Businesses have long used corporate VPN (Virtual Private Network) systems to allow remote workers to securely access company intranet IT resources such as databases and SaaS software. Traditional corporate VPNs, though, require physical VPN servers which are expensive to deploy and run, and which require a high level of technical expertise to maintain.
They also struggle to remain secure when confronted with challenging innovations such as the trend for Bring Your Own Device (BYOD), and are inflexible when it comes to unifying access to resources hosted on multiple platforms – such as traditional physical servers, private cloud storage, mobile devices, and the Internet of Things (IoT).
It uses a Software Defined Perimeter (SDP) security model to ensure authorized personnel can securely access (only) the resources they require. The Software Defined Perimeter model was originally developed by the Defense Information Systems Agency (DISA), and is designed to provide granular access permissions on a need-to-know basis.
- Jurisdiction Israel
Alternative VPN Choices for You
Perimeter 81’s Business plan costs $8 USD per team member plus $40 per month per dedicated gateway. Rather confusingly, “24/7 instant support” is described as being available, but with a 1-day email support window.
An Enterprise plan is also available with bulk discounts, an advanced activity API, and “24/7 VIP support” (instant assistance, with 1-hour email support). Contact Perimeter 81 for a bespoke quote.
See the Customer Service section later for our experience regarding customer support times.
Supported Payment Platforms
Perimeter 81 also accepts PayPal.
Perimeter 81 provides all the advantages of a traditional corporate VPN, including secure remote access to corporate intranet resources, and protection when accessing resources over insecure public WiFi networks. Without the need for expensive physical servers and the highly qualified staff needed to run them.
- Provides much more flexible access to a wide range of less traditional network resources – such as cloud networks and IoT resources.
- Can be dynamically scaled with on-the-fly creation of private VPN server gateways, each with its own static IP address.
- Allows administrators to assign granular access permissions on a need-to-know basis. Multiple user groups with team permissions can be managed from an easy-to-use unified management portal.
- Allows administrators to monitor network activity such a bandwidth usage, keep an eye on which resources are accessed, and to detect problems and anomalies with the network.
- Provides easy to use apps for most major platforms: Windows, macOS, iOS, and Android. These apps include a kill switch.
- Offers automatic WiFi protection when using unknown or insecure WiFi networks.
- Allows use of two-factor authentication for additional security.
- Integrates with identity providers for improved user authentication. Supported providers include Google Suite, Okta, OneLogin, and Microsoft Azure Active Directory. Perimeter 81 can also own company’s On-Premises Active Directory through your network’s Active Directory/LDAP Connector.
Update 06/19: The Perimeter 81 team has asked us to mention that it has released important new features since this review was published. These include:
- Zero Trust Application Access , which enables access to web applications, SSH, RDP, VNC or Telnet, through resilient IPSec tunnels - without an agent.
- Zero Trust Network Access using a Software Defined Perimeter (SDP) to privilege and verify all network access.
Furthermore, there is now no limit on the number of private servers that can be created. We will fully review these new features and update this article accordingly when time permits.
Speed and Performance
These tests were performed from the UK using UK and US test servers. Average ping results are shown in brackets. Most tests used the OpenVPN protocol, but we also tested to a UK server with the VPN protocol set to “Automatic.”
For this review, we only tested private Perimeter 81 servers. Please see our SaferVPN Review for test results to public servers.
These results are not great but are in line with what we would expect from software VPN servers hosted on Digital Ocean VPS “droplets” (see below).
|WebRTC leak detected?|
Unfortunately, we consistently detected IPv6 leaks when using Perimeter 81. In Windows and macOS we detected both regular IPv6 leaks and WebRTC IPv6 leaks on all tested servers – both public and private.
We therefore strongly recommend disabling IPv6 on your device before using this service.
We are unable to test for IPv6 leaks on mobile platforms at this time. For more information on IPv6 and WebRTC leaks please see A Complete Guide to IP Leak Protection.
DNS queries are resolved by third-party services such as Google DNS, but we assume these are properly proxied to preserve users privacy.
Ease of use
The Cloud Management Portal
At the heart of Perimeter 81 is the web portal that allows you to manage team members, servers, and permissions. It also allows you to monitor your team’s engagement with the VPN platform.
The Team tab gives you an overview of all team members. From here you can invite new members and see when team members last logged on. You can also assign them “roles” within your organization, each of which grant team members a different set of permissions.
Administrators can create groups, specifying which team members can access which private servers. Since each private server can be configured to access a variety of resources, this provides administrators with a high level of specificity when choosing which team members can access which resources.
Arguably, the coolest feature of the service is the ability to create on-the-fly private VPN servers. These are software VPN servers run on virtual machines (VPS instances). The VPS hosting provider used depends somewhat on where the private server is located, but we found that many were hosted by Digital Ocean.
Creating new servers is incredibly easy.
Multiple servers can be created in the same location, or in various locations around the world. It is currently possible to create private servers in various US locations, Toronto, Amsterdam, London, Frankfurt, Singapore, Bangalore, Paris, Sydney, and Tokyo.
If you need another server, it only takes a minute to purchase a new license. As already noted, you can remove one server and create another on the same license. Once a server has been created it takes around ten minutes to become active.
Private server licenses cost $50 each per month (update 06/10: there is now no limit on the number of private servers that can be created).
Private servers can act as secure gateways to corporate resources. Instructions are provided for connecting to LAN resources through a firewall, in addition to various private cloud resources such as Amazon Cloud Services (AWS), Google Cloud Platform (GCP), and Heroku Private Spaces.
AWS and CGP, for example, can be accessed by whitelisting incoming connections from the private server or setting up IPSec Site-to-Site VPN from those cloud services to Perimeter 81.
Perimeter 81 tells us that it is working on introducing Wizards to make the setup process for various services easier.
Mobile device integration for secure BYO setup is handled by integration with several popular third-party MDM (Mobile Device Management) services. These currently include VMWare AirWatch, MobileIron, Microsoft Intune, JAMF, and Meraki.
In addition to private servers, team members can connect to a large number of public servers. This feature basically gives all Perimeter 81 users full access to the regular SaferVPN network. For more details, please see our SaferVPN Review.
The Activity tab provides administrators with a detailed and customizable overview of their team’s engagement with the platform. However, no activity results displayed for us, but this may be due to the fact that we performed this review using a trial account.
Overall, we are impressed by the Perimeter 81 cloud management platform. It provides a flexible and intuitive way to create VPN servers on the fly and then use them to control access to a wide range of company resources. Full access to the regular SaferVPN network is also a nice bonus.
The Team VPN Clients
When team members receive an invite, they can then activate their account online.
Once this is done, they can download the various clients. Links are available via the web console should they be needed at a later date.
The Perimeter 81 Windows Client
Unsurprisingly, the Perimeter 81 client is almost identical to SaferVPN’s regular Windows client. The only real difference is that it allows team members to connect to Perimeter 81 private servers in addition to SaferVPN’s public servers.
The client includes a kill switch and automatic WiFi protection. This last feature can also be enabled by default for all team members via the web console. The Windows client supports a wide range of VPN protocols.
In tests, the kill switch worked well even after we simulated a full software crash (of both the Perimeter 81 client and the Perimeter 81 service). It therefore uses a system-level firewall.
Perimeter 81 apps are available for Windows, macOS, Android, and iOS. The Mac client is almost identical to the Windows client. The only real difference is that it does not support the PPTP or IKEv2 VPN protocols. This is no great loss, however, as PPTP is highly insecure anyway.
Unlike with the Windows client, though, the kill switch failed after a simulated software crash.
The Android app shares a similar look and feel to the desktop apps.
It features auto WiFi protection, a kill switch, and support for either the IKEv2 or OpenVPN protocols.
|Free trial||Yes. Demo on request.|
There is extensive documentation on the website, including examples of how Perimeter 81 can benefit various kinds of business.
Support can be contacted via a Live Chat client, but the response is email only. Which is confusing given that although described as “instant 24/7 support”, an email response is only promised within one day for regular Small Business customers.
In practice, with our trial account, we received email replies from anywhere within an hour to a whole day. We are pleased to say the quality of the responses was high.
Privacy and Security
SaferVPN (and therefore Perimeter 81) is based in Israel, which has strong data protection laws that strictly and specifically limit the government’s ability to spy on pers
On balance, though, we think Israel’s strong data protection laws make it a fairly privacy-friendly location.
A lot of data relating to the use of Perimeter 81 features is logged:
“1. - Admin actions – We record all admin actions including: inviting new team member, deleting a team member, changing team permissions, creating new cloud based access gateways and any other action that can be taken on our management portal.
2. – Team member actions – We record connection and login timestamp, login success / error, location of the device that was connected, the hostname of the connected devices of the team members, the server the business user have been connected to and the time stamps of the connections.”
Origin IP address are logged on private access gateways, but not on public servers. Indeed, the logging policy for public servers is almost certainly identical to that for regular SaferVPN customers.
Protocols and Encryption
Perimeter 81 uses the following OpenVPN encryption:
Data channel: AES-256 cipher with SHA256 hash authentication.
Control channel: AES-256 cipher with RSA-2048 TLS handshake encryption and SHA-256 authentication. Perfect forward secrecy (PFS) is enabled courtesy of DH-4096 Diffie-Hellman key exchange
These settings are highly secure and meet or exceed our minimum recommendations.
Broadly speaking, we think that Perimeter 81 is an exciting product which is well executed. Small to medium businesses (SMBs), in particular, will appreciate the ability to deploy a corporate VPN network without the high costs in terms of both hardware and skilled staff traditionally associated with such a setup.
The management console allows easy and granular control over the actions and permissions of a team, and the client software works well and is easy for team members to use.
The ability to create on-the-fly VPN servers, each with their own permissions, and then assign team members to them in a flexible way, is a revelation. This flexibility, though, does come at a price. As is to be expected, these software VPS instances hosted on shared physical servers do not offer great speed performance.
The IPv6 leaks we saw on all servers (including the public servers used by the SaferVPN network) are a concern, although IPv6 connectivity can be manually disabled on devices to ensure this is not a problem.