly move to a competitor.
Earlier this year, a major VPN provider got into hot water when their hosting provider let them down. The hosting provider noticed that a VPN server under their management had been compromised via a remote management tool. The host installed the tool without the knowledge of the VPN provider. Instead of informing the VPN provider, the host deleted the affected accounts and kept quiet about the breach for over a year.
The VPN provider did nothing wrong other than to rely on a server hosting provider that turned out to be unreliable. When you entrust sensitive customer data to a hosting provider, make sure you’re confident that they operate honestly, transparently, and in the best interests of their clients.
Key Components of a Secure VPN Server
The most important parts of a VPN service that users can trust are:
- VPN servers and clients that use the most secure VPN protocols. Today, the best balance between security and performance is provided by the OpenVPN and IKEv2/IPSec protocols. Older protocols such as the Point-to-Point Tunneling Protocol (PPTP) are faster but largely obsolete. They should only be used in applications such as gaming when the customer is aware of the security tradeoff.
- A server hosting provider with a proven track record of security expertise, transparency, and honesty. VPN providers put as much trust in their server host as VPN customers put in the provider. A comprehensive support agreement that includes security updates and security monitoring can also reduce the risk of security compromises – it’s challenging for VPN providers to remotely manage hundreds or thousands of servers spread across the globe.
- DNS servers owned and managed by the VPN service. Customers who use external DNS servers are at risk of DNS leaks, which may expose details of visited sites to third-parties even when using a VPN.
Additionally, because VPN servers are frequently the focus of Distributed Denial of Service attacks, VPN providers should consider hosting providers who also offer DDoS mitigation.
Building A Global Network
When choosing a hosting provider for your VPN servers, their network is the most important consideration.
VPN providers should look for a server hosting provider that can offer:
High-volume data transfer at affordable prices.
A diverse array of IP addresses.
Multiple locations with consistent service.
Let’s take a closer look at these factors in turn.
Low-cost, high-volume data transfer
Data transfer is one of the most significant costs associated with running a VPN service. They often exceed hardware costs. VPN providers are expected to handle large P2P and streaming media transfers flawlessly, and it can be challenging for them to find bandwidth providers with cost-efficient price structures.
Server hosting providers offer bandwidth packages tailored to specific markets. A host set up for websites and ecommerce stores is unlikely to offer the best value for money to a VPN provider. Many hosting providers don’t have the infrastructure to cope with consistent high-volume data transfers without degrading performance for their other customers.
VPN providers need a hosting provider with plans explicitly designed to suit high-volume data transfer, particularly those that offer unmetered connectivity priced with high-volume customers in mind.
Diverse IP addresses
VPN providers rely on the availability of a diverse range of IP addresses. Many online services – including video streaming services such as Netflix – block connections from the IPs of known VPN endpoints or even blocks of related IPs suspected of being used for VPNs. Additionally, premium VPN providers may want to offer their customers value-added services such as fixed IP VPNs.
But IP addresses are a limited resource. Many server hosting providers cannot offer the large array of IP addresses in diverse blocks that VPN providers require to offer consistent service to their customers.
ServerMania can acquire large and diverse blocks of IPs for our VPN provider clients.
Network latency can be introduced if data moves over congested, excessively long, or poorly optimized network routes. Ideally, VPN users benefit from low-latency connections to and from the server and from the server to the internet. The data center that hosts the server has a significant impact.
Higher-quality data centers offer connectivity to multiple large-scale and backbone Tier 1 bandwidth providers that can move a lot of data quickly without routing it through numerous smaller providers.
Finally, let’s talk about location. VPNs exist, in part, to allow users to obscure their location on the network. VPN providers serve customers in every country in the world, and they all expect low-latency, high-bandwidth connectivity.
One way to achieve geographical diversity is to use the services of multiple hosting providers – perhaps hundreds. Another is to use a smaller number of premium providers who offer everything the VPN provider requires, in multiple locations.
There are advantages and disadvantages to both approaches, but a single host with diverse locations offers many benefits: the VPN provider can build a trusted relationship, the host may be prepared to offer bespoke pricing and hardware options, the VPN provider can rely on consistent performance and support across all of their locations.
Dedicated Servers Provide Better VPN Performance
A fast and reliable network connection is essential, but for smooth streaming and uninterrupted data delivery, the performance of the server is just as important. A server with a fully utilized high-bandwidth network connection will consume a significant amount of processor and memory resources.
The throughput, encryption, and decryption of gigabytes of data from hundreds of connections each minute demands substantial processing power. If the server hits the limits of its processing power, the result is increased latency for customers and possibly even dropped connections.
A modern server-grade CPU with built-in encryption acceleration hardware should be able to handle this type of load without serious issues. However, VPN providers will see better results with dedicated servers than with cloud servers. Cloud servers are inherently unpredictable: the provider may throttle CPU resources, and there is often contention for those resources from multiple virtual machines.
With a dedicated server, all of the resources of its enterprise-grade hardware are put to work, ensuring the fastest possible data throughput and the lowest possible latencies – factors that are particularly important for low-latency P2P and double-encryption VPNs where latencies are already relatively high.
One area in which VPN servers are inexpensive is storage. VPN servers do not require a large amount of storage, but it can be challenging to find “off-the-shelf” server configurations with powerful CPUs, adequate memory, and small drives. However, the best server hosting providers will be happy to build a custom server that suits the needs of VPN companies.
The single greatest asset of a VPN service is its global network of servers. To fulfill the performance needs of customers, those networks need to be able to provide low-latency high-volume data transfer at a reasonable cost. The servers must be reliable over time and capable of encrypting, decrypting, and managing thousands of connections with minimal latency.
Server Mania partners with VPN providers to help them deploy the infrastructure they need to offer consistent, secure, and geographically diverse connectivity. If you would like to learn more, book a consultation with us today.