SUGGESTIONS FOR EQUIPMENT
What is a VPN?
A VPN (Virtual Private Network) enables a specific group of users to
access private network data and resources securely over the Internet or
other networks. Although often using public networks, a VPN inherits the
characteristics of a private network, hence the acronym of "Virtual"
Private Network. It's the concurrent use of tunneling, encryption,
authentication, and access control over a public network that basically
characterizes a VPN.
What is a VPN made of?
VPNs may connect an individual machine and a private network
(client-to-server) or a remote LAN (Local Area Network) and a private
network (server-to-server). To do so VPNs need: a routed network (to
transport data packets), optionally a tunnel switch (to increase security
and versatility) , and tunnel terminators (acting like virtual cable
How do VPNs work? VPNs create "virtual"
point-to-point connections using a technique called 'tunneling'. As the
name suggests, tunneling acts like a 'pipe' which bores through a network
cloud to connect two points. Typically started by a remote user, the
tunneling process encapsulates data and encrypts it into standard TCP/IP
packets, which can then safely travel across the Internet.
What types of VPN exist? One must bear in
mind that the VPN market has tremendously expanded these last years. As it
evolves the lines between various classifications and architectures blur
out. Hardware manufacturers now provide software clients that offer
features historically available only through software or firewall-based
solutions, while stand-alone applications on the other hand may support
encrypting routers to improve performance. Emerging standards such as
IPsec provide a standard to create custom solutions. From a broad
standpoint, one can identify three basic types of VPN:
Intranet VPN: this type of VPN is
"client transparent". It is usually implemented for networks within a
common network infrastructure but across various physical locations.
For instance several buildings may be connected to a data center, or a
common mainframe application that they can access securely through
private lines. Those VPNs need to be especially secure with strong
encryption and meet strict performance and bandwidth requirements.
They must remain easily upgradeable since many users may be added to
the load down the road (additional locations or applications).
Remote Access VPN : here VPN is
"client initiated". It is intended for remote users that need to
connect to their corporate LAN from various point of connections. It
is intended for salesmen equipped with laptops and telecommuters that
will connect intermittently from vary diverse locations (homes,
hotels, conference halls...). The key factor here is flexibility as
performance and bandwidth are usually minimal and less of an issue.
More than encryption, authentication will be the main security
Extranet VPN : in this case VPN
uses the Internet as main backbone. It usually addresses a wider scale
of users and locations, enabling customers, suppliers and branch
offices to access corporate resources across various network
architectures. They rely on VPN standards such as IPsec to ensure
maximum compatibility while trying not to overly compromise security.
should I use VPN? Nowadays most corporate
offices operate through a computer network. Most offices also use the
Internet, whether for research, e-mail or other communications. Although
network firewalls prevent most attacks from outsiders seeking to breach
into the network using the Internet, they also prevent remote users to
access essential data. That's where VPN comes in. By ensuring that only
properly configured and authenticated users can access network data, and
that this data is secure because encrypted, companies can implement mobile
network access and telecommuting from any Internet-enabled location.
Back to FAQ
is the best VPN solution? As bland as it may
sound, the best solution is the one that fits your bill, there is no VPN
"killer app" that can provide all the benefits without any of the
Back to FAQ
are the pros and cons of VPN?
||VPNs enable secure broadband
connections (through cable modems, DSL, etc.).
||VPNs make it easy
to manage T1 lines, phone and data lines and remote access terminals.
||VPNs can create
significant communication savings in particular when lots of remote
users dial-in from outside the local calling area.
||IP-based VPN can
keep IT management costs down. Dynamic configuration ensures
adaptability to changing network configuration and needs.
||VPNs may provide less bandwidth
than by using direct lines.
||VPNs is more prone
to Internet connectivity problems. To ensure maximum availability it
may be wise to secure on-call specialized support services, typical
ISP support may not prove efficient enough.
||VPN being mostly Internet-based,
it is dependent on connections to be up. If your ISP is down, so is
your VPN. Emergency dial-in access may be used as a limited, temporary
do I choose a VPN solution?
You first need to ask yourself a few simple questions:
"what is my current network setup?" "how many users should connect at any
time?", "where will they connect from?", "how sensitive is the data
accessed from outside?" etc. Once you know your needs in terms of
security, performance and versatility, depending on how your prioritize
those elements the type of solution will impose itself.
"Plug-and-Work" corporate VPNs: if you would
like to connect some remote offices to your headquarters you will
probably start by examining hardware-based solutions. Secure, easy to
setup, use and manage, encrypting routers also relieve the server from
any intensive work. If your focus is both on performance and
usability, this type of VPN is a good candidate, especially for small
to medium-sized firms with a limited IT budget.
Flexible Telecommuting: if you are looking
into VPN for a mobile sales force working on laptops from many
locations, you will require a solution that can flow within an
heterogeneous setup. This will also be the case for business
partnership-type of situations. Software-based VPN solutions allow
great flexibility in terms of implementation and usage. But because of
this adaptability they can be harder to setup and manage, so
outsourcing VPN support can be a good idea in order to avoid
overloading your IT staff and ensure continuous connectivity
When the 'P' is what matters in 'VPN': For
insurance companies, financial and legal institutions network data is
very sensitive, even secret. For those firms absolute privacy is
critical for online business. And most sales organizations wouldn't
want their commission rates or internal studies to fall in the wrong
hands. When privacy is at stake, you may opt for a firewall-based
solution. This will ensure tighter and more restrictive security as
well as additional alarm and logging capabilities. If security is the
biggest concern, that should be your pick. For performance and
bandwidth-eating activities choose a solution that incorporates
additional encryption hardware to speed up processing.
What VPN features should I look for?
Once you know what type of VPN you should
implement you will still have a wide range of solutions to choose amongst.
Besides parameters specific to your setup and overall budget, you will
choose a VPN product for its features. Here are some of the most important
ones you should always be looking into before making up your mind:
Some vendors provide 'data authentication', others provide 'user
authentication'. When referring to 'authentication', make sure your
vendor means BOTH;
Transmission Modes :
Believe it or not, some VPN solutions provide no encryption
whatsoever. Make sure yours supports ETM (Encrypted Tunnel Mode),
anything short of it is compromising your network security
prioritizing the available bandwidth between users and applications is
a must for a "democratic" VPN and will avoid unnecessary network
encrypting only a subset of traffic can bring a lot of relief to your
CPU, secure only sensitive information and free up lot of resouces for
Topology: some VPNs
offer more than the standard couple of Ethernet interfaces (10/100Mbs)
and can count on NT or Unix for LAN management, but make sure your CPU
can handle it as well;
look for centralized logging capabilities such as SNMP management. The
more you know about your VPN the better you will manage it and the
faster you will react to sensitive situations;
too often overlooked, management modules and stations can reveal
themselves unfriendly or expensive overtime. This one aspect of VPN
can actually boost or defeat your VPN deployment strategy;
a VPN is only secure as the rest of your network is, be sure that your
VPN fits in your overall security policies;
Certificate Authorities support is a strong point for any VPN solution
and PKI compliance is a must for Extranet VPNs. Depending on your
requirements this may greatly narrow down your range of choice.
Expert Service - Please give us a
call to discuss any project you have at present or future projects you
would like to consider.
Proven Products and Service.