VPN (virtual private network)
As companies become more decentralized, they find themselves with employees all over the country and around the world. Increasingly, these workers need the same access to corporate information as those still at headquarters.
This presents a challenge for network managers - how to beef up the information flow while keeping WAN costs in check. Some users are finding they can meet both goals through Internet-based virtual private networks, or VPNs. Basically, VPNs let you turn the Internet into your corporate network. Through the use of encryption, VPN connections are protected from outside users, safeguarding data and allowing the secure, remote use of important applications.
Because the Internet has become so ubiquitous, virtually everybody can plug into it, potentially reducing the need for banks of remote-access servers and modems, or for users to dial long-distance into such facilities. And because the Internet is always there, you can often use it in place of dedicated lines.
All of this can mean fairly substantial savings over traditional leased-line connections or frame relay permanent virtual circuits.
Users can expect to save hundreds of dollars a month on dedicated Internet access connections when compared to dedicated private lines from a long-distance service provider.
Naturally, there is a catch. Two of them, in fact.
Because the Internet is not inherently secure, you'd probably want to think twice about sending confidential corporate data over it. And because the Internet is not inherently designed for real-time communications, you have to consider what might happen when part of the 'Net goes down or becomes congested.
From the VPN audio primer.
VPNs can be divided into three main types, based on what sort of hardware and software they use:
IPSec VPNs are based on gear that is placed between trusted machines and a shared IP network. The gear encrypts the data running between sites, ensuring that if someone manages to capture your traffic, and they are well equipped with decrypting equipment, it will take them an impossibly long time to crack your data.
MPLS VPNs are based on devices within the service provider's network that runs over paths whose integrity the provider maintains. If someone happens to somehow grab your data, it is there unencrypted for them to see. The clear value of these networks is that MPLS enables providers to offer services with guaranteed characteristics such as delay and jitter that fall within specified parameters. The security of the data is not guaranteed.
Hybrid networks, ones that use both technologies, can offer the best of both: security and predictable service quality.
From VPN Consortium aims to define VPNs, Network World VPN Newsletter, 06/26/02.
Compare VPNs to SSL.
Additional resources
VPN tutorial
Includes a self-grading quiz. From the International Engineering Consortium.
VPN Technologies: Definitions and Requirements
Paper from the VPN Consortium (in PDF).
Comments:
VPN
by Bob
It was really hard to find stuff!
Add a comment
