What are the differences between OpenVPN and IPsec Tunnel?
SAP IoT Connect 365 provides two VPN options to protect the communication between your devices and your application server.
Option 1 - OpenVPN
OpenVPN is an open-source software that utilises the SSL/TLS security protocol. It has strong features and is known for its ease of implementation. It allows customers to authenticate each other using a pre-shared key.
OpenVPN works in a client-server mode, meaning OpenVPN users connect to the OpenVPN server and from there have full access to the internet. SAP IoT Connect 365 recommend using OpenVPN for most use cases, ranging from start-ups through to medium-sized businesses who require a high level of security, but are comfortable with the flexibility of open source software. Users of OpenVPN can have either dynamic or static IP addresses, and the software is increasingly becoming available on most operating systems.
Option 2 - IPSec Tunnel
Internet Protocol Security (IPSec) sets up a tunnel from a remote device to a central business server. It is designed specifically for internet traffic and ensures private, secure communication over the public internet by cryptographic security services.
IPSec is recommended for large, global enterprises, especially when multiple peers and security layers are used. IPSec requires a static IP address, and technical resources to be implemented. The other strong use case for IPsec Tunnel exists when dealing with data of a very sensitive nature such as the transfer of personal identification information.
Due to the significantly more technical set-up requirements for this option, SAP IoT Connect 365 will charge to implement and maintain IPSec Tunnel implementations. Consult your SAP Sales Advisor for details.
Differences between OpenVPN and IPsec Tunnel
OpenVPN • Very good level of security (medium - high) • Recommended for start-up and medium size businesses • Open source Software • Easy to set up • Available for most operational systems • Dynamic/static public IP addresses • No implementation costs.
• Highest security level VPN • Recommended for large enterprises • Use for sending highly sensitive data • Requires an implementation team (one person per end) • Requires IPsec capable router or software solution • Use a static public IP address • Implementation costs will be incurred – consult your SAP Sales Adviser for details.
VPN Use Cases
Using either of the VPN options with the SAP IoT Connect 365 solution, allows you to:
Perform connectivity tests (ping)
Access a specific device and remotely change configuration parameters (SSH/telnet)
Secure data transmission
Download firmware update file.
Shahzad Ismail Community Manager – SAP Digital Interconnect