Virtual private network (VPN)
Virtual private network is a safer and cheaper way to communicate between the remote users of an organization. It aslo allows to share the information accross the public network (Internet). Virtual private network allows sending data between two remote computers across a public/shared network in a way that shows that as if data is traveling with in a point to point private link. Virtual private network facilitates to make a safe and effective connection with a distant computer.
A virtual private network allows an organization to use a private network for various services or a public or shared infrastructure such as the Internet, the shared infrastructure is known as the virtual private network. Usually virtual private network is used to make a link between the Internet and a private local area network. When remote computers are connected with the virtual private network connection to a remote local area network, it seems to the users as if they were connected locally to the network.
Virtual private network connection makes possible for the employees of a company to access servers on the remote network and to use shared resources such as files, folders and printers. Technical aspects of virtual private network: Virtual private network is considered highly secured; one of the technical reasons is due to the introduction of IPSec. IPSec has made virtual private network data more secure and consistent among service providers. The integrity and confidentiality of the data over virtual private network is usually assured by authenticating packets to establish the validity of the information.
Virtual private network products are divided into three major groups: hardware based systems, firewall based systems, and standalone application packages. Usually hardware based virtual private networks are encrypting routers, are the simplest one like plug and play device. The draw back is that it is not flexible as software based systems are, and are perfect in situations where both endpoints of a virtual private network are not in control of the same company. Firewall based virtual private networks are one of the most secure devices and has the advantage of the existing security mechanisms of the firewall.
Sometimes there are some performance issues in this type. Virtual private network uses technologies like frame relay and Asynchronous Transfer Mode (ATM). Nowadays IP and IP/Multi-protocol Label Switching (MPLS) based virtual private networks have become more popular and have replaced virtual circuits (VC). Virtual private network is dependent upon the different users and relevant provider network devices. So first we will describe the different users and relevant provider network devices, before going in to the details of various virtual private network technologies and models.
Generally customer (C) devices are divided on to two categories: routers and switches and are located within the customer network. Moreover these devices do not have direct access to the network of service provider and are not aware of the virtual private network customer edge (CE) are found at the edge of the customer network and connect to the provider network. Moreover in Customer Edge based virtual private networks, a customer edge device knows about the virtual private network. In provider edge based virtual private networks, customer edge devices do not know about the virtual private network.
Customer edge devices are divided in two categories: customer edge routers or customer edge switches. Virtual private network devices in the service provider network also lies in the following: service provider (P) devices: Includes routers and switches, these devices do not directly connect to the customer networks and do not know about the customer virtual private networks. Service provider edge (PE): Includes provider edge routers, provider edge switches, and provider edge devices that are capable of both routing and switching. These devices use customer edge devices for connecting directly to customer networks.
In customer edge based virtual private networks provider edge devices are unaware of the virtual private networks, but know the virtual private network in provider edge based virtual private networks. There are two ways in site to site virtual private networks, customer user data traffic is either tunneled between customer edge devices or between service provider edge devices. Technologies and protocols used to enable side to side virtual private networks are: Generic Routing Encapsulation (GRE), the Layer Two Tunneling Protocol version 3(L2TPv3), Draft Martini Pseudowires (emulated circuits), IEEE 802.
IQ tunneling (Q-in-Q), MPLS Label Switched Paths (LSP), and IP Security (IPSec). IPsec (IP security) is a group of protocols for securing Internet Protocol (IP). IPSsec encrypt each IP packet in a data stream, it also includes protocols for cryptographic key establishment. IPSec is more secure and flexible, because most of the Internet security protocols are operated from the transport layer and IPSec protocols operate at the layer 3 of the OSI model ie network layer. IPSec can be used for protecting both TCP and UDP based protocols and it does not depend on TCP for reliability.
While deploying remote access virtual private networks, some of the major technical aspects for customers and service providers should be: Is the functionality provided to the remote users is satisfactory and can it be compared with local users at the central side? Make sure that the traffic passing through the virtual private network is secured i. e. it should be authenticated and encrypted. Remote devices should be protected and the traffic should not be vulnerable to attacks. Is virtual private network is scalable, i.
e. can our virtual private network supports a large number of remote access users. The virtual private network should transport multi protocol traffic. The virtual private network should support multi cast traffic. Another attracting feature of virtual private network for companies is its flexibility; usually they do not require long term contracts with the service providers. So the companies can easily change the service provider, may be to a lower priced service provider or according to any other criteria if they needed.
Companies can switch to higher speed Internet connection swiftly; the configuration is also simple and is completed in a shorter time. Where as in some countries leased line installation could take a year, this factor can make a vital changes in financial progress and over all performance of the companies. Example how a small business can use and benefit from using a VPN: To explain how a small business can use and benefit from using a VPN, here is an example of Rapid Company:
Rapid Company is one of the fastest growing small scale company, its head office is in Chicago has and other offices are in different parts of the world. The other offices are in Asia and Europe, in the offices all employees are connected via local area network/private connection with in an office. But for sharing information from head office to any other office they are dependent on emails, faxes and can share limited data due to time and other constraints. The Rapid Company has some of their mobile sellers, who are selling their products in different parts of US.
At the beginning of this year the management of the Rapid Company felt that there must be a connection between head office and other offices because lot of time is being wasted due to limited communication other offices are being isolated from the head office. Head office and the other offices should share information frequently and easily with each other as they are sharing with in their offices. The task was a given to Network Manager and his team, to connect the head office and other offices. After brainstorming, study, and analysis a report was prepared by the Network team.
The details of the reports are as follows: There are three possibilities for connecting head office with other offices, the first option is Internet. Internet is cheap and is easily available but it has few draw backs: All the companies can share data on the internet, but data on Internets is not secured because many other people are using Internet because it is a public connection and any invader can easily access the data, change the data, or pass it to other rivals. In this scenario data is vulnerable to attacks by the invaders, data integrity and confidentiality may be violated.
Internet has lots too many benefits but it as public connection and any one can access and change the information, integrity and confidentiality of the company as at stake, therefore Internet might not be the best choice. The second option is the leased line connectivity, it is save and secure because only employees of the Rapid Company can access leased line. Employees will also take advantage of high speed connectivity and data would be transferred at a high rate, but the tariff given by the leased line Company shows that it is one of the most expensive options.
The cost of leased line is dependent on two factors distance and bandwidth. That means that if our Company wants to have a high speed leased line they have to pay a huge amount. Another factor is distance and in our scenario the offices are lying in different continents of the world, it means that the distance is too much and charges for the leased line are almost unaffordable. Therefore maintaining leased lines will be too expensive and cost will keep on increasing if the distance increases or new office is added.
The last option is to connect the offices via virtual private network, which is one of the most integrated technologies being deployed in today’s network. In our scenario the demand for cost and time saving factors has made virtual private network as an alternative option for network connectivity of the head office and other offices. The virtual private network provides authenticated and authorized connectivity between the offices in a seamless and automated fashion.
Virtual private network is cheap because connections with the remote offices we will be made using the internet. It also allows creating a secure and tunneled connection between head office and other offices. In this manner we can create a connection across the Internet with head office and the other offices private local area network. Management was much impressed with third option because it was economical, secure, and there is no need for change in infrastructure with in the offices. The Network Manager and his team were given the task to implement virtual private network.
The network team finally decided that virtual private network solution would be like the following: virtual private network capable devices will be placed on the head office and the other offices, virtual private network tunnel will be created between these devises. IPSec capable routers for internet connection would be placed at each office; IPSec encrypts IP packets and wraps it in an IP header to be sent across Internet. Virtual private network tunnel allows the transmission of data through internet in such a way that outing nodes in the internet would not know that that the transmission is coming from a private network.
The private network data and protocol information passing through the internet was first encapsulated. If anyone tries to read it, will not be successful. Virtual private network solution suggested for the company will provide the following features: Virtual private network solution must stop the unauthorized users from accessing the network and it must verify the employee’s identity. The record should be maintained showing the time and id of the employee who accessed the network.
Virtual private network must ensure that the private addresses of the employees are kept private and it must assign a virtual private network employee’s address on the intranet. Data transmitted to the Internet must be encrypted, so unauthorized users on the network cannot use it. New encryption keys should be generated for the employee and the server and it must handle common protocols used in the public network. The above a virtual private network solution works well for the Rapid Company, but after few weeks’ management wanted solution for the sales team.
The sales team is working in different areas of US, they also want to access the virtual private network of the company. Now the situation is different because the previous virtual private network solution was site to site for fixed locations. Now for mobile locations networking team suggested remote access virtual private network. For developing remote access virtual private network between mobile users and the company virtual private network enabled software were installed and configured on the lab tops and mobile devices.
Sales team was able to connect with virtual private network of the office through their mobile gadgets by entering IP address, user id, and passwords. Conclusion: Virtual private networks give the benefits and freedom of wide area networks and on other hand have the same security and encryption features as of private network. Highlighting feature of virtual private networks is that they are able to use public networks like the Internet, which is a much cheaper way as compare to expensive private leased lines.
Virtual private network makes possible for different users of a company to exchange critical information effectively and safely. The users may be at any remote locations such as at any branch offices, at residence, or on the street. Virtual private network enables sellers, dealers, and business partners from different parts of the world to exchange information swiftly and safely. For developing virtual private network there is no need for extra investment in the actual infrastructure, so operational costs can be reduced by giving network services to appropriate companies.
A well designed virtual private network provides remote and secure access to company resources over the Internet, which leads to successful growth of a company and has number of benefits like: geographic connectivity extension, security enhancement over data lines, operational cost reduction, reduction in transit time and transportation costs, simplification in network topology, opportunities for global networking, provision for broadband networking, and improvementt in economy scale.
Behrouz A Forouzan: Data Communications Networking: McGraw-Hill Mark Lewis: Comparing, Designing, and Deploying VPNs: Ciscopress. com, 2006 Microsoft Tech Net: Virtual Private Networking: An Overview: http://www. microsoft. com/technet/prodtechnol/windows2000serv/plan/vpnoverview. mspxSample Essay of PapersOwl.com