Virtual private networks: The big payoff

VPNs can lower business costs, enhance productivity and offer an inexpensive, reliable, and secure alternative to traditional business access methods.

ø™PNs enable real-time access to corporate networks - a mission-critical requirement in today÷Õ organizations?

Corporate network and IS managers are constantly besieged by an ever-increasing number of mission-critical applications which demand their time and attention.

E-mail, e-commerce, sales support, customer service, IP telephony, and data warehousing are all high priority applications on corporate agendas. Demands come 24 hours per day, seven days per week from traveling salespeople, tele-commuters, customers, partners, and branch offices.

And all of them share a common need - instant and inexpensive business access from any location at any time, which includes :

  • dial-up remote access which connects traveling employees and telecommuters through the telephone network,
  • intranets which connect branch offices through leased line and frame relay services; and
  • extranets which connect business partners and customers to corporate information and commerce services.

All these require a flexible, secure, and reliable data communications infrastructure.

Good business access often encompasses the complications of data networking (and its accompanying high administrative costs), as well as the expensive transport-intensive costs of a telephone network. The services range from dial-up connections over telephone lines to ISDN, frame relay, DSL, and E1 leased line services, which can be very costly especially in organizations with many remote users and offices.

Virtual Private Networks: The Big Payoff
VPNs - the answer to all networking woes

An emerging technology that both slashes business access costs and greatly enhances productivity is virtual private networks (VPNs). VPNs offer an inexpensive, reliable, and secure alternative to traditional business access methods.

VPNs create secure paths or tunnels through the Internet (or through private networks) to transmit data between individuals, branch offices, and the corporate network.

VPNs can use the Internet to replace traditional private networking resources or public telephone networks. They support two basic applications: individual remote access and office-to-office communication.

With VPN remote access, it is no longer necessary, for example, to make a long-distance telephone call from Boston to San Francisco in order to connect back to the corporate resources on a dial-up modem bank. Instead, the employee dials into a local modem provided by an Internet service provider (ISP) in Boston and connects through the Internet to the LAN resources in San Francisco. Making a local telephone connection and a long-distance Internet connection avoids the expensive long-distance toll charge.

A company may want to connect several offices in different locations for office-to-office applications. Typically, such connections are made with a leased line (costing thousands of dollars each month) or a frame relay network.

To manage these costs, it is important to provide the right bandwidth for each inter-office connection. Offices may be connected at 28.8-kbps, 64-kbps, and 128-kbps.

A VPN connects each office directly to the Internet via local Internet points of presence (POPs). Because it is a short, inexpensive hop from the office to the Internet, this connection can have more bandwidth than the long-distance office-to-office connection.

A 64-kbps office-to-office circuit can also be replaced with a 128-kbps connection to the Internet. A VPN gateway in each office then uses the Internet connection to establish secure tunnels between individual offices. As a result, any office can communicate with any other office, eliminating long-distance, leased line, and frame relay charges.

Virtual Private Networks: The Big Payoff
Security concerns

People have been resistant to using the Internet for corporate network access because of security concerns.

VPN technology addresses this problem on three fronts: privacy, integrity, and authenticity:

  • privacy ensures that no one can view or obtain data as it is transmitted.
  • integrity ensures that no one can modify or tamper with the data; data arrives intact.
  • authenticity guarantees that the communicating parties are who they represent themselves to be.

Encryption

Privacy and integrity are ensured through the use of encryption technology such as DES, Triple-DES, and 3DES. These powerful and popular encryption techniques are used by many VPN vendors and, when combined with a sound security policy, provide levels of security as good or better than traditional private networking. Authentication is provided by using digital certificates, which ensure that unauthorized users cannot misrepresent themselves and gain access to the network.

Performance

VPNs offer uniform performance because VPN links are always based on a local telephone call.

For example, in the case of an individual remote access application, a call from Seoul, South Korea, to Miami would go through numerous analog-to-digital and digital-to-analog conversions as it traveled from one telephone company to another.

Significantly higher performance translates into improved personal productivity, as for example, the amount of time required to transmit a PowerPoint presentation could be slashed from one hour to 10 minutes. And productivity can also be improved in office-to-office remote access applications.

Virtual Private Networks: The Big Payoff
Premises-based VPN solutions

Premises-based VPN systems should inter-operate seamlessly with existing firewalls, routers, and services. They should also inter-operate easily with all authentication technologies.

Network managers should closely evaluate potential premises-based VPN solutions.

Some vendors install VPN capabilities within existing firewalls or Internet routers. While this method is inexpensive, it also has certain drawbacks. This approach could create a single point of failure, as opposed to dedicated VPN implementations that are not directly integrated with firewalls and routers. Firewall and router-based systems may further lack the performance to support MIPS-intensive encryption requirements.

There is also a variety of software-only VPN solutions. One example involves using a Microsoft Windows NT server in conjunction with point-to-point tunneling protocol (PPTP). This alternative is also inexpensive, because it comes with the NT server. However, PPTP is an insecure protocol that lacks performance, especially in interactive applications.

Multi-service technology is also an important factor to consider. VPN transmission services vary by service provider. A service provider without worldwide points of presence may not be able to supply the needs of a worldwide sales force. Other service providers may have a global presence but do not have uniform quality or capacity throughout their networks, which can lead to poor service.

A multi-service VPN solution allows businesses to mix and match service providers, because it is implemented completely on the business premises. A network administrator can install a VPN gateway that supports multiple Internet connections. For example, one VPN gateway can terminate connections from different ISPs.

This ability to support calls from multiple carriers offers two advantages. First, it provides businesses with coverage wherever they need it because different service providers have strengths in different parts of the world. Second, it offers redundancy in case one service provider has a network failure. This approach also saves money because one can use the prospect of multiple service offerings to negotiate better pricing with service providers.

VPNs allow users to reduce operational costs, implement new applications, and increase productivity in a wide range of networking environments. The level of VPN awareness is growing and the technology÷Õ quantifiable benefits are likely to bring VPNs widespread recognition and use in the near future.

Eddie Toh is the Solutions Marketing Manager for Intel Technology Asia.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All