Home > Primer > Full Story

VPN - A Very Personal Network

VPN's can offer you the benefit of a private network while riding on a public infrastructure. Other benefits are thrown in as well. by Mahesh Rathod

A VPN can be defined as a communications environment in which access is controlled to permit peer connections only within a defined community of interest

A remote user connects to corporate network resources by making a local phone call to an Internet Service Provider

A VPN (Virtual Private Network) may be described as a private, data communication channel that uses a public IP network like the Internet for basic data transport. It can be used to connect corporate datacenters, remote offices, mobile employees, telecommuters, customers, suppliers, and business partners. The public network is used as a wide area communications network and it offers the appearance, functionality and usefulness of a dedicated private network.

A VPN can be defined as a communications environment in which access is controlled to permit peer connections only within a defined community of interest. It is constructed by partitioning a common underlying communications medium. The underlying communications medium provides services to the network on a non-exclusive basis.

Categories of VPN
There are three kinds of VPNs that can enhance communications, reduce operation costs, improve customer service, and make you more competitive. They are access VPNs, Intranet VPNs and Extranet VPNs.

Access VPNs
Telecommuters, field sales and service representatives, branch offices, remote users, and mobile users are all prime candidates for Access VPNs. Access VPNs provide access to a corporate Intranet or Extranet over a shared infrastructure with the same policies as a private network. They cover remote-access connectivity through dial-ups, ISDN (Integrated Services Digital Network), DSL (Digital Subscriber Line), wireless, and cable technologies.

Access VPNs enable businesses to outsource their dial-up or other broadband remote access connections without compromising their security architectural options.

Intranet VPN
An intranet VPN links remote and branch offices to central intranet services over the Internet. Connections may be temporary (dialup) or permanent (dedicated). Dedicated connections offer higher bandwidth and interconnect multiple offices (intranet) or key suppliers and vendors (extranet). Examples of dedicated connections include permanent ISDN, 56K serial, leased lines and so on. You can extend your Intranet to remote offices as a second phase of your VPN services.

Extranet VPN
An Extranet VPN links customers, suppliers, partners or communities of interest over the Internet to selected parts of the central intranet. Connections may be temporary (dialup) or permanent (dedicated). As a part of the migration strategy to full VPN services, an extranet partner uses tunneling over the Internet to access key extranet services and Web-based databases in a "demilitarized zone" that protects the internal network.

The VPN advantage
VPN technology allows companies to reduce access costs by removing the remote connections from the phone company and outsourcing it to the VPN service provider.

A remote user connects to corporate network resources by making a local phone call to an Internet Service Provider. A LAN-to-LAN connection is made over leased lines to ISPs. Outsourcing is a proven winner in many corporate information technology applications. And nowhere are the benefits of outsourcing more valuable than in remote access.

No long distance charges: Traditional remote access systems require a separate phone line for each user. Telecommuters and moving field users must connect over long distances at peak periods and can run up serious charges. With VPN-based remote access systems, users make a local call to an Internet Service Provider and generally pay a flat monthly usage fee, no matter how much time they spend online. Savings on telecom charges alone can add up to more than 60 percent.

Lower capital costs: Access servers, large backbone routers and switches are owned and managed by service providers, eliminating capital expense. You don't need to purchase, setup or manage complex modem pools. Customer premises equipment is often available from a service provider via low costing leasing options, for greater upgrade flexibility.

Lower management and support costs: Economics of scale enable service providers to offer you substantial savings over inhouse management and support. Outsourcing reduces or eliminates in house staff requirement. What's more, you receive 24 x 7 service and support.

Expanded connection options: The Internet is an inherently redundant network, with several pathways to any given destination. Thus remote access Intranets and Extranets can go wherever the Internet goes.

Anytime, anywhere access: VPN subscribers across the extended network have the same access and logical view of central services like e-mail, directory, internal and external websites, security, and mission critical applications. Users can access the services through multiple media, all without seeing the complex network underneath.

How secure?
The various networking security issues can be broadly categorized as follows:

User identification: User identification allows one to be confident that the party we are establishing communications with is who we think it is. VPN technologies are making use of several tried and true methods for establishing the identity of the party at the other end of a network. These include passwords, digital certificates, smart cards, and biometrics.

Data integrity: Since one has no control over where the data has traveled and through what kind of hands it has passed, while journeying across the Internet, there is always the possibility that it may have been modified. This problem is again solved by IPSec's AH (Authentication Header).

Data confidentiality: One of the traditional concerns of security systems is protecting data from eavesdroppers. IPSec provides a method for implementing a variety of different algorithms. The ESP (Encapsula-tion Security Payload) is a part of the IPSec protocol suite designed to provide 168-bit encryption.

Mahesh Rathod can be reached at rathodmp@hotmail.com

IP Sec

IPSec is a framework of open standards for ensuring secure private communications over IP networks. Based on standards developed by the IETF (Internet Engineering Task Force), IPSec ensures confidentiality, integrity and authenticity of data communications across a public IP network. IPSec provides a necessary component of a standards-based, flexible solution for deploying a network-wide security policy.

Mahesh Rathod can be reached at rathodmp@hotmail.com