Network Management Strategies for the CIO
Requires Free Membership to View
The basic concept of a VPN is to connect networks in separate offices making them appear as one network or to connect remote individuals to their corporate network making them appear as though they were physically on the same network. With a VPN separate networks and individuals are "virtually" present. PCs, servers, printers and other devices all see each other as if they were all "local". Employees can interact with each other as though they were in the same building.
VPNs connect private networks through public networks like the Internet so they are cheaper, simpler and more flexible than other ways of connecting?leased lines, long distance telephony, ATM or frame relay. VPNs also use strong encryption to provide privacy and strong authentication to guarantee identity, so they are more secure than traditional networks.
Five basic components of VPNs:
- VPN Gateways:
A device used to connect an entire network to the VPN - VPN Client Software:
Software for individual PCs that allow them to connect to the VPN - Authentication Servers:
Systems such as certificate authorities and RADIUS servers that guarantee the identity of VPN Gateways and Clients - Manage Servers:
Systems that provide control, monitoring, alerting and reporting on the VPN - Physical Transport:
Any IP or Internet connection
How A VPN Works
Private IP packets are transmitted over the VPN via the VPN gateways and VPN client software. The gateways and clients are configured with the private addresses of other locations on the VPN. When they see a packet addressed to a device at one of those locations, they take the original private packet and wrap it inside another packet with public addresses. The outside packet (or wrapper) is routed through the Internet to a gateway at the other location. The second gateway removes the wrapper and sends the original private packet onto the local network. This process is known as encapsulation and is the basis for VPN tunnels.
When building a VPN one must consider several parameters including cost, security, time to market and performance.
Cost includes both capital cost (i.e., how much to spend on software and equipment) and more importantly, labor cost.
There is a wide range of security implementations from completely unsecured (no encryption and no authentication) where the VPN simply routes private packets over the public network, to strong security that protects all connections with powerful encryption and digital certificate based authentication.
VPNs can be implemented very quickly in simple, homogenous environments that don't change very much, but connecting diverse and changing environments can take a long time and may require the help of VPN experts or even outsourcing.
Finally, VPN performance varies widely and depends on the capabilities of the VPN gateways as well as the quality and performance of the intervening networks. A VPN can be implemented inexpensively using low cost VPN appliances and consumer Internet connections, but it may not have the performance you're looking for. On the other hand, VPNs that use high quality IP services and more expensive VPN products provide substantially better performance than existing data networks.
Normally, I wouldn't promote my company in this forum, but we have a nice white paper on general VPN information that we call "Demystifying VPN". It's available free from our Web site, and available here: http://www.openreach.com.
This was first published in July 2002
Join the conversationComment
Share
Comments
Results
Contribute to the conversation