VPN
What is VPN?
With other words, VPN allows the use of the Internet to form a Wide Area Network (WAN) solution for companies that do not wish to utilize more expensive means to communicate across physically separate facilities. They are also used to provide access from remote locations to a company’s Local Area Network (LAN) for certain users that have been provided access by the company. A graphical example of a VPN is presented below.
Why use VPN?
Summarizing, VPNs answer the need of organizations to extend their WAN connectivity to virtually provide any-time, any-where, and any-to-any data communications. The benefits obtained by implementing a VPN solution are:
The enterprise network pays only for the local calls and the ISP access fee. This allows the organization to take advantage of relatively low-cost Internet Protocol (IP) access services instead of distance-sensitive bandwidth charges. Since most ISPs offer flat-rate plans, phone access charges are dramatically reduced and they can be budgeted more reliably.
Most Help Desk calls from remote access users relate to connecting to the server. With a VPN, the enterprise Help Desk no longer needs to handle this type of inquiry. All of these calls can be offloaded to the ISP Help Desk - a service that is included in the ISP's flat monthly rate.
The VPN's simplified architecture gives MIS managers a highly consistent, modular connectivity scheme for all remote users, regardless of location or network need. And this simplicity means greatly reduced management workloads for network services staff.
When to use VPN?
What are the elements of a Virtual Private Network?
In essence, there are two Basic VPN architectural choices:
The difference between the two is where the VPN tunnel starts.
Service Provider Independent VPN
In a service provider independent solution, a VPN enabled client (such as a desk top or laptop) initiates the tunnel through the public network to the central site. To access the corporate network, the client first establishes a PPP (Point-to-Point Protocol) session to a local Internet Service Provider (ISP) for Internet access. The client then connects across the Internet to the central site and establishes a tunnel to carry the data traffic. To the ISP, the tunnel is simply data, and there is no requirement for special processing.
Advantages:
The advantage to the corporation is that it can use any Point of Presence (POP) anywhere in the world, as long as it provides Internet access. In addition, since the tunnel is initiated at the location of the client, the client can travel with the same ease as carrying a laptop. This option is excellent for a mobile sales force that needs private access to the home company LAN for things such as pricing and availability for specific customers.
Disadvantages:
The disadvantage of this solution is that the client must be VPN-enabled. This could be prohibitively expensive to deploy for a large number of remote users. Enabling of the client requires specialized software that may need to be purchased. In addition to software requirements, in order to utilize this solution, the VPN user needs to be savvy in their use of computers and the chosen software/middleware. Nothing could be more embarrassing than needing to access vital company information for a customer and not being able to retrieve this information due to a lack of computer/software knowledge.
Service Provider Dependent VPN
With a service provider dependent VPN model, the corporation enters into an agreement with a service provider such as an ISP. The corporate user dials into a local POP with a PPP client, and the tunnel session is initiated at the POP. The crucial difference is that the client can be any PPP client.
This arrangement can be combined with quality of service agreements to guarantee a level of VPN performance, although few service providers offer true guarantees today. Another advantage is that no additional skills are required by the user to execute a tunnel to the company LAN.
Disadvantages:
Deployment is limited by the existence of VPN-enabled POPs. Until standards such as L2TP become widely adopted, a corporation will find it difficult to set up large-scale (especially international) VPN deployments through a service provider. Where data security is critical, there is also the disadvantage that VPN encryption does not occur until the POP, thus leaving the enterprise’s communication unprotected between the remote PC and the POP.
What is Tunneling?
Tunneling consists of encapsulating packets for secure travel over the shared medium, allowing different protocols to travel through a public IP network.
There are several tunneling standards like L2F, PPTP, L2TP, and IPSec. Each of them are associated with different OSI layers and an underlying transport protocol. Tunneling protocols allow you to wrap SNA, IPX, or any other competing proprietary protocol in an IP envelope for safe delivery over the Public (Internet) Network. By combining the robust transport of Extranets with the portability of Intranet technology, companies can realize reduced network operating costs never before imagined.
Comparing VPNs and Alternatives
The alternatives for a VPN solution consist of a frame relay, ATM or a leased line. In many instances, these options fall short for an offering to the corporation. The transport of data across a frame relay or ATM line will be required traverse public networks without any security. This is usually not an option. However, to minimize the danger of data being observed by the public, a company would have to lease a line from a data carrier. In many cases, the cost of a leased line is prohibitive. By utilizing VPNs, companies can have access to the public network benefits of frame relay and ATM and can also have some degree of security similar to that of a private line. As would be expected, this option which falls in between the two extremes in functionality, also falls between them in price.
Integrating VPNs Into Your Private Network
This ubiquitous, public network lets companies better communicate with customers, partners, and employees. It lowers the cost of doing business, provides new opportunities, and creates a competitive edge.
Extensions of basic Internet technology-Intranets and Extranets-further improve the cost, quality, and manageability of internal and external communications.
One of the first powerful applications to leverage these extensions is Extranet Access - the use of the Internet for private communication among corporate employees and partners. In addition to matching or exceeding the quality of current dial-up remote access technologies, it dramatically lowers communication and management costs, frees Information Technology (IT) resources for other tasks, and provides end users with improved services. Plus, corporations can easily bring partners and customers into the network to provide seamless interaction.
The Internet Is Changing Business
The Demand for Access Is Booming
Fixing the Problem of Traditional Networking
Virtual Private Networks and Security
It's difficult to get very precise information on the losses associated with enterprise networks. Often companies don't know that their networks have been compromised, and many companies that do know don't want to publicize it. Nevertheless, the best research we've come across provides us with some startling statistics from a survey of 250 large corporations.
Sources: War Room Research, 11/96; Information Week Survey, 10/96
Nearly half of the companies experienced break-ins over the last year, and 24% of these breaks were carried out over the Internet. Two-thirds of the companies said they lost more than $50,000 per year; almost one out of five reported losses of $1 million or more. Regarding laptops, more than 200,000 were reported stolen in 1995, and since then, theft has continued to climb.
This research measures hard dollar losses only. A potentially more serious concern is the loss of intellectual capital that exists in the form of information bits. For example, one pharmaceutical company with whom we work closely believes that more than half of their corporate valuation -- which numbers in the billions -- is in the form of electronic bits of information stored in their databases.
Want to learn even more about VPN?