Volume 1 Issue 3
Past IssuesProductsVisual Data Home PageContact UsSubscribe
 

 
In This Issue:
President's Corner
Meet Our Staff
Customer Updates
IT Infrastructure Explained
Co-location Facilities and Equipment Strategy
Product Highlights
George
Upcoming Events
Trivia Fun

Visual Data
Systems Seminar
Wilmington NC
September 22

About Us

Visual Data Systems is a leader in Internet marketing, technology consulting and World Wide Web design. As a pioneer in Internet business, we've logged more than a decade of achieving customer satisfaction and Internet innovation.

Visual Data Systems offers a wide variety of products and services that can be customized to fit your unique business needs. Let our experienced professionals polish your ideas and dreams to create your distinctive Internet presence.

At Visual Data Systems, there are no barriers. Just Innovations.

News & Events

Catch Visual Data Systems at the upcoming Conferences:

RMS Users Conference Wilmington, NC, September 22-24

Vacation Rental Managers Association (VRMA) National
Orlando, Florida October 11th - 15th

   

May 2004 • Volume 2, Issue 1

VPNs – A Primer

So… what IS a VPN? How is it used? And how can they help your business?

A VPN (“Virtual Private Network”) is a special communication session between two devices, set up with security protocols to ensure that the two devices are authorized to communicate, and using encryption to ensure that the communication is secure.

The idea with VPNs is to allow the use of unsecured public bandwidth (usually the Internet) as part of your secure private network. Since the VPN session is traveling across shared Internet bandwidth, the network is not really private (like a dedicated T1 is), but it is a “virtually” private network due to the security mechanisms built into the VPN.

The purpose of the VPN is to make connectivity over the public Internet secure, by ensuring that only authorized devices can connect to your private network, and ensuring that information being passed over the public Internet cannot be intercepted or accessed.

VPNs are typically used in two scenarios:
  1. The office-to-office scenario connects two offices together via the Internet, in lieu of using expensive dedicated Point-to-Point T1 lines.
  2. The remote user-to-office scenario provides remote users (home or traveling) secure access your office network from anywhere via the Internet.

The VPN (often thought of as a “tunnel”) exists between two devices – the VPN end points. In the office-to-office scenario, the VPN end points can be built into Routers or Firewalls that connect each office’s private network to the Internet. VPN-enabled Firewalls are the most common office VPN end point, so we will use the Firewall as the office VPN end point throughout this discussion. In the remote user-to-office scenario, one end point is the office Firewall and the other is the user’s PC or laptop running VPN software.

Note that an office VPN end point can support multiple concurrent VPN sessions of both scenarios.

The office-to-office scenario is conceptually the simplest. The two office Internet Firewalls are configured to establish a VPN between them, and the two offices become logically one private network, as if a dedicated T1 line connected the two offices. Users in office A can access any resource they are authorized to access in office B, and vice versa. The VPN is always up, and is transparent to the users. The office-to-office VPN counts as only one VPN session regardless of how many users from each office are communicating with the other office over the VPN.

In the remote user-to-office scenario, a separate Internet VPN occurs between each single home or traveling user and your private network. Each concurrent remote user connection counts as one VPN session. The user runs a small application on their home PC or laptop (the VPN Client) that establishes the secure session with the VPN end point (Internet Firewall) at your private office network. The VPN Client has administrator-configured keys that authenticate the Client with the VPN end point. Once the VPN end point ascertains (through the keys) that the VPN Client is authorized to access this network, the VPN session is initiated and the user is logically plugged into the private network. The session is encrypted between the VPN Client and the VPN end point (hence the tunnel) and is relatively impervious to Internet eavesdropping.

Once the VPN session is initiated, standard network authentication (log in) determines the user’s rights on the private network. At this point, the user is a node on the private network, having access to the same resources he would normally have access to if he were plugged into a network wall jack at the office.

Note that the VPN bypasses the firewall rules when it passes through the Firewall, because the VPN user is considered a logical part of the private network, and is not, therefore, viewed by the firewall as coming from the public (Internet) network.

We can set up remote access for users through the use of firewall access rules rather than VPNs, but using a VPN has numerous advantages. With a VPN, session security is independent of the user’s location (IP Address). This is not the case when using Firewall rules to allow access, which can be a real problem. We will discuss alternate remote access methods, and how they compare to VPNs, in our next newsletter.

Key points for a VPN are:

  1. The VPN session is authenticated through keys set up in the VPN software.
  2. The VPN session is encrypted.
  3. Once established, the VPN is transparent to the user.
  4. The user functions as a node on the local network with his usual access to network resources.
  5. The VPN session authentication and access is independent of the user’s current IP address. This is beneficial when we don’t know a user’s home IP, or when the user connects from different locations, as this would make providing access through typical firewall rules difficult.
  6. The VPN passes through the firewall, bypassing all firewall rules.
  7. The VPN bandwidth is limited by the slowest connection point in the session communication chain (usually a user’s dial-up connection (56K).

VPN-enabled firewalls are usually licensed for either a maximum number of concurrent VPN sessions with unlimited internal users, or unlimited VPN sessions with a maximum number of internal users. Which licensing model is most cost effective depends on your environment. VPN-enabled firewalls having capabilities sufficient for small-to-medium businesses typically cost between $300 and $1,000. Many offer additional capabilities and extended support programs at additional expense.

VPN Client software is licensed for each PC/ laptop on which it is installed. VPN Client software typically costs between $60 and $150 per license, depending on the manufacturer. The cost is relative to the software’s features, ease of installation and configuration, and ability to provide automated installation.

We would be happy to help you assess the benefits of deploying VPNs in your environment, as well as assisting you with design, product selection, and implementation. Feel free to contact Tom Kaczmarek at (410) 964-8665 ext. 333 or via email at tomk@vdsys.com if you would like assistance, or if you have any questions concerning VPNs or general network technologies.

 

  
       


Visual Data Systems, Inc.
10760 Hickory Ridge Road, Suite 312
Columbia, MD 21044

Phone: (410) 964-8665 ext. 215 • Fax: (410) 964-5668
Email: info@vdsys.com • Web: www.vdsys.com

To unsubscribe to The Visual Exchange, please send a blank e-mail to: remove@x.vdsys.com.

Copyright © 2003 by Visual Data Systems, Inc. All Rights Reserved.