You are on page 1of 4


i j k l m n j k l m n j k l m n

InternetWeek TechWeb Internet

Advanced Search

Sections Home Breaking News In Depth Reviews Columns Case Studies E-Business Applications Net Infrastructure Net Results E-Research Net Effects SoapBox Resources About InternetWeek Rules of Engagement: Working With InternetWeek Resource Centers VPN Source Page Q&As Supplements Beat Coverage Salary Survey Services E-Mail Newsletter Subscriptions Marketing & Advertising 2001 Editorial Calendar Spotlight Showcase

VPN Frequently Ask Questions
This page contains a list of frequently asked questions about VPNs. The list is broken into three main categories. General VPN Questions Performance Issues VPN Technology Questions

General VPN Questions Q: What is a virtual private network? A: A VPN gives users a secure way to access corporate network resources over the Internet or other public or private networks. Q: What are the elements to a VPN? A: VPNs typically include a number of security features including encryption, authentication, and tunneling. Q: How do companies use VPNs? A: A VPN can be used in place of traditional dial-up connections to provide access to remote users and telecommuters; can be used to connect LANs in different sites instead of using the public switched telephone network or dedicated leased lines; and can be used to give customers, clients and consultants access to corporate resources. Q: Is a VPN the same thing as an extranet? A: No. Most VPNs can be designed to work as an extranet. But not all extranets

Spotlight Showcase IT Week Career Direct Card Deck Online Privacy Statement Sponsored by:

A: No. Most VPNs can be designed to work as an extranet. But not all extranets are VPNs. Q: Then what is an extranet? A: Extranet is a general term than can mean many different things. The common definition of an extranet is a type of network that gives outside users, such as customers, clients and consultants, access to data residing on a corporation's network. Users access the data through a Web browser over the Internet and typically need to enter a user name and password before access to the data is granted. Q: How is this different from a VPN? A: A VPN can be used in a similar manner, but typically a VPN has much higher security associated with it. Specifically, a VPN typically requires the establishment of a tunnel into the corporate network and the encryption of data passed between the user's PC and corporate servers. Q: Why bother with a VPN, aren't there other ways to give users secure access to network resources? A: There are different ways to control access and provide secure access to network resources. A VPN is just one of those ways. Q: What are some of the other methods for giving users access to network resources over the Internet? A: Depending on the level of security needed, a company could choose to use an extranet approach or a customized approach that combines password protection of network servers with third-party authentication systems. Q: Why do companies use VPNs? A: There are many reasons to use a VPN. The most common reasons are (1) to save telecommunications costs by using the Internet to carry traffic (rather than paying long distance phone charges), (2) to save telecommunications costs by reducing the number of access lines into a corporate site, and (3) to save operational costs by outsourcing the management of remote access equipment to a service provider. Q: How does a VPN cut long distance phone charges? A: Long distance phone charges are reduced with a VPN because a user typically dials a local call to an ISP rather than placing a long distance call directly to the company. Q: How do VPNs help a company reduce the number of access lines they must pay for. A: Many companies pay monthly charges for two types access lines: (1) highspeed links for their Internet access and (2) frame relay, ISDN Primary Rate Interface or T1 lines to carry data. A VPN may allow a company to carry the data traffic over its Internet access lines, thus reducing the need for some installed lines.

Bank Systems & Technology CMPmetrics eBusiness Expo File Mine InformationWeek Insurance & Technology InternetWeek Network Computing PC Expo Planet IT TechCalendar TechEncyclopedia TechLearning TechReviews TechWeb News TechWeb Today Wall Street & Technology Ad Info

lines. Q: How can a VPN save operational costs? A: Some companies hope to save operational costs by outsourcing their remote access to an ISP or other type of service provider. The idea is that by giving users access to the network via a VPN, a company can get rid of its modem pools and remote access servers. The operational cost savings come from not having to manage those devices. Performance Issues Q: What about VPN performance? A: There are several issues to consider when exploring VPN performance. Some are related to the Internet itself. Is if available? What is the latency for packets traveling across the network? Other performance issues are related to the specific VPN applications. Q: What are the concerns about network availability? A: The Internet occasionally experiences outages. For example, in 1997 there was a system-wide availability problem when a corrupted master list of Domain Names was distributed to the handful of root servers that are the heart of the Internet. More frequently, a particular Internet service provider may experience equipment problems leading to a service outage that can last from hours to days. Q: What can be done to ease concerns about network availability? A: Many service providers are trying to improve the reliability of their networks to prevent outages. While they cannot guarantee 100 percent availability, many providers are offering service level agreements that offer credits or refunds if network availability falls below a certain level. Q: How good are the network availability service level agreements (SLAs)? A: Most of the service providers with nation-wide backbones guarantee the network will be available at least 99.6 percent of the time. That translates into a maximum outage time of about 6.5 minutes a day before the refund or credits kick in. Some offer higher availability with refunds or credits kicking in for outages of 3 minutes per day or longer. Q: What are the short-comings of these SLAs? A: All VPN SLAs offered today only apply to the specific service provider's network. If the traffic crosses from one provider's network to another, the SLAs do not apply. Q: What about latency? A: To date, there are no VPN SLAs that address latency. The service providers say they will need a number of things, like the ability to offer quality of service guarantees, to happen before latency SLAs will be offered. Q: Are there other issues that will prevent latency-related VPN SLAs?

Q: Are there other issues that will prevent latency-related VPN SLAs? A: Yes. IT managers will not see end-to-end latency SLAs for VPNs as they get for other services such as a Frame Relay service that carriers time-sensitive SNA terminal to host traffic. One of the reasons end-to-end latency SLAs will not be practical for VPNs is that there are many variables, such as the type of encryption used and the client's process power, that determine end-to-end performance in VPN applications. VPN Technology Questions Q: What are the common tunneling protocols? A: There are currently three major tunneling protocols for VPNs. They include the Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSec), and Layer 2 Tunneling Protocol (L2TP). Q: What types of encryption can be used in VPN applications. A: Virtually all of the common encryption technologies can be used in a VPN. Most VPN equipment vendors give the user a choice. IT managers can often select anything from the 40-bit built-in encryption offered by Microsoft under Windows 95 to more robust encryption technologies like triple-DES. Q: How are VPN users authenticated? A: VPN vendors support a number of different authentication methods. Many vendors now support a wide range of authentication techniques and products including such things as Kerberos, tokens, and software and hardware-based dynamic passwords. Q: Can user access and authentication be linked to existing access control systems? A: In some cases, yes. Some VPN vendors, notably Aventail, Novell, and New Oak Communications, provide ways to link VPN access rights to defined access rights such as those in Windows NT Workgroup lists, Novell Directory Services or Binderies. Back To Main VPN Source Page