Until recently, SMEs had only two options for extending their networks geographically while still allowing remote access: a leased-line-based wide area network (WAN), or a dial-in service. Now there is a less expensive and more flexible option – a virtual private network (VPN).
As an SME looking to maximise flexibility in the market place while keeping a lid on hardware and software costs, you’ll find a VPN very affordable – it operates on a portion of the public telecommunications infrastructure rather than on leased lines.
Because a VPN uses the Internet, real-time secure access to the network is available for the price of local Internet access. VPNs are flexible enough to allow new users to be added quickly and easily, without the configuration required to add users to a private network.
VPNs use encryption and tunnelling to protect confidential information as it travels over the Internet and, as technology has evolved, VPN security has improved. Increasingly robust and easy-to-administer firewalls and other security measures prevent hackers from accessing a business network.
For SMEs, use of an Internet connection, typically these days accessed using a DSL connection secured with a VPN, will generally fall into one of three categories.
First are extended intranets. These VPN implementations are typically found in branch offices, franchise sites and for remote workers. They provide nearly the same level of connectivity and reliability as a private network. Costs are lower, because Internet connections replace more expensive leased lines and more desktops can gain access to the network; a VPN allows new users to be added almost instantly, thus extending the reach of the corporate intranet, so that all employees can take advantage of its information and resources.
Second is remote access. Here, VPNs provide a cost-effective alternative to standard dial-in remote access to a company network. Users can connect to the network via the Internet, eliminating expensive dial-in costs. An employee on the road can gain full network access simply by tapping into an Internet connection. Overseas offices can connect directly to the corporate database over local lines instead of a more expensive leased line.
Third, there are extranets. These typically extend a corporate network to include customers, suppliers and other business partners. In a business-to-business environment a VPN can enable workers to research products, place and fulfil orders, and collaborate via a secure Internet connection. By involving customers and suppliers, VPNs smooth the transition to e-commerce and other forms of online ordering and fulfilment. Because this business-to-business communication is done via the Internet, connection costs are low. It can enable productivity-boosting applications such as EDI, and streamline business processes such as ordering, shipping and billing.
What you need to build a VPN
Most SMEs will find it easier to install a VPN through a Service Provider (SP). In this case, you simply connect to the SP using routers (for sites with multiple users or heavy-duty usage) or modems (for individuals or branch offices with light usage) just as you might connect your central site and remote users to the Internet.
There are two types of VPNs: dial VPNs and dedicated VPNs. This allows VPNs to take advantage of the low cost of ordinary dial-up services or, where a high-speed, high-capacity remote link is needed, they can operate over Frame Relay services or leased lines.
When you implement a VPN, the offices in your network will need a firewall to act as a ‘sentry’ to protect your network from
unauthorised users. This firewall can be a standalone device, but for small networks, firewalls can be integrated into a server or router, simplifying management and lowering capital cost.
Do keep in mind that using a VPN means relinquishing some control over your network. Be sure to find an SP that can provide a strong service-level guarantee (99% uptime or better) and support the protocols you are using (most likely IP – Internet Protocol) with minimal latency or traffic delay. If you have sites in many countries, you also may want to look for an SP that already has – or is planning to have – local points of presence in the nations where you operate. This keeps your costs down by minimising long-distance phone charges; your sites connect using local calls.
Most businesses these days want remote locations to have full access to the company network, for seamless communication and increased productivity. DSL connections into the corporate network can satisfy the speed and flexibility demands of this type of access, but using the Internet as part of your company’s network carries with it important security issues. The data you transfer across these lines should be encrypted to prevent unauthorised access. Also, the connections themselves must be secure, to prevent unauthorised users from connecting to your network and accessing your company’s data.
So the landscape for SMEs looks favourable: those wanting to take advantage of web services and communication network technology will find it affordable and, perhaps more importantly in today’s aggressive markets, flexible.
This view seems to be underpinned by industry analyst predictions, which believe e-business Service Providers (eBSP) and small businesses alike are taking advantage of the benefits technologies such as VPNs offer.
According to In-Stat Cahners by 2004, business from these small businesses is expected to total more than $600 million.
The market for Web-enabling services in the small business market has grown quickly over the last 24 months. More than 800,000 small companies have built a Web presence using an eBusiness Service Provider. In-Stat expects more than 3 million small companies to move online through an eBSP, say analysts from In-Stat's eBusiness and Infrastructure Service.
“The challenge for providers in this market will be acquiring serious, paying customers quickly and cost effectively, as well as continually provisioning new, useful and relevant services to these customers as they evolve online,” says In-Stat.
The market for Internet-based VPN services that reduce the cost and complexity of remote access for SMEs is also poised for explosive growth in the next two years, according to Access Markets International Partners, who believes that nearly one in five of the 7.6 million SMEs in the United States makes use of high-speed Internet access.
“Such services can bring the advantages of VPNs – revenue increases, lower costs, increased productivity and improved responsiveness to customers – to SMEs, which previously could not afford VPNs and typically lack the technical resources to install and operate them,” says AMI-Partners.
Given such potential financial rewards and business benefits, the growing number of SMEs using low-cost, high-speed Internet access and operating local area networks, is evident AMI-Partners explains.
To sum up the choices are clear: private communications lines are expensive, but secure. On the other hand, Internet connections are cheap, but not secure. They can be compromised at any point - from your local ISP to the ISP at the other end of the line.
However, a virtual private network VPN can help resolve the problem. The technology that establishes a VPN is fairly easy to understand. You apply encryption to every communication that passes up and down a line, decrypting the information at the other end. Then, it doesn’t matter whether someone tries to listen in to the communication, because they won't get past the encryption.
Some advice on implementing a VPN
The first thing to consider is why you want a VPN and what place it occupies in your IT infrastructure. There are different kinds of line you might want to secure. You may, for example, want to have secure connections for telecommuters, when they work from home.
Alternatively, you may be leasing a private line between geographically separate sites and wish to replace it with a VPN. Another possibility is that you need a direct connection to a partner or supplier and thus want to use the Internet with a VPN to secure the line.
An important point to understand about VPNs is that they only secure communication lines. If you have staff using home computers to access the company network you also need to secure the home computer with antivirus software and a personal firewall. The problem here is that home PCs can be hacked into and hackers can then simply use the VPN to get into the company network. Worse, if this happens it will look as though the staff member is hacking the network.
Similar considerations apply to the other types of connection. If one end of the line is compromised, the VPN simply opens a gateway into the network at the other end of the line. This is why some VPN products also include a firewall. The firewall protects the network even if the VPN is compromised. You would be particularly well advised to use such a product if you are implementing a direct link to partners or suppliers.
Another point worth noting is that the encryption a VPN implements consumes a good deal of processing power, so VPN products are often "appliances", which really means that they come as ready-loaded computers that have the appropriate amount of processing power and connections to be simply slotted into the network.
Even if you buy a software-only VPN product you will probably need to put it on its own server, so buying an appliance makes sense. Finally, VPN appliances or servers can run out of steam so you need to have the vendor do some sizing work for you, so that you can be confident the VPN has the required capacity.
Click here for Part One of the SME supplement >>