(VPN) Virtual Private Network FAQs
What is a virtual private network?
A virtual private network is essentially a system that allows two or more
private networks to be connected over a publically accessible network, such
as the Internet. It usually consists of an encrypted tunnel of some kind,
although a VPN can take several forms, using different combinations of
hardware and software technologies. They can exist between an individual
machine and a private network, or a remote LAN and a private network. (top)
What are the basic features of VPNs?
Aside from supporting basic LAN interfaces, a good VPN should have
high-availability features such as redundant power supplies. Also, all VPNs
require some kind of authorization protocol and encryption, although some
companies may choose to opt out of the latter. Other advanced functions can
be useful, such as data compression, routing ability, network address
translation, bandwidth management capabilities and fail-over redundancy.
When purchasing a ready-made VPN package from a solutions provider, it is
often possible to get other bundled services to compliment the network, such
as voice over IP and other hosted applications. (top)
Why would a company use a VPN?
A VPN service is an economical alternative to setting up a private network
with expensive leased lines, as it can use existing IP infrastructure and
equipment to connect remote users and offices. For offices with great
distances between them, VPNs are ideal because they can provide connectivity
for almost any location in the world, and without incurring long-distance
charges. Also, the flexibility and relative simplicity of VPNs allows
small- to medium-sized businesses the option to switch to a different
provider, increase bandwidth, or add more offices to the network more freely
than with other schemes. (top)
How do companies use VPNs?
Once a company connects to a VPN server, it can either use the same
applications that it normally uses to connect to the Internet, or it can
purchase or rent the appropriate devices, depending on the scope of the
network. It can then be used to connect LANs in different sites, or give
customers, clients and consultants access to corporate resources, provided
they have compatible software and can be authenticated. Often VPNs are
useful for mobile workers such as salespeople, for home workers or day
extenders. (top)
Are extranets and VPNs the same thing?
Not really. An extranet is basically a glorified Web site, which allows
clients or partners access to the corporate intranet for highly specific,
often administrative functions. For example, an online newspaper's extranet
might allow advertisers to change banner ads on its site. A VPN uses a
protocol that allows a remote PC full access to a company's network
neighbourhood, as if it were actually in the home office. Although
extranets take a variety of forms, some of which can resemble a VPN, they do
not have the same function. However, using a more sophisticated
authentication and segmentation method, a company can build a separate
extranet application on its VPN, possibly saving money in the process. (top)
How do VPNs save money?
By using a relatively cheap local dial-up or broadband connection, companies
using VPNs save on telecommunications costs, and also reduce long-distance
phone charges. They also cut down on operational costs by outsourcing the
management of equipment used for remote access, as well as reducing the
number of access line running into a corporate site. In some cases, the
company can "borrow" the necessary hardware from a VPN service prover, at no
extra charge. Finally, a VPN can theoretically alleviate the support
burden, as the public service provider is generally responsible for
supporting its dial-up customers. (top)
What about VPN performance?
There are a number of factors that can contribute to the VPN's performance.
While some of the issues may be related to the hardware or software
applications being used, much of it depends on the Internet itself. The
availability and speed of IP services may differ from one area to the next,
as well as the actual provider. Because of this, most VPN providers will
not offer a guarantee on the latency of packets moving across the network.
Performance also depends somewhat on the encryption scheme being used, as
well as the client's ability to process it. Highly encrypted data takes
considerably longer to transmit, especially on larger packets being sent
through a dial-up line. (top)
What about network availability?
Since VPNs rely on a public network to connect PCs, they are often at the
mercy of Internet service providers. Equipment problems can plague ISPs, or
even the root servers that make up the core of the Internet, which means
outages are always a possibility. Lately, ISPs are trying to improve the
reliability of their networks by making them more redundant and upgrading
their infrastructure, but few will offer 100 percent availability. Some
providers will offer refunds or credits to compensate for any downtime that
might be experienced. Companies must be realistic, and take into account
the possibility of downtime when setting out on any endeavour. (top)
What are the drawbacks of SLAs?
Service Level Agreements have evolved over the last few years to offer more
guarantees on uptime, network delay, packet loss, interoperability and
security, but they are still far from perfect. Many SLAs are written in
confusing doubletalk, often with multiple disclaimers and limitations that
you should be aware of. In some cases, they are dependent on special
purchases and other agreements by the customer. Many service providers have
unsatisfactory quality of service guarantees on latency or mean time to
repair. Furthermore, VPN SLAs usually only apply to the specific ISP, and
not traffic crossing over to another network. Some companies have worked
out "extended SLAs" between multiple cooperating ISPs, although they rarely
work. Customer-defined SLAs may become more common as the industry evolves. (top)
What are some common tunneling protocols?
The most popular tunneling protocols for VPNs are the Point-to-Point
Tunneling Protocol (PPTP), Internet Protocol Security (IPSec), and Layer 2
Tunneling Protocol (L2TP), which combines PPTP and Cisco Systems' Layer-2
Forwarding (L2F). SOCKS 5 is yet another approach, which follows a proxy
server model and is considered among the most secure. Companies with very
low security requirements may consider other alternatives, such as Secure
Shell (SSH). (top)
What type of encryption can be used?
Modern VPNs can use just about any common encryption technology available,
and equipment vendors usually give their customers the choice. Triple DES
and 3DES seem to be the standards in North America, although in some
countries encryption strength is regulated by legislation, and must use a
less robust technology. Whether hardware- or software-based, all VPN
providers offer some sort of encryption scheme, which can often be
customized to suit the buyer. (top)
How are VPN users authenticated?
VPNs usually take some sort of firewall, often a surprisingly simple
"plug-and-play" solution provided by a vendor. The system is installed on
as many LANs as needed, and keys are exchanged between the users in order to
provide authentication. All VPNs require that an access device be
configured to recognize and authenticate remote users. A wide number of
techniques and products, both hardware- and software-based, are available
from vendors. Stronger and more advanced authentication techniques, such as
tokens or regulated access levels, can also be implemented. (top)
|
