Myth #1: A network that is open to remote access is not secure and can be easily hacked into. A number of solutions such as firewalls, security tokens and strong encryption techniques are available to tackle such potential threats. If the organization takes adequate security measures, it is almost impossible to gain unauthorized access.

Myth #2: It is risky to send important information via the Internet. Virtual private networks (VPNs) can ensure that the data being sent and received is encrypted and that the cost per user is affordable.

A number of such doubts exist in the minds of many chief information officers who still view virtual private networks as a risky proposition. Whether this stems from lack of a clear understanding of the technology or from just a mindset, CIOs are especially wary of running mission critical applications on such a network. But the fact is that a well-designed Virtual Private Network offers the same functionality as a traditional private WAN (wide area network) at a much lower cost. Factors like security, scalability and reliability can also be easily addressed while designing the network.

The technology
Simply put, a VPN could be described as a private, data communication channel that uses a public IP network like the Internet for basic data transport. It can be used to connect corporate data centers, remote offices, mobile employees, telecommuters, customers, suppliers, and business partners. Using a technique called ‘tunneling’, data packets are transmitted across a public routed network in a private tunnel that simulates a point-to-point connection. This approach enables network traffic from many sources to travel through separate tunnels across the same infrastructure. It also enables traffic from many sources to be differentiated, so that it can be directed to specific destinations.

Access VPNs: This is a user-to-LAN connection used by a company that has employees who need to connect to the private network from remote locations. Access VPNs provide access to a corporate Intranet or Extranet over a shared infrastructure with the same policies as a private network. They cover remote-access connectivity through dial-ups, ISDN (Integrated Services Digital Network), DSL (Digital Subscriber Line), wireless, and cable technologies.

Site-to-site: Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be Intranet or Extranet-based.

n Intranet-based—If a company has more remote locations that it wishes to join in a single private network, it can create an Intranet VPN to connect LAN to LAN.

n Extranet-based—When a company has a close relationship with another company (for example, a partner, supplier or customer), it can build an Extranet VPN that connects LAN to LAN and allows all of the various companies to work in a shared environment.

Traditional WAN vs VPN
Many large and medium-size organizations that are outsourcing their connectivity needs to service providers find that VPNs are a solution to many of the challenges they face. Traditionally an organization that wanted to build a wide-area network needed to procure expensive, dedicated lines to connect its offices together. With long-distance charges of leased lines mounting daily, the cost of deploying and maintaining a private network is also on the rise.

12 Benefits of Going VPN
A well-designed VPN can benefit a company by:
	Extending geographic connectivity
	Reducing operational costs in comparison with traditional WAN
	Eliminating long distance charges
	Reducing in house staff requirement with outsourcing
	Lower capital expenditure as access servers, large backbone and switches are owned and managed by service providers.
	Reduced transit time and transportation costs for remote users
	Improved productivity
	Simple network topology
	Global networking opportunities
	Telecommuter support
	Providing broadband networking compatibility
	Faster ROI (return on investment) than traditional WAN

Besides file sharing and email, the WAN provides access to Intranet Websites and videoconferencing systems. In addition, some organizations selectively open their WAN access to partners to provide Extranet services. VPNs not only support the same Intranet/Extranet services as a traditional WAN, but also allow further mobility to the worker. Leased lines don’t support mobile workers well because they fail to extend to people’s homes or their travel destinations.

Companies that don’’t use VPNs have to resort to implementing specialized secure dial-up services. To log in to a dial-up Intranet, a remote worker must call into a company’s remote access server. The overheads of maintaining such a system internally, coupled with the possibility of high long distance charges incurred by travelers, make VPNs a more appealing option.

Designing a VPN
While designing a VPN solution, a number of factors need to be considered:

Need Assessment: A company should be able to identify its data traffic and have a clear picture of how the organization is poised for growth. Among the factors that determine the nature and extent of VPN requirements are the number of employees travelling, the nature of applications that need to be accessed, the type and sensitivity of data and the locations from which employees will be connecting to the corporate LAN.

Ease of Deployment: Let the vendor know, which cities are the most important, which location has the largest customer base, and make them the nodal points of the backbone. This can bring some sanity in the network design and hierarchy. A company that keeps adding more locations without much foresight can end up having a criss-cross of links, which could be difficult to maintain and troubleshoot.

Scalability: The network should be able to support a large number of users without requiring a proportionate increase in expenditure for infrastructure or support. It should be able to support peak loads and provide access from a number of remote points without enhancing the infrastructure.

Reliability: Employees remotely accessing the corporate network may not expect a high level of performance but they do expect reliable services. Dial-in attempts must provide successful connections at reasonable speeds and shouldn’t get disconnected while accessing important information

Manageability: The VPN solution must be easy to support and manage both on the LAN side and at the user end. Minimal software installation should be required and the software should be easy to install, configure and use.

Interoperability: Although standards exist for providing VPN compatibility, various factors such as different implementation standards limit multi-vendor interoperability. Additionally, many standards for tunneling, authentication and encryption are still emerging. So, care must be taken to ensure that the VPN solution selected provides end-to-end interope-rability.

Security: A major issue
Probably one thing that worries most companies while deploying a remote access network like VPN is security. Managing security could be a complex affair, as every resource on the corporate network needs to be protected: systems, information, application resources and networks. The network should provide for two levels of security. The first is user authentication and second is data encryption. User identification allows one to be confident that the party we are establishing communications with is who we think it is. VPN technologies are making use of several tried and trusted methods for establishing the identity of the party at the other end of a network. These include passwords, digital certificates, smart cards and biometrics.

5 Check-points Before Going VPN
Potential pitfalls in VPNs that can lead to unplanned costs:
	VPNs require an in-depth understanding of public network security issues and proper deployment of precautions
	The availability and performance of an organization’s wide-area VPN (over the Internet in particular) depends on factors largely outside its control
	VPN technologies from different vendors may not work well together due to immature standards
	VPNs need to accommodate protocols other than IP, including existing legacy internal network technology
	It is assumed that Service Level Agreements (SLAs) ensure reliable services and high performance, but there is no guarantee. They might provide financial compensation when the terms are not met. But financial incentives do not make up for lost productivity and opportunity

Another significant factor is the security of critical data. Information privacy is maintained while it is in transit between servers and clients. Protecting data requires that it be encrypted while travelling over the Internet. Various techniques such as TripleDES and IPSec’s AH (Authentication Header) are available to address this issue. IPSec is a framework of open standards for ensuring secure private communications over IP networks. Based on standards developed by the IETF (Internet Engineering Task Force), IPSec ensures confidentiality, integrity and authenticity of data communications across a public IP network. IPSec provides a necessary component of a standards-based, flexible solution for deploying a network-wide security policy.

Emerging potential
Optical VPNs are among the emerging technologies in this area. These are wavelength-based or Lambda-based VPNs. The idea is to use DWDM (Dense Wavelength Division Multiplexing) as the core technology. DWDM and WDM (Wavelength Division Multiplexing) are currently used as long haul transport technologies. When there is a high density of customers, it will evolve into an access technology. So there will be a shift from a packet domain-based VPN to an optical domain-based VPN. The shift will not be prominent until the next few years, because implementation standards and vendor support are also crucial to the adaptation of new technology.

SHWETA VERMA in New Delhi