Professional Documents
Culture Documents
A white paper
Virtual Private Network (VPN) is the concept of using the internet as transit for private
network traffic, usually in encrypted form. It is also sometimes referred to as a data
network that uses the Internet rather than leased lines for connections. Security is
guaranteed by means of a tunnel connection in which the entire information packet
(content and header) is encrypted and encapsulated. As it is most commonly defined, a
virtual private network (VPN) allows two or more private networks to be connected over
a publicly accessed network. In a sense, VPNs are similar to wide area networks (WAN)
or a securely encrypted tunnel, but the key feature of VPNs is that they are able to use
public networks like the Internet rather than rely on expensive, private leased lines. At
they same time, VPNs have the same security and encryption features as a private
network, while taking the advantage of the economies of scale and remote accessibility of
large public networks.
In a VPN, an organization uses the bandwidth of the Internet to establish private, secure
connections between its remote offices and/or employees. Each of the remote users
connects to the local ISP in the same manner that is used for Internet access: dial-up,
cable, DSL, ISDN, T1 or wireless.
A process called “tunneling” is used to carry the data over the Internet. However,
tunneling alone does not ensure privacy. To secure a tunneled transmission against
interception, all traffic over a VPN is encrypted for safety.
Fig 1: Virtual Private Network (VPN) with tunneling over the internet.
What is Tunneling?
Essentially, tunneling is the process of placing an entire data packet within another packet
(which provides the routing information) and sending it over the Internet. The path
through which the packets travel is called a tunnel. For a tunnel to be established, both
the tunnel client and the tunnel server must be using the same tunneling protocol. The
thing that makes a Virtual Private Network “virtually private” is a tunnel. Even though
you access your network via the internet, you are not really “on” the internet; you are
actually “on” your company network. As with any internet traffic, your VPN tunnel data
packets may take different paths between two endpoints. What makes a VPN
transmission a tunnel is the fact that only the recipients at the other end of your
transmission can see inside your protective encryption shell.
Hence Virtual Private Networks (VPN) enables a business to use the Internet as its own
dedicated network. It allows employees, satellite offices, and select customers, to share
information and perform routine administration tasks, confidentially and securely from
any location. The principal advantages of a VPN over traditional computer network
solutions are:
There are basically three types of VPN’s deployments a) Intranet VPN’s deployed
between internal corporate departments and branch offices. b) Remote Access VPN’s are
between a corporate network and remote and/or mobile employees and c) Extranet
VPN’s which are between a corporation and its strategic partners, customers and
suppliers.
IP-VPN, which, in simplistic terms, essentially brings the reach and flexibility of IP
(Internet Protocol) to the VPN equation. However IP can't tell the difference between
mission-critical data packets and data packets that can wait, which makes it difficult for
service providers to prioritize traffic on their own IP networks. However while traditional
IP networks have no means of labeling, categorizing or monitoring the packets that
traverse them, MPLS(multi-protocol label switching) technology works to solve those IP
shortcomings, placing labels on IP packets and providing that labeling function. And
because MPLS is an overlay protocol it can operate over the top of the IP protocol in the
same network without interference. MPLS is not designed to replace IP. Rather, it is
designed to add a set of rules to IP so that traffic can be classified, marked and policed.
MPLS-equipped networks use MPLS-aware devices known as label edge routers (LERs),
positioned at the network’s edges. These devices are designed to inspect IP packets
entering the network and add MPLS headers, as well as removing the headers from
packets leaving the MPLS network. Inside the boundaries of the MPLS network, devices
known as label switch routers (LSRs) look for an MPLS label on each packet that passes
through them, looking up and following the instructions contained in those labels, routing
them based on a list of instructions.
One of the most obvious advantages of MPLS is that it provides network administrators
with a number of tools for traffic engineering. An MPLS network can offer the same sort
of quality of service guarantees that data transport services like Frame Relay or ATM
can, without requiring the use of any dedicated leased lines. An administrator, for
example, can ensure that VoIP traffic will be routed through the most reliable, highest
performing sections of the network while less critical traffic, such as email, is sent across
the slower sections. The reason MPLS technology is contributing to the rapid growth of
the virtual private networking market is that it provides service providers and network
operators with a simpler means of adding VPN technology to their portfolios, and a
simpler means of provisioning VPNs to their customers. MPLS significantly reduces the
cost of implementation, which in turn reduces the overall cost of VPNs. And reduced cost
is possibly the largest motivator in the migration from more infrastructure-heavy private
networking.
Though MPLS is best suited to the needs of large-scale network operators, its
implementation can benefit a range of network users, from service providers themselves,
to enterprises and even small- and medium-sized businesses, with the ever-increasing
functionality and cost-effectiveness of data transport services.
An enabler for Industry
In India MNCs have been the first adopters of VPN technology as they can connect
seamlessly into the networks of their parent organizations for global efficiencies. As
multinational corporations expand their manufacturing, customer service and sales
operations in India, they are also extending their networks, adding bandwidth and running
ERPs and other applications over their IP VPN networks. Indian companies are also
looking to build regional or global networks with the help of IP-VPN technology as they
expand their operations overseas. There is also increasing interest in IP-VPNs from the
most conservative industry sector - the financial industry. Hitherto, their exacting needs
for reliability and security made them reluctant to trust even part of their data networks to
an outside party, much less a technology based on the same protocol used by the public
Internet. However, after years of successful commercial use, IP-VPNs are starting to win
over the financial sector in India with the growth in online banking and e-commerce.
According to the study done by Frost & Sullivan for the Indian IP VPN market in 2004
the FMCG vertical was an early adopter of the technology followed by the healthcare
segment and as Enterprise in India’s booming economy set up fresh networks to connect
their various locations , they are most likely to opt for MPLS based IP VPN. The growth
of call centers, business process outsourcing, software technology parks, and dedicated
software centers is likely to propel demand for data services in India. The booming retail
industry in India is also using the technology very efficiently to connect their various
outlets, suppliers and corporate offices. The fact that government departments are
turning tech savvy, connecting all the regional offices is likely to be another potential
growth area for IP VPN. Such kind of initiatives using IP VPN technology ultimately
benefits the common man making his/her life that much simpler.
Fig -3: IP VPN Market revenue forecasts (India), 2005-2009. Source: 2004 Frost &
Sullivan Report
Fig -4: IP VPN Market share Analysis (India). Source: 2004 Frost & Sullivan Report
Conclusion
If organizations are planning a VPN deployment they must carefully research a VPN
product so as to determine whether it will provide more than one type of VPN
implementation (Intranet/Extranet/Remote access VPN). However, most organizations
may have many remote offices to connect together securely, along with an increasingly
mobile workforce, and a desire to leverage the internet to get closer to clients and
business partners. Hence the bottom-line would be that while an organization may only
plan to implement one of the three types of VPN’s initially , the VPN solution it selects
should provide the ability to add either or both of the remaining two types seamlessly
easily.
VPN networks are robust, secure, scalable, flexible, cost-effective and easier to maintain
in the long run. They represent the march of technology in terms of a communications
solution for business that is future ready. With a VPN , organizations can see immediate
cost-reduction opportunities in their long distance charges, leased line fees, equipment
inventories (like large bank of modems) and network support requirements The move to
IP-VPN networks will only increase as companies become more interested in voice and
video applications over IP networks. So IP VPNs represent the next generation in terms
of communications networks, and will power the future of business and governance with
the convergence of voice, video and data services over IP networks.
Bibliography
Mohit Madhok is an MBA graduate from Monash Mt Eliza Business School, Melbourne
Australia with 9 year’s global expertise in Marketing, Sales, Business Development, and
Partnerships/Alliances. He has worked previously with organizations like IBM Canada
and British Airways. He is currently the Marketing Manager for Sify Enterprise Solutions
based out of Chennai. He can be contacted at mohit_madhok@sifycorp.com