About Us  · Connect Locations · FAQsc  Suggest Equipment · Contact · Home

 
  TELL US ABOUT NET STAR
 

  CONNECT MY LOCATIONS

  SUGGESTIONS FOR EQUIPMENT

  FREQUENTLY ASKED QUESTIONS

  CONTACT US

  Home
 
 

 

FAQ'S

What is a VPN? A VPN (Virtual Private Network) enables a specific group of users to access private network data and resources securely over the Internet or other networks. Although often using public networks, a VPN inherits the characteristics of a private network, hence the acronym of "Virtual" Private Network. It's the concurrent use of tunneling, encryption, authentication, and access control over a public network that basically characterizes a VPN.

 

What is a VPN made of? VPNs may connect an individual machine and a private network (client-to-server) or a remote LAN (Local Area Network) and a private network (server-to-server). To do so VPNs need: a routed network (to transport data packets), optionally a tunnel switch (to increase security and versatility) , and tunnel terminators (acting like virtual cable terminators).

 

How do VPNs work? VPNs create "virtual" point-to-point connections using a technique called 'tunneling'. As the name suggests, tunneling acts like a 'pipe' which bores through a network cloud to connect two points. Typically started by a remote user, the tunneling process encapsulates data and encrypts it into standard TCP/IP packets, which can then safely travel across the Internet.

What types of VPN exist? One must bear in mind that the VPN market has tremendously expanded these last years. As it evolves the lines between various classifications and architectures blur out. Hardware manufacturers now provide software clients that offer features historically available only through software or firewall-based solutions, while stand-alone applications on the other hand may support encrypting routers to improve performance. Emerging standards such as IPsec provide a standard to create custom solutions. From a broad standpoint, one can identify three basic types of VPN:

Intranet VPN: this type of VPN is "client transparent". It is usually implemented for networks within a common network infrastructure but across various physical locations. For instance several buildings may be connected to a data center, or a common mainframe application that they can access securely through private lines. Those VPNs need to be especially secure with strong encryption and meet strict performance and bandwidth requirements. They must remain easily upgradeable since many users may be added to the load down the road (additional locations or applications).
 
Remote Access VPN : here VPN is "client initiated". It is intended for remote users that need to connect to their corporate LAN from various point of connections. It is intended for salesmen equipped with laptops and telecommuters that will connect intermittently from vary diverse locations (homes, hotels, conference halls...). The key factor here is flexibility as performance and bandwidth are usually minimal and less of an issue. More than encryption, authentication will be the main security concern.
 
Extranet VPN : in this case VPN uses the Internet as main backbone. It usually addresses a wider scale of users and locations, enabling customers, suppliers and branch offices to access corporate resources across various network architectures. They rely on VPN standards such as IPsec to ensure maximum compatibility while trying not to overly compromise security.
 
 

Business Issues

Why should I use VPN? Nowadays most corporate offices operate through a computer network. Most offices also use the Internet, whether for research, e-mail or other communications. Although network firewalls prevent most attacks from outsiders seeking to breach into the network using the Internet, they also prevent remote users to access essential data. That's where VPN comes in. By ensuring that only properly configured and authenticated users can access network data, and that this data is secure because encrypted, companies can implement mobile network access and telecommuting from any Internet-enabled location. Back to FAQ

What is the best VPN solution? As bland as it may sound, the best solution is the one that fits your bill, there is no VPN "killer app" that can provide all the benefits without any of the drawbacks. Back to FAQ

What are the pros and cons of VPN?

Potential Pros:

VPNs enable secure broadband connections (through cable modems, DSL, etc.).
 
VPNs make it easy to manage T1 lines, phone and data lines and remote access terminals.
 
VPNs can create significant communication savings in particular when lots of remote users dial-in from outside the local calling area.
 
IP-based VPN can keep IT management costs down. Dynamic configuration ensures adaptability to changing network configuration and needs.
 

Potential Cons:

VPNs may provide less bandwidth than by using direct lines.
 
VPNs is more prone to Internet connectivity problems. To ensure maximum availability it may be wise to secure on-call specialized support services, typical ISP support may not prove efficient enough.
 
VPN being mostly Internet-based, it is dependent on connections to be up. If your ISP is down, so is your VPN. Emergency dial-in access may be used as a limited, temporary back-up.
 

How do I choose a VPN solution? You first need to ask yourself a few simple questions: "what is my current network setup?" "how many users should connect at any time?", "where will they connect from?", "how sensitive is the data accessed from outside?" etc. Once you know your needs in terms of security, performance and versatility, depending on how your prioritize those elements the type of solution will impose itself.

"Plug-and-Work" corporate VPNs: if you would like to connect some remote offices to your headquarters you will probably start by examining hardware-based solutions. Secure, easy to setup, use and manage, encrypting routers also relieve the server from any intensive work. If your focus is both on performance and usability, this type of VPN is a good candidate, especially for small to medium-sized firms with a limited IT budget.
 
Flexible Telecommuting: if you are looking into VPN for a mobile sales force working on laptops from many locations, you will require a solution that can flow within an heterogeneous setup. This will also be the case for business partnership-type of situations. Software-based VPN solutions allow great flexibility in terms of implementation and usage. But because of this adaptability they can be harder to setup and manage, so outsourcing VPN support can be a good idea in order to avoid overloading your IT staff and ensure continuous connectivity
 
When the 'P' is what matters in 'VPN': For insurance companies, financial and legal institutions network data is very sensitive, even secret. For those firms absolute privacy is critical for online business. And most sales organizations wouldn't want their commission rates or internal studies to fall in the wrong hands. When privacy is at stake, you may opt for a firewall-based solution. This will ensure tighter and more restrictive security as well as additional alarm and logging capabilities. If security is the biggest concern, that should be your pick. For performance and bandwidth-eating activities choose a solution that incorporates additional encryption hardware to speed up processing.
 
 

What VPN features should I look for? Once you know what type of VPN you should implement you will still have a wide range of solutions to choose amongst. Besides parameters specific to your setup and overall budget, you will choose a VPN product for its features. Here are some of the most important ones you should always be looking into before making up your mind:

Authetication methods: Some vendors provide 'data authentication', others provide 'user authentication'. When referring to 'authentication', make sure your vendor means BOTH;
 
Transmission Modes : Believe it or not, some VPN solutions provide no encryption whatsoever. Make sure yours supports ETM (Encrypted Tunnel Mode), anything short of it is compromising your network security unnecessarily;
 
Traffic control: prioritizing the available bandwidth between users and applications is a must for a "democratic" VPN and will avoid unnecessary network jams/hangs;
 
Selective encryption: encrypting only a subset of traffic can bring a lot of relief to your CPU, secure only sensitive information and free up lot of resouces for other tasks;
 
Topology: some VPNs offer more than the standard couple of Ethernet interfaces (10/100Mbs) and can count on NT or Unix for LAN management, but make sure your CPU can handle it as well;
 
Advanced logging: look for centralized logging capabilities such as SNMP management. The more you know about your VPN the better you will manage it and the faster you will react to sensitive situations;
 
VPN management: too often overlooked, management modules and stations can reveal themselves unfriendly or expensive overtime. This one aspect of VPN can actually boost or defeat your VPN deployment strategy;
 
Enterprise management: a VPN is only secure as the rest of your network is, be sure that your VPN fits in your overall security policies;
 
CA/Key support: Certificate Authorities support is a strong point for any VPN solution and PKI compliance is a must for Extranet VPNs. Depending on your requirements this may greatly narrow down your range of choice.
 

 

Expert Service - Please give us a call to discuss any project you have at present or future projects you would like to consider.

 

Proven Products and Service.
 

About Us  · Connect Locations · FAQ  Suggest Equipment · Contact · Home

505 Julie Rivers Suite 170 Sugar land Texas 77478   Phone: 281.240.7300  Fax: 281.2407377
 All Content Copyright © 2002 · Net Star Telecommunications, Inc.