Trusted connections: VPN strategies with STACKIT

The digital world is more connected than ever before – but it is precisely this openness that makes companies vulnerable to attack. Those who protect their communication on the Internet, secure data and regulate access controls properly will secure their digital sovereignty in the long term. Virtual private networks, or VPNs for short, play a central role in this. They create encrypted connections between devices, locations or data centers – and guarantee a protected tunnel for data traffic.
STACKIT, the Schwarz Group’s European cloud platform, also offers a sovereign, data protection-compliant approach to VPN infrastructure. Whether as a supplement to the private networking solution in the cloud or for secure coupling of hybrid networks: STACKIT allows connections to be designed flexibly, securely and efficiently – GDPR-compliant, ISO-certified and operated in data centers in Germany and Austria.
Glossary: Important terms relating to VPN and STACKIT
- Address / IP address: Unique identifier of a device in the network. VPNs conceal these addresses and thus increase privacy when surfing.
- Devices / clients: End devices such as Windows PCs, Linux servers, Android smartphones or Apple tablets that can be connected via a VPN. Routers, firewalls or IoT devices can also be integrated.
- Logs: Log data that records information about VPN connections – such as location, duration, data volume or web services accessed. They support analysis, security and compliance with guidelines – even for access from different countries.
- Private networking: STACKIT offers its customers the option of operating virtual machines (VMs) without public Internet access. These VMs are only accessible via VPN or dedicated access – ideal for sensitive services.
- Protocol: VPNs use special transmission methods such as OpenVPN or IPsec. These regulate how data is securely encrypted and transmitted.
- STACKIT Private Link / Cloud Network: Services from STACKIT for setting up closed networks, for example for a VPN link between on-premises infrastructure and cloud environments.
- Tunnel: The hidden, secure line that shields data traffic from the outside within a VPN. It ensures data protection and anonymity on the internet.
- VPN (Virtual Private Network): A VPN is an encrypted network that creates a secure tunnel between devices or locations via a public Internet infrastructure. It protects sensitive information from unauthorized access.
- VPN app: Software for mobile devices or desktops that can be used to easily activate and manage VPN connections. Many solutions support Android, iOS, Windows, Linux or Chrome-based browsers.
- Encryption: A method of encoding data so that only authorized users can access it. VPNs use strong protocols for encryption.
Why VPN – and why with STACKIT?
Modern IT infrastructures are rarely limited to one location. Companies work in a network – across locations, clouds, services and devices. VPNs enable secure, encrypted communication over the Internet – and reliably protect sensitive data from unauthorized access.
STACKIT offers you a reliable platform for your VPN requirements – operated on European servers, with a focus on security, data protection and integration into existing networks. This makes setting up encrypted, internal connections as simple as it is controllable – whether between data centers, remote users or for secure access to an internal service, external websites or a specific site.
You benefit from:
- High security through encrypted connections
- Simple integration into existing networks via private networking
- Full control over access, protocols and communication
- GDPR-compliant operation in data centers in Germany and Austria
- Scalable VPN connections for all common devices and operating systems (Windows, Linux, Apple, Android)
VPN in detail: How a secure tunnel works
A VPN (Virtual Private Network) is a technology for secure data transmission via public or insecure networks – especially the internet. All data traffic between an end device (e.g. laptop, smartphone or server) and the target system is routed through a so-called tunnel. Technically speaking, this tunnel is an encrypted connection that prevents third parties – for example in open WLANs, public hotspots or within third-party networks – from viewing, reading or manipulating the transmitted content.
A VPN fulfills several functions at the same time: it protects the confidentiality of the data, ensures the integrity of the connection and guarantees a certain degree of anonymity by replacing the user’s real IP address with that of the VPN server. This means that neither the location nor the content of the connection is visible to outsiders. This allows you to retain control even when using a public site, sensitive websites or an external service.
In professional environments, a VPN also enables protected access to internal systems, such as company networks, cloud environments or virtual machines. By using protocols such as IPsec or OpenVPN, a high standard of security is achieved – regardless of the end device or operating system used.
The function of a VPN in three steps
1. Establishing a connection
Your device establishes a connection to a VPN server via an app or software. This connection is encrypted from the start.
2. Tunneling and masking
The VPN service replaces your real IP address with that of the VPN server. For a website or other services, it appears as if all requests are coming from this location. This protects your privacy.
3. Data transmission
All data that you send or receive is routed through this tunnel – shielded from the outside, encrypted according to modern standards, for example via the OpenVPN or IPsec protocol.
An example: A sales team works remotely from different locations. Access to the central CRM system on the company’s intranet is secured via a VPN. All connections are encrypted, regardless of the device used or the local WLAN connection.
STACKIT VPN: Integration into sovereign networks
STACKIT focuses on the combination of flexibility and security. VPN operation does not take place as an isolated service, but is part of a closed, private network within the STACKIT Cloud.
In concrete terms, this means:
- No direct Internet access required – connection is made via STACKIT Private Networking
- Integration into dedicated virtual private clouds (VPCs) with firewall rules
- Use of VPN gateways to connect external networks to the STACKIT infrastructure
- Support for IP whitelisting, role-based access control and detailed logging
- Optional use of own VPN solutions (e.g. OpenVPN or IPsec) on STACKIT VMs
This architecture not only protects the data, but also the communication and the systems themselves – regardless of whether they are used by internal employees, external partners or machines.
VPN: Best practices
A VPN can make your network communication considerably more secure – provided it is set up carefully. Below you will find practical recommendations for successful VPN operation with STACKIT:
Secure VPN access: Use strong authentication mechanisms – such as certificates or two-factor authentication. This provides additional protection for your connection.
Update the VPN server regularly: Whether OpenVPN or IPsec – always keep your software up to date to avoid known security vulnerabilities.
Use network segmentation: Limit access rights for individual devices, users or services. This prevents individual attack vectors from jeopardizing the entire network.
Enable monitoring & logging: Keep an eye on important metrics such as connection duration, data traffic or suspicious activities – via STACKIT Monitoring, for example.
Design mobile use consciously: Make sure that Android and Apple apps also use the VPN tunnel correctly. Many VPN clients offer an always-on mode – for continuous protection, even when switching networks.
Typical usage scenarios for VPN
Site networking
In many companies, users work across different locations – in different countries in Europe, for example. A VPN makes it possible to connect individual locations with each other in a controlled manner and to manage access rights centrally. At the same time, it is possible to ensure that sensitive data is only transmitted via internal channels – even during mobile surfing.
Secure home office
Employees access central applications via VPN app – regardless of browser or device. The connection remains protected, even in private WLAN environments.
Hybrid cloud integration
Existing on-premises systems are connected to STACKIT resources via VPN – for exchanging data, synchronizing services or securing external APIs, for example.
Access for third-party systems
Machines, sensors or IoT devices receive controlled access to the central infrastructure via VPN – protected by protocol filters and dedicated VPN gateways.
Secure access to streaming services and web platforms
For teams evaluating content on platforms such as Google or testing streaming services, secure connection via VPN access is essential. Dedicated VPN connections can be used to control access to any website – regardless of whether it is a streaming portal, Google service or your own website. In this way, you can also secure your best user experience across different sites and protect the services you use in the long term.
Protection that you control: VPN with STACKIT
A VPN is much more than just a digital cloak. It is a crucial building block for security, data protection and digital control. With its sovereign cloud services, STACKIT creates the basis for stable, encrypted connections – operated in the EU, secured to the highest standards, flexible to use on Android, iOS, Windows, Linux and beyond.
Whether you want to work across different locations, transport sensitive information or protect your systems against data leaks – with VPN and STACKIT, you can create a trustworthy environment for your digital business processes.
FAQ – VPN with STACKIT
What is a VPN and how does it work?
A VPN is a virtual tunnel on the Internet that encrypts your data and protects it from unauthorized access. It masks your IP address, protects your privacy and enables secure access to remote networks.
How can I set up a VPN with STACKIT?
You can operate your own VPN servers (e.g. based on OpenVPN) on STACKIT VMs or connect existing services. STACKIT also supports private networking for dedicated network segments without public Internet access.
Can VPN with STACKIT also be used on the move?
VPN apps can be used to conveniently set up connections on Android, iOS, Windows or Linux. Routers and browser add-ons such as Chrome VPN clients are also supported.
What advantages does VPN offer over a proxy?
A VPN encrypts all data traffic, whereas a proxy usually only routes web traffic via a server. VPNs therefore offer more comprehensive protection and better anonymity for your activities.
Can I log or monitor VPN connections?
With STACKIT, you can create and analyze logs of connection times, data volumes or user activities – for example via Prometheus, Grafana or other monitoring tools.
