VPNs connect private networks through public networks like the Internet so they are cheaper, simpler and more flexible than other ways of connecting?leased lines, long distance telephony, ATM or frame relay. VPNs also use strong encryption to provide privacy and strong authentication to guarantee identity, so they are more secure than traditional networks.
Five basic components of VPNs:
- VPN Gateways:
A device used to connect an entire network to the VPN
- VPN Client Software:
Software for individual PCs that allow them to connect to the VPN
- Authentication Servers:
Systems such as certificate authorities and RADIUS servers that guarantee the identity of VPN Gateways and Clients
- Manage Servers:
Systems that provide control, monitoring, alerting and reporting on the VPN
- Physical Transport:
Any IP or Internet connection
How A VPN Works
Private IP packets are transmitted over the VPN via the VPN gateways and VPN client software. The gateways and clients are configured with the private addresses of other locations on the VPN. When they see a packet addressed to a device at one of those locations, they take the original private packet and wrap it inside another packet with public addresses. The outside packet (or wrapper) is routed through the Internet to a gateway at the other location. The second gateway removes the wrapper and sends the original private packet onto the local network. This process is known as encapsulation and is the basis for VPN tunnels.
When building a VPN one must consider several parameters including cost, security, time to market and performance.
Cost includes both capital cost (i.e., how much to spend on software and equipment) and more importantly, labor cost.
There is a wide range of security implementations from completely unsecured (no encryption and no authentication) where the VPN simply routes private packets over the public network, to strong security that protects all connections with powerful encryption and digital certificate based authentication.
VPNs can be implemented very quickly in simple, homogenous environments that don't change very much, but connecting diverse and changing environments can take a long time and may require the help of VPN experts or even outsourcing.
Finally, VPN performance varies widely and depends on the capabilities of the VPN gateways as well as the quality and performance of the intervening networks. A VPN can be implemented inexpensively using low cost VPN appliances and consumer Internet connections, but it may not have the performance you're looking for. On the other hand, VPNs that use high quality IP services and more expensive VPN products provide substantially better performance than existing data networks.
Normally, I wouldn't promote my company in this forum, but we have a nice white paper on general VPN information that we call "Demystifying VPN". It's available free from our Web site, and available here: http://www.openreach.com.
This was first published in July 2002