Virtual Private Network (VPN) Now

Virtual Private Network (VPN) now becomes the mandatory solution for secure remote access. A VPN is a group of two or more computer systems, typically connected to a private network (a network built and maintained by an organization solely for its own use) with limited public-network access that communicates "securely" over a public network. VPN may exist between an individual machine and a private network (client-to-server) or a remote LAN and a private network (server-to-server). Security features differ from product to product.

But VPN must include encryption, strong authentication of remote users or hosts, and mechanisms for hiding or masking information about the private network topology from potential attackers on the public network. Virtual Private Networks Pros Cost Savings By leveraging third party networks, with VPN, organizations no longer have to use expensive leased or frame relay lines and are able to connect remote users to their corporate networks via a local Internet service provider (ISP) instead of via expensive 800-number or long distance calls to resource-consuming modem banks.

Security VPN provide the highest level of security using advanced encryption and authentication protocols that protect data from unauthorized access. Scalability VPN allow corporations to utilize remote access infrastructure within ISPs. Therefore, corporations are able to add a virtually unlimited amount of capacity without adding significant infrastructure. Compatibility with Broadband Technology VPN allow mobile workers, telecommuters and day extenders to take advantage of high-speed, broadband connectivity, such as DSL and Cable, when gaining access to their corporate networks, providing workers significant flexibility and efficiency.

Give telecommuters and mobile workers secure access to LAN. VPN can create secure, business critical communication links over the Internet. Share resources with partners. Virtual Private Networks Cons Quality of Service Unlike circuit-switched or leased line data services, VPN links (or tunnels) over public routed networks do not typically offer any end-to-end throughput guarantees. In addition, packet loss is variable and can be very high, and packets can be delivered out-of-order and fragmented.

Security VPN connections are made by first connecting to a POP of the public network, and then using that network to reach a remote peer to form a private tunnel. Once the connection has been made to the POP, unsolicited data from other users of the public network can be received, and the exposure to "attacks" requires comprehensive and complex security measures.

Bandwidth reservation or Quality of Service (QOS) at the enterprise or central site Bandwidth reservation refers to the ability to "reserve" transmission bandwidth on a network connection for particular classes or types of traffic. It is much harder to achieve with VPN than traditional networks. Some reservation can be done on out-bound traffic, but for inbound reservation to be achieved, the VPN carrier would need to help.

Two-way calling Small office/home office sites that use ISDN to access a central site directly enjoy the capabilities of two-way calling, e.g. If the link is idle (the inactivity timer has fired and disconnected the call) and traffic needs to flow from the central site to the remote site, the central site can initiate the call. In a VPN network, this is a capability missing from common ISP offerings today.

Callback is a related topic; offering to pick up the dial-in costs incurred by partners and customers is also difficult. Centralized telesaving control Managing cost-effective use of dial links centrally may no longer be possible. Overhead VPN tunnels impose overhead for dial-in users: encryption algorithms may impact the performance of the user's system, there will be an increased protocol header overhead, authentication latency will increase, PPP and IP compression will perform poorly (compared to a direct link), and modem compression won't work at all.

Support issues Replacing direct-dial links with VPN tunnels may produce some very painful faultfinding missions. Due to the complexity of VPN carrier networks, the opportunities for "hand-washing" are enormous. Reconnection time Using tunneling may increase the reconnection time for dial users. With the VPN carrier L2TP model, the client has to go through two authentication phases: one on contacting the VPN carrier POP, and another on contact with the enterprise Security Gateway.

Multimedia Applications such as video conferencing only work acceptably over low latency links that can offer the required minimum throughput. Currently on the Internet, latency and throughput can vary alarmingly. Multi-channel data services, such as ISDN and XDSL solve this problem in the short-term, allowing the "data" channel to be used for VPN tunneling, and a separate "voice" channel to be used for business telephone calls or video conferencing. Encryption When using encryption to protect a tunnel, data compression is no longer achievable as encrypted data is not compressible.

This means that hardware compression over a modem connection is not possible. Impact of Virtual Private Networks The impact of VPN goes beyond secure and cost-effective remote access. Currently emerging security technology and public key infrastructure will enable secure inter-business collaboration through secure extranets. As VPN technology matures, organizations will increasingly utilize public Internet services for LAN-to-LAN communications, intranets and other mission critical application service networks. Service Impact Reduces processing.