VPN maintenance and management

The following aspects of a VPN must be maintained on an ongoing basis in order for the solution to scale and adapt to ever-increasing security requirements for enterprise traffic. Before deploying a VPN solution, be sure to address how your organization will handle the following concerns:

End-user support
You will need to have the ability to add users to the database and the ability to support a certain number of concurrent user sessions. Limitations in either of these areas can cause limitations in the overall system. In addition, processes must be built in order to automate the addition of end users to the system as efficiently as possible. You do not want to be the single point of contact for adding users because this can create security breaches and limit the number of users that can be efficiently added.

Tunnel architecture
A proliferation of tunnels is required to support the connectivity needs of the enterprise. Most VPN platforms claim support for a finite number of tunnels, but there can be performance degradation before those limits are reached. More important is the topology of the tunnels as it relates to site-to-site traffic. Tunnel topology will affect your ability to troubleshoot problems on the VPN -- the more tunnels, the more paths the traffic has to take. Build the tunnel topology to meet actual traffic patterns.

Key management
Managing keys can be a tremendous burden because keys must not only be generated and distributed but stored in a secure fashion. In many cases, this can require a dedicated resource.

Maintenance
You must be prepared to handle the hardware and software maintenance of the VPN platform itself. Can the system be upgraded without causing a service outage? Does the system require patches to support new features and capabilities? Who will be responsible for ongoing maintenance of the platform?

All of these areas can influence the cost, resources and time it takes to keep the system up and running. These should be factors that are considered on the front end prior to purchasing a solution, and processes should be built into the operational environment to address these on an ongoing basis.

About the author:
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has more than 10 years of experience providing strategic, business and technical consulting services. Robbie lives in Atlanta and is a graduate of Clemson University. His background includes positions as a principal architect at International Network Services, Lucent, Frontway and Callisma.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Overview Installing and integrating virtual private networks Understanding VPN technologies and capabilities Network Management Properties of Windows Management Instrumentation: Managing Windows networks using scripts, Part 12 QoE benchmarking: Unique approaches and environments Quality of experience: Why technical benchmarking is not enough QoE benchmarks or diagnostics for application performance: What's the difference? More remote scripting tricks: Managing Windows networks using scripts, Part 11 IP-based services: Curse or blessing for NOC staff? Virtual machines present dynamic environment issues for network pros Network architecture and capacity planning for server virtualization Keeping it green: Design principles for efficient network architectures How green is my network? -- A look at the cost-savings benefit of green IT VPN Troubleshooting Problem connecting to virtual private network (VPN) through Linksys router How to maintain corporate VPN connection while printing to a private network Can I set up a VPN on my wireless router? How can I get our VPN to work on Windows Vista? To set up a VPN server, do you need two NIC cards? How do I connect to our VPN with authentication ID? What causes my overseas VPN connection to slow during the day? Why has the terminal server ended my connection? How can I access each device from my network while keeping the companies' networks secure? VPN operating system interoperability -- Configure VPNs with Windows, Checkpoint RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary virtual systems management  (SearchNetworking.com) VPN appliance  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.