Comparison
MyWorkspace vs Traditional VPN: Why Teams Are Switching
VPNs were designed to extend private networks across the internet. MyWorkspace takes a different approach: instead of tunneling devices into your network, it streams individual desktop sessions through the browser. The result is narrower access, simpler administration, and faster connections.
Feature comparison
Side-by-side overview
| Feature | MyWorkspace | Traditional VPN |
|---|---|---|
| Client software required | ||
| Browser-native access | ||
| Full network exposure to user device | ||
| Per-session access scoping | ||
| Built-in 2FA | Varies by vendor | |
| Average connection time | 2–5 seconds | 10–30 seconds |
| Mobile device support | Any modern browser | Dedicated app |
| IT deployment effort | Admin portal only | Client rollout + config |
| Lateral movement risk | Machine-scoped | Subnet-scoped |
| Bandwidth overhead | Pixel stream only | Full tunnel |
Architecture
Different models, different trade-offs
VPN: network-level tunneling
A VPN creates an encrypted tunnel between the user's device and your network perimeter. Once connected, the device behaves as if it were on-site — it can reach any resource within the allowed subnet. This model is flexible and well-understood, but it places the user's device inside your network boundary, which increases the blast radius if that device is compromised.
MyWorkspace: session-level access
MyWorkspace connects users to a specific machine's desktop session rendered in the browser. The user's device never joins your network — it receives pixel data over HTTPS. Access is scoped to individual machines assigned by administrators, and each session is independently authenticated. There is no client to install, no tunnel to configure, and no network-level exposure.
When a VPN still makes sense
VPNs remain appropriate when teams need broad network access — for example, accessing multiple internal services across subnets, running network diagnostic tools, or connecting to legacy systems that require direct IP connectivity. VPN technology is mature, well-supported by enterprise firewalls, and familiar to most IT departments.
Security model
Reduced attack surface by design
With a VPN, a compromised endpoint can potentially scan and reach any host within the tunneled subnet. MyWorkspace eliminates this vector: the user's browser can only interact with the rendered desktop session, not the underlying network.
- ✓No open inbound ports on office PCs — connections are outbound to relay infrastructure
- ✓Mandatory 2FA on every session, not just initial connection
- ✓Session isolation — one user's access cannot traverse to another machine
- ✓No data leaves the office PC — users see pixels, not transferred files by default
Administration
Simpler onboarding, less ongoing maintenance
VPN deployment typically involves distributing client software, managing certificates or pre-shared keys, configuring split tunneling policies, and maintaining concentrator appliances. MyWorkspace replaces this with a web-based admin portal.
User onboarding
Assign a machine, send a link. The user logs in with their browser and 2FA — no software to install, no profile to configure.
Access changes
Reassign or revoke machine access from the admin dashboard. Changes take effect immediately — no client-side config push required.
No appliance management
MyWorkspace's relay infrastructure is maintained by Intryl. You do not manage VPN concentrators, certificates, or firmware updates.
FAQ
Common questions about switching from VPN
For accessing office PCs and cloud workspaces, yes. MyWorkspace provides browser-based access to specific machines without tunneling into the full network. If your team needs broad subnet-level access to network appliances, file servers, or legacy protocols beyond RDP/SSH, a VPN may still be needed for those specific use cases.
MyWorkspace connects users to their assigned desktop sessions where local network resources like printers and mapped drives remain accessible through the remote machine itself. Users interact with printers and file shares through their office PC, not through a direct network tunnel from their personal device.
No. MyWorkspace runs entirely in the browser using standard HTTPS. There is no agent, plugin, or client application to install on the user's device. IT teams avoid deployment, patching, and compatibility issues associated with VPN clients.
Split tunneling is not applicable. MyWorkspace does not create a network tunnel at all — it provides access to specific machines via browser-rendered sessions. Internet traffic from the user's device never routes through your infrastructure, eliminating the split tunneling debate entirely.
Yes. Sessions are encrypted end-to-end over TLS 1.3. Authentication requires 2FA, and access is scoped to individual machines rather than network segments. The connection is established through MyWorkspace's private relay infrastructure — the office PC is never directly exposed to the internet.
See how browser-based access compares
Schedule a walkthrough with our team. We'll show you how MyWorkspace connects users to their office PCs without VPN infrastructure, and discuss whether it fits your specific environment.