Understanding VPNs, making technology decisions and integrating the VPN are only the beginnings of the lifecycle...
for supporting VPN solutions. Many technology managers are under extreme pressure to get the VPN up and running as quickly and cost effectively as possible. Once the VPN is installed and running, it is generally too late to understand what it will take to maintain and manage it on an ongoing basis. This overview examines the key areas of focus that should be addressed in order to maintain and manage a VPN in an ongoing fashion.
The following aspects of a VPN must be maintained on an ongoing basis in order for the solution to scale and adapt to ever-increasing security requirements for enterprise traffic. Before deploying a VPN solution, be sure to address how your organization will handle the following concerns:
You will need to have the ability to add users to the database and the ability to support a certain number of concurrent user sessions. Limitations in either of these areas can cause limitations in the overall system. In addition, processes must be built in order to automate the addition of end users to the system as efficiently as possible. You do not want to be the single point of contact for adding users because this can create security breaches and limit the number of users that can be efficiently added.
A proliferation of tunnels is required to support the connectivity needs of the enterprise. Most VPN platforms claim support for a finite number of tunnels, but there can be performance degradation before those limits are reached. More important is the topology of the tunnels as it relates to site-to-site traffic. Tunnel topology will affect your ability to troubleshoot problems on the VPN -- the more tunnels, the more paths the traffic has to take. Build the tunnel topology to meet actual traffic patterns.
Managing keys can be a tremendous burden because keys must not only be generated and distributed but stored in a secure fashion. In many cases, this can require a dedicated resource.
You must be prepared to handle the hardware and software maintenance of the VPN platform itself. Can the system be upgraded without causing a service outage? Does the system require patches to support new features and capabilities? Who will be responsible for ongoing maintenance of the platform?
All of these areas can influence the cost, resources and time it takes to keep the system up and running. These should be factors that are considered on the front end prior to purchasing a solution, and processes should be built into the operational environment to address these on an ongoing basis.
About the author:
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has more than 10 years of experience providing strategic, business and technical consulting services. Robbie lives in Atlanta and is a graduate of Clemson University. His background includes positions as a principal architect at International Network Services, Lucent, Frontway and Callisma.