VPNs offer a cheap option for secure Wan links, writes Nick
Langley
What is it?
Virtual private networks (VPNs) use the
public telecoms infrastructure, and increasingly the Internet, to
provide wide area networks and extranets which would otherwise
require dedicated, leased lines. Privacy is maintained by creating
"tunnels" through the public network, using encryption and other
security techniques.
VPNs are much cheaper than leased-line services such as Kilostream
and Megastream - let alone Frame Relay or Asynchronous Transfer
Mode (ATM) - since bandwidth only needs to be paid for when it is
used, instead of being booked for months or years. VPNs can include
small branch offices, and people working from home or travelling.
Where did it originate?
Early VPNs made use of private
circuits provided and managed by telecoms carriers, which took care
of security. Hence the term "trusted VPNs", since you had to put
your faith in the service provider.
In the 1990s, a variety of VPN hardware solutions became available
which could be managed in-house. With the rise of the business
Internet, it became possible to create IP (Internet Protocol) VPNs,
capable of incorporating any line with an Internet connection.
VPN protocols include Point to Point Tunnelling Protocol (PPTP),
supported by a number of companies led by Microsoft; L2F (Layer 2
Forwarding) from Cisco; and the Layer 2 Tunnelling Protocol (L2TP),
which combines the best of PPTP and L2F. There is also IPSec (IP
Security), which can be used as a standalone VPN protocol or in
conjunction with L2TP and PPTP.
What is it for?
VPNs are available as managed
services, as software products, or as packages which may include
routing, a firewall, bandwidth management, encryption authorisation
and data integrity all in one hardware "box".
What makes it special?
VPN technologies take the
cheapest available ways of linking sites - public telephone lines
and the Internet - and attempt to make them secure. Not all VPN
solutions are equally secure, and not all are compatible with
others. Some add indirectly to costs by making networking
operations more complex. Some carry performance overheads.
How difficult is it?
Experienced network engineers can
learn to install and deploy VPNs in about five days. Support staff
and users also need training, and the complexity of some solutions
is among the factors holding VPN adoption back.
Where is it used?
Wide area networks based on leased
lines, ATM or Frame Relay are too expensive for smaller
organisations to consider unless their businesses depend on moving
very high volumes of data between sites. VPN solutions are
available for organisations of every size.
What does it run on?
VPN solutions are available from
telecoms carriers, networking equipment companies such as Nortel,
security equipment companies such as Checkpoint, and software
companies such as Microsoft. PPTP solutions are available for Linux
and Unix as well as Windows.
Not to be confused with
VPL (visible panty line).
Few people know that
Some VPNs come with anchovies and
olives. See the Verace Pizza Napoletana organisation (www.
verapizzanapoletana.org).
What is coming up?
Take-up of VPNs has been held back
by the relatively immature state of the technologies and the
fragmented nature of the market. But in October 2002 IDC predicted
that IP VPN services and equipment sales would grow by 40% and 50%
respectively over the next 18 months.
Rates of pay
Network support staff can expect a salary
of £20,000 to £25,000, while senior network engineers command
£40,000+.
Training
Training in VPN technologies is available from
suppliers and specialist training companies. See the VPN Consortium
(
www.vpnc.com) for a
list of suppliers. There is also useful information at
www.vpnlabs.com if you
can get past the pop-ups.