Everything is both bigger and smaller these days. Used to be you had to be physically close to communicate, but that ended with the written word and development of courier and postal services, and was refined through telegraphs, telephones, and successive incarnations of communications technologies. The Internet created a shared space for communications. Now we are able to create shared spaces for select people across the globe, using virtual networks. I thought it could be useful to explain virtual private networks (VPNs), and why you could really use one, right now.
Global Issues, New Challenges
Business is a global issue, and an increasing amount of companies have global concerns, instead of the old regime of localized logistics and national markets, where global communications meant the occasional international phone call. Now a lot of companies have offices and facilities in across the globe, and a pressing need for secure, fast communications between them.
There are different ways of going about this – using a network of leased dedicated lines called a WAN (Wide Area Network), or by communicating through a password-protected Intranet. But these solutions have their drawbacks. WANs tend to get really expensive when distances between facilities increase, and Intranets are very limited in what kind of services they can provide. Unless you are a big telecommunications company, you absolutely don’t need to own fibre-optic cables. The modern multinational business needs more, at a smaller cost. What they need is a virtual private network. Let me run you through the basics.
Virtual Connectivity
A VPN is basically a private network of computers using a public network, like the Internet, to connect individual users or groups of users in remote facilities. Unlike a WAN, the VPN doesn’t need a dedicated line, but is routed through the public network using encrypted traffic on "virtual" connections. The key concept is that the VPN links authorized users only, and creates a shared network only between those who can be authenticated as such.
A good, well designed VPN does a number of things that can be of great benefit to any distributed organization. First of all, it connects people in remote locations, reducing the need for travel and lowering costs, while providing faster return on investments. The main difference from leased lines, or WANs, where the cost increases in proportion to the distances involved, is that geographical distance or distribution has very little impact on the cost of a VPN. Getting everybody hooked up in the same shared space like this can certainly make a company more productive – and an improved communications environment can shave many minutes off of decision-making processes. For the technical staff it creates a much simpler network topology, with much lower operational costs, and a lot less hardware to maintain and update.
What You Need
Setting up any kind of network requires some investments in hardware and applications. For a VPN – depending a little on which setup you choose, you need VPN concentrators, or secure firewalls; dedicated servers to run the network; software to run the VPN and provide policy management, and desktop applications for the users’ PCs. You can also add optimized routers to enhance connectivity. This is all available off the shelf, and many companies make a living installing and running them for you, so you don’t have to.
Two Kinds
There are different types of VPN, with different characteristics and connection strategies. A common form is typically used when employees need to connect to the company network from different geographical locations. Called a Remote Access VPN, or a Virtual Private Dial-up Network (VPDN), these allow users to connect to the company LAN (Local Area Network) from any location. For big implementations, many companies choose to outsource the system, installing applications and security access software on client computers. Outsourcing makes the system scalable and low-maintenance. This type of VPN is often used in companies with a lot of sales personnel in the field, or with a distributed, work-from-home employee base.
Another, more robust network setup is the Site-to-Site VPN. In this case, companies set up dedicated hardware, and provide strong, reliable encryption schemes, to connect entire remote sites to each other. If this is a VPN within an organization, it is referred to as an Intranet-based VPN. This connects different LANs to each other, and is typically used by large multinational companies with a major presence in several locations. The same technical setup can connect different companies or organizations, in which case we are talking about an Extranet-based VPN. This is the network of choice for companies who work in close partnership with one another, or companies with a network of franchise retailers – very handy for common procurement and logistics systems.
Keep It Secure
Security is everything, regardless of your chosen mode of connection, and this goes for virtual private networks as well. A VPN is totally reliant on the trust of its users, which means that there can be no breach in the network. Firewalls are mandatory. They are used to place restrictions on the kinds of traffic that is allowed to pass into the network, and to control port access, packet sizes and types, and which protocols the VPN should allow. Everybody needs one of these before they even think about setting up a secure network.
In addition, all traffic within the VPN is encrypted to protect the communication from unauthorized access. There are a lot of different encryption methods, but the most important method is public key-encryption – a truly intelligent and hard-to-break kind of security technology. A very short and imprecise explanation of how these work: Each computer has a private encryption key, which only exists on that computer; and a public key, which is distributed to anyone for safe communications. Decoding a message requires a combination of the private and the public key. The method is based on the use of staggeringly huge prime numbers that need to be multiplied with each other, and require so much computational time and power to crack, that it becomes more or less completely secure. Encryption is a must for VPNs.
Through the Tunnel
Most VPNs use a technique called tunnelling for secure data communication. This is based on standard packet-switching technology – the same protocol used for all network communication. Tunnelling essentially puts each data packet inside another special packet adhering to a protocol that is understood by both ends of the network. This gives added security, since all packets have to be sent in this form, or they won’t go through.
All these technologies and techniques amount to a good system for secure communications between select people in different distributed locations. The basic things a VPN can provide is secure communications, integrity (no packet loss or change in the transmitted data), and facilitation – a shared communications platform. If you are part of an organization of people who are spread out over different locations, a VPN offers many benefits. Which kind you need is dependent on your organizational design, and there are way too many questions to be addressed to cover in a short article. But at the present time, a virtual private network is the safest, most reliable and most cost-effective way to connect a distributed group of people.
Do you have any comments to this articel, please let us know:
Please be civil.