If you want to perform work, connect to the VPN. Done.
I explain that it’s likened to an Internet Tunnel. Like a tunnel in real life, vehicles can drive in and out of the entrance and exit only. The vehicles cannot crash through the walls and end up on the outside, and likewise, you can’t be located outside the tunnel and look through one of the walls. You have to be physically positioned on the entrance or the exit (ie your PC and your company’s server) to be able to see what’s travevlling through the tunnel.
think of a train tunnel…
I describe it as being like ‘a bit long cable running from your laptop back to the office’
It is a virtualized wire that plugs you into the box at work.
I Wonder what was the purpose of the question. Especially when anybody nowdays can vomit any combination of letters in caps and ask, do you know what it is? Our finances are using “DRM” for example. And no, its not the thing you have in mind.
Anyway, in short, VPN is a secure tunel connection between 2 points. In Enterprise that would be WFH or travel user and the company network.
What is a VPN?
The internet is a really big highway with thousands of lanes in it. A VPN is your own private lane on the highway directly connecting you to the office.
Why do I need a VPN?
By using your own private lane, other people on the highway can’t see you or bump into you. It helps keep you from having any accidents.
“To get your work done” or similar explanations just irritates them. It’s the equivalent of “Because I said so”. For the average user, this is yet another inconvenience that IT is inflicting on them that gets in the way of their job.
If they want to know more about it ,you can bump up the explanation and start getting into all the security. Most users just won’t care.
Short and sweet answer: It’s a secure connection between two trusted endpoints.
If an end user wants to understand how it works, I prefer describing the logical process rather than trying to use analogies, like so: Say you want to connect your laptop at home to your work network in the office. To do that, you need to connect to the Internet first, so that’s your ISP at home, or your Internet Service Provider, like Verizon or Cablevision or whathaveyou. Then you need to connect to your office, which goes from your router, to your ISP, to a bunch of other routers and Internet devices, to your office’s ISP since they have their own too, and to your office’s router.
Of course, your company doesn’t want your home ISP and a bunch of Internet devices, or even their own ISP, to see their business network traffic, so they secure it using encryption with a VPN. Your office has a VPN server inside it’s network, and your laptop has VPN software that connects to that server through all of those Internet devices and both ISPs. Once connected, your laptop encrypts your network traffic, sends all of it to the VPN server, the server decrypts it, and the server sends the network traffic where it needs to go. Now, the only thing the Internet devices and the ISPs see is that there’s a bunch of VPN traffic, but not what’s “inside” of it, because it’s all encrypted.
It makes a secure connection between your computer and our office network. You need to be connected to the VPN to make such-and-such work. If you’re not connected you might get so-and-so errors and you should do this and that and try again.
Such-and-such, so-and-so, this and that, would depend on the company. In response to a complaint that “Well I didn’t have to do that where I worked last”, I’d just say that different companies have different IT systems.
If the user is curious about details I might get into technical details or analogies as appropriate, but my first paragraph is what they need to know to (hopefully) see why they need to be connected.
I’d just describe it as a bridge between networks.
Imagine writing a message in 1’s and 0’s on cars of a train, if it passes by someone it can easily be understood. Now if this train was traveling through a VPN with encryption it would be in a tunnel and the 1/0’s would be hieroglyphs.
I usually say it creates an encrypted connection between your computer and the network you’re connecting to. I’ve found most people will understand this. If not I say that it’s like having a long network cable to what ever network you’re connecting to, but it requires you to prove to the network who you are by asking for your password.
First compare regular network connectivity to sending letters. You have a message that you stuff in an envelope. Put a destination address on it and your return address. Encrypted messages get one of those security envelopes with the pattern on the inside so you can’t see through it well. Unencrypted messages are just postcards.
When you’re on a private network (think like an office building). You have a mail room and inter-office envelopes. You can send a letter to Bob in Office 3B in the North wing of the 4th floor. The mailroom knows where that is. If you’re in that office building and want to send a letter to Google, you address it the standard way.
A VPN is when you’re communicating from home, but you stuff each of your envelopes into ANOTHER security envelope and address them all to the mail room in your office building. So if your envelope addressed to google with your return address on it is stuffed into another envelope with your return address and the mailroom as the destination. The mailroom opens your envelope and looks at who the real intended recipient is and forwards the message to them. If you wanted to send a letter to Bob from home, the Postal service wouldn’t know wtf to do with an envelope that said “Office 3B, North Wing, 4th floor”. But the mailroom does.
If you’re sending a letter to google from home over the VPN. You put the envelope addressed to google into another envelope and address it to the office mail room. The mailroom gets it, sees that the intended recipient is external, so they put a little sticker over your return address that has the office building’s return address on it. They get the response from Google, and then send that letter back to you.
The Postal Service only sees that all of your letters are going to the Office mailroom, and they can’t see what’s inside of them.
When you’re at home, your computer isn’t on our network. Using the VPN software puts your computer on the company network so you can work as if you were actually here.
I always like to explain it by finding something they use internally. Say they have a P drive that maps to a Public folder available on the network. I pretty much say that when you’re at the office inside of the building, you can access your P drive, correct? Well this mapped drive is only available within the network, so when you’re outside of the building you have to use a VPN. Think of the VPN as a direct tunnel from wherever you are directly to the office network.
Two cup phones and a piece of string
A magical gateway that makes excuses not to work null and void. But a crappy wifi connection at home can go a long way to visit it helpdesk every day…
“Its a secure network, use it”. If they can’t understand that or follow the instruction then it’s time for them to find a new job. If this answer means you don’t get the job you dodged a bullet.
A secure tunnel between your computer and the office that runs over the internet. No one has ever asked for anything more.
Logical/virtual network circuit between two distinct networks facilitated over public internet by cryptographic protocols. Equivalent to a private toll road if it were an extra partitioned-off lane going alongside all the public highways between point A and point B. People can see that it’s there, but can’t really see what’s going on over the concrete dividers.
Edit: Fair warning, I have no idea what I’m talking about, I’m just a frog.