> Primer > Full Story
- A Very Personal Network
can offer you the benefit of a private network while riding
on a public infrastructure. Other benefits are thrown in as
well. by Mahesh Rathod
VPN can be defined as a communications environment in which
access is controlled to permit peer connections only within
a defined community of interest
remote user connects to corporate network resources by making
a local phone call to an Internet Service Provider
VPN (Virtual Private Network) may be described as a private,
data communication channel that uses a public IP network like
the Internet for basic data transport. It can be used to connect
corporate datacenters, remote offices, mobile employees, telecommuters,
customers, suppliers, and business partners. The public network
is used as a wide area communications network and it offers
the appearance, functionality and usefulness of a dedicated
A VPN can be defined as a communications environment in which
access is controlled to permit peer connections only within
a defined community of interest. It is constructed by partitioning
a common underlying communications medium. The underlying
communications medium provides services to the network on
a non-exclusive basis.
Categories of VPN
are three kinds of VPNs that can enhance communications, reduce
operation costs, improve customer service, and make you more
competitive. They are access VPNs, Intranet VPNs and Extranet
field sales and service representatives, branch offices, remote
users, and mobile users are all prime candidates for Access
VPNs. Access VPNs provide access to a corporate Intranet or
Extranet over a shared infrastructure with the same policies
as a private network. They cover remote-access connectivity
through dial-ups, ISDN (Integrated Services Digital Network),
DSL (Digital Subscriber Line), wireless, and cable technologies.
Access VPNs enable businesses to outsource their dial-up or
other broadband remote access connections without compromising
their security architectural options.
intranet VPN links remote and branch offices to central intranet
services over the Internet. Connections may be temporary (dialup)
or permanent (dedicated). Dedicated connections offer higher
bandwidth and interconnect multiple offices (intranet) or
key suppliers and vendors (extranet). Examples of dedicated
connections include permanent ISDN, 56K serial, leased lines
and so on. You can extend your Intranet to remote offices
as a second phase of your VPN services.
Extranet VPN links customers, suppliers, partners or communities
of interest over the Internet to selected parts of the central
intranet. Connections may be temporary (dialup) or permanent
(dedicated). As a part of the migration strategy to full VPN
services, an extranet partner uses tunneling over the Internet
to access key extranet services and Web-based databases in
a "demilitarized zone" that protects the internal
The VPN advantage
technology allows companies to reduce access costs by removing
the remote connections from the phone company and outsourcing
it to the VPN service provider.
A remote user connects to corporate network resources by making
a local phone call to an Internet Service Provider. A LAN-to-LAN
connection is made over leased lines to ISPs. Outsourcing
is a proven winner in many corporate information technology
applications. And nowhere are the benefits of outsourcing
more valuable than in remote access.
No long distance charges: Traditional remote access
systems require a separate phone line for each user. Telecommuters
and moving field users must connect over long distances at
peak periods and can run up serious charges. With VPN-based
remote access systems, users make a local call to an Internet
Service Provider and generally pay a flat monthly usage fee,
no matter how much time they spend online. Savings on telecom
charges alone can add up to more than 60 percent.
capital costs: Access servers, large backbone routers
and switches are owned and managed by service providers, eliminating
capital expense. You don't need to purchase, setup or manage
complex modem pools. Customer premises equipment is often
available from a service provider via low costing leasing
options, for greater upgrade flexibility.
Lower management and support costs: Economics of scale
enable service providers to offer you substantial savings
over inhouse management and support. Outsourcing reduces or
eliminates in house staff requirement. What's more, you receive
24 x 7 service and support.
Expanded connection options: The Internet is an inherently
redundant network, with several pathways to any given destination.
Thus remote access Intranets and Extranets can go wherever
the Internet goes.
Anytime, anywhere access: VPN subscribers across the
extended network have the same access and logical view of
central services like e-mail, directory, internal and external
websites, security, and mission critical applications. Users
can access the services through multiple media, all without
seeing the complex network underneath.
various networking security issues can be broadly categorized
User identification: User identification allows one
to be confident that the party we are establishing communications
with is who we think it is. VPN technologies are making use
of several tried and true methods for establishing the identity
of the party at the other end of a network. These include
passwords, digital certificates, smart cards, and biometrics.
Data integrity: Since one has no control over where
the data has traveled and through what kind of hands it has
passed, while journeying across the Internet, there is always
the possibility that it may have been modified. This problem
is again solved by IPSec's AH (Authentication Header).
Data confidentiality: One of the traditional concerns
of security systems is protecting data from eavesdroppers.
IPSec provides a method for implementing a variety of different
algorithms. The ESP (Encapsula-tion Security Payload) is a
part of the IPSec protocol suite designed to provide 168-bit
Mahesh Rathod can be reached at firstname.lastname@example.org
as less secure
IPSec is a framework of open standards for ensuring secure
private communications over IP networks. Based on standards
developed by the IETF (Internet Engineering Task Force), IPSec
ensures confidentiality, integrity and authenticity of data
communications across a public IP network. IPSec provides
a necessary component of a standards-based, flexible solution
for deploying a network-wide security policy.
Rathod can be reached at email@example.com