Evocal

1. What is a virtual private network?
2. What are the basic features of a VPN?
3. What are the benefits of using a VPN?
4. How do companies implement and use a VPN?
5. Are extranets not the same thing as a VPN?
6. How can VPNs save my company money?
7. What about VPN performance and reliability?
8. What about network availability?
9. What type of encryption is used with a VPN?
10. How are VPN users authenticated?

1. What is a virtual private network?

A virtual private network is essentially a system that allows two or more private networks to be connected over a publicly accessible network, such as the Internet. It usually consists of an encrypted tunnel of some kind, although a VPN can take several forms, using different combinations of hardware and software technologies. They can exist between an individual machine and a private network, or a remote local area network (LAN) and a private network.

2. What are the basic features of VPNs?

Aside from supporting basic LAN interfaces, a good VPN should have high-availability features such as redundant power supplies. Also, all VPNs require some kind of authorisation protocol and encryption, although some companies may choose to opt out of the latter. Other advanced functions can be useful, such as data compression, routing ability, network address translation, bandwidth management capabilities and fail-over redundancy.

3. What are the benefits of using a VPN?

A VPN service is an economical alternative to setting up a private network with expensive leased lines, as it can use existing IP infrastructure and equipment to connect remote users and offices. For offices with great distances between them, VPNs are ideal because they can provide connectivity for almost any location in the world without incurring long-distance charges. Also, the flexibility and relative simplicity of VPNs provides SME's with the option to switch to a different provider, increase bandwidth, or add more offices to the network more freely than with other schemes.

4. How do companies use VPNs?

Once a company connects to a VPN server, it can either use the same applications that it normally uses to connect to the Internet, or it can purchase or rent the appropriate devices, depending on the scope of the network. It can then be used to connect LANs in different sites, or give customers, clients and consultants access to corporate resources, provided they have compatible software and can be authenticated. Often VPNs are useful for mobile workers such as salespeople and home workers.

5. Are extranets and VPNs the same thing?

Not really. An extranet is basically a glorified Web site, which allows clients or partners access to the corporate intranet for highly specific, often administrative functions. A VPN uses a protocol that allows remote PC full access to a company's network, as if it were actually in the home office. Although extranets take a variety of forms, some of which can resemble a VPN, they do not have the same function. However, using a more sophisticated authentication and segmentation method, a company can build a separate extranet application on its VPN, possibly saving money in the process.

6. How do VPNs save money?

By using a relatively cheap local dial-up or broadband connection, companies using VPNs save on telecommunications costs, and also reduce long-distance phone charges. They also cut down on operational costs by outsourcing the management of equipment used for remote access, as well as reducing the number of access lines running into a corporate site. In some cases, the company can "borrow" the necessary hardware from a VPN service provider, at no extra charge. Finally, a VPN can theoretically alleviate the support burden, as the public service provider is generally responsible for supporting its dial-up customers.

7. What about VPN performance?

There are a number of factors that can contribute to the VPN's performance. While some of the issues may be related to the hardware or software applications being used, much of it depends on the Internet itself. The availability and speed of IP services may differ from one area to the next, as well as the actual provider. Because of this, most VPN providers will not offer a guarantee on the latency of packets moving across the network. Performance also depends somewhat on the encryption scheme being used, as well as the client's ability to process it. Highly encrypted data takes considerably longer to transmit, especially on larger packets being sent through a dial-up line.

8. What about network availability?

Since VPNs rely on a public network to connect PCs, they are often at the mercy of service providers. Equipment problems can plague ISPs, or even the root servers that make up the core of the Internet, which means outages are always a possibility. Lately, ISPs are trying to improve the reliability of their networks by making them more redundant and upgrading their infrastructure, but few will offer 100 percent availability. Some providers will offer refunds or credits to compensate for any downtime that might be experienced. Companies must be realistic, and take into account the possibility of downtime when setting out on any endeavour.

9. What type of encryption can be used?

Modern VPNs can use just about any common encryption technology available, and equipment vendors usually give their customers the choice. Whether hardware or software based, all VPN providers offer some sort of encryption scheme, which can often be customised to suit the buyer.

10. How are VPN users authenticated?

VPNs usually take some sort of firewall, often a surprisingly simple "plug-and-play" solution provided by a vendor. The system is installed on as many LANs as needed, and keys are exchanged between the users in order to provide authentication. All VPNs require that an access device be configured to recognise and authenticate remote users. A wide number of techniques and products, both hardware and software based, are available from vendors. Stronger and more advanced authentication techniques, such as tokens or regulated access levels, can also be implemented