9/27/2001 - SearchNetworking.com - The Reality of Virtual Private Networks

by Garry Kranz,

 

For Tangram Enterprise Solutions Inc., the decision to implement a VPN was easy. For minimal cost, the Raleigh, N.C.-based information technology company installed a VPN that enabled selected employees to remotely access internal applications.

"We were having more and more employees working out of their homes, where they could be stationed closer to our customers," says Steve Keukes, Tangram's senior vice president and chief technology officer. "The availability and dramatic decrease in costs of high-speed DSL and cable modems drove us to implement a VPN."

A VPN is a private data network that uses public telecommunications infrastructure, including local telephone lines or the Internet, to create a "tunnel" between corporate servers and remote users' PCs or laptops. Overlaid with security protocols and layers of authentication, encryption and decryption, VPNs enable enterprises to create global communication links quickly and for a fraction of the cost of private Frame Relay systems.

 

Save money, boost productivity

Tangram deploys a Linux box to act as its VPN server, and runs free open source software, called Pop Top, to communicate with Windows workstations. "By putting that box on our Internet connection and installing free software on it, we were able to use off-the-shelf Microsoft VPN software on existing client machines, basically for nothing," says Keukes.

Application development firm Brainlink of New York City shunned proprietary products, using instead a VPN solution bundled with free binary synchronous protocol-based products.

"The biggest thing we get out of our VPN," says Raj Goel, Brainlink's chief technology officer, "is enhanced productivity. Problems don't arise at a scheduled time, so a VPN lets us solve problems 24x7, whether employees are home or at the office."

Enabling workers to tunnel in to your network over the Internet cuts down on long distance and toll-free charges, and eliminates the burden of maintaining large modem banks. But "VPNs aren't really about cost savings. They're more about agility and being able to dynamically connect with business partners and remote employees," says Galen Schreck, an analyst with Forrester Research Inc. in Cambridge, Mass.

 

Keep an eye on costs, security

Indeed, installing a VPN requires budgetary forethought, says Frank Bocchino, director of marketing for Beanstalk Networks Inc., an application service provider in West Palm Beach, Fla. "VPNs require routers at each location, and as the number of users increases, so does the price of the appropriate router, as well as the need for more expensive bandwidth. Throw in costs for cabling, workgroup hubs, switches, disaster protection and security, and you've got quite a monster on your hands," he says.

Moreover, VPNs have a fundamental Achilles' heel that could make them undesirable: security flaws that enable creative hackers to bypass your corporate network and gain entry through remote users' PCs. Says Bill Van Emburg, chief operating officer of Quadrix Solutions, a systems integration and collocation firm in Piscataway, N.J., "A VPN can ensure privacy, but it does not guarantee the security of the network."

Companies using VPNs typically require remote users to install firewalls on remote machines. Industry experts say this adds IT management cost and complexity to the equation.

The sophistication of authentication systems also influences the cost, says Rob Garr, a project manager with technology services firm PEC Solutions Inc. of Fairfax, Va. "You could use authentication systems using static passwords, which is relatively inexpensive, easy to use, and easy to implement. But it's not as secure as using a one-time password scheme, public key infrastructure, or key fobs that are password-generated," says Garr. "The tradeoff is ease of use versus level of security."

Garr recommends that companies pondering VPNs consider the type of information they want to protect, and then examine if a VPN provides adequate levels of security.

It is clear that using public telecommunications networks, especially the Internet, is more affordable than leasing private telecommunications lines or laying fiber for a truly private network, in which only your company uses the system. But public network users must deal with tradeoffs related to network reliability and latency.

Enterprises whose operations would suffer from outages or slowdowns probably won't want to use a VPN, says Tangram's Keukes. For his company, those issues were not critical.

"The applications we're deploying across our VPN, while it's important for employees to have access to them, are not critical if they go through a period of low performance because the Internet slows down," says Keukes. "That's one of the drawbacks of a VPN: There's no way to get guaranteed service across the Internet."

Although other options exist, such as contracting with application or management service providers, many companies are waking up to the advantages of VPNs, says Schreck. He notes that VPNs are among the most highly adopted of new technologies. "Companies are serious about adoption of VPNs. We've gotten over the hype and expectations have plateaued," says Schreck, "so we're starting to see where VPNs fit."