IP VPN: compelling savings – compelling performance?

Securing the future

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Briefing IP-based virtual private networks can offer compelling cost savings compared with leased lines, but how can they deliver enterprise-class security and performance?

A Virtual Private Network (VPN) enables organisations to use a shared network - typically the Internet or an IP backbone supplied by a network service provider - to connect remote sites or users together.

Instead of using only dedicated connections (such as a leased line), a VPN makes use of "virtual" connections routed across the shared network to link a company's private network to remote sites or employees. Leased lines may still be used to connect the customer site to the edge of the shared network or, for internet based VPN's ADSL or ISDN may be used to connect to the shared core.

The goal of a VPN deployment is to provide the organisation with the same capabilities as a dedicated Wide Area Network (WAN), but at a much lower cost. Typically WANs are built using leased lines, which become progressively more expensive as the number of branch offices, and the distance between them, increases.

VPNs represent a way to neatly avoid this cost without - subject to proper implementation - sacrificing the security associated with leased-line circuits.

So what's the catch? Security, in a word, or, to be more precise, lack of security, real and perceived, of data transported over VPNs. Many companies fear that security is sacrificed - certainly it is more of a challenge to protect VPNs than is the case with their entirely private counterparts. Worms such as Slammer and Blaster, along with the ever-present risk of denial of service attacks, illustrate the need to protect VPNs that use the internet as their core not just from eavesdroppers, but also from less sophisticated attacks. We shall return to the security issue, but let us first run through the benefits of VPNs, the market size and some of the technology.

Flexible friend

A VPN approach is cheaper and more flexible than WANs over leased lines. Teleworkers, along with mobile sales and support staff, can be supported effectively using the technology. Businesses can extend their private network to distant offices and remote users who traditionally ran up long distance charges when dialling into corporate resources.

The adoption of IP VPN (VPNs which use the Internet Protocol for routing packets) by corporates is expected to drive the worldwide IP VPN equipment market to $4.7 billion by 2006, according to Gartner Dataquest. The analyst firm believes the cost benefits of using the IP VPNs as a basis for a company's global communications (rather than traditional wide area network (WAN) access via a leased line, frame relay or asynchronous transfer mode) are considerable. Consensus analyst estimates are that IP VPNs are 20-40 per cent cheaper to implement and run than traditional VPNs.

A recent survey by In-Stat/MDR of 200 large businesses, each employing more than 1,000 people, revealed that 81 per cent currently use IP VPNs while nine per cent are preparing for adoption within two years. Around half of those who already have an IP VPN are also considering carrying voice traffic over it. Many of the In-Stat respondents also plan to extend IP VPN connectivity to staff who work with wireless devices outside the office.

Virtual services get real

Two standards are deployed in the majority of today's IP VPN services: Multi Protocol Label Switching (MPLS), a technology to speed up and manage network traffic; and IPsec, a set of security protocols.

Looking ahead, a third technology: SSL-based VPNs, is becoming a major area of growth. SSL VPN appliances allow enable to access corporate resources securely through a standard Web browser. The technology scores over earlier IPSec-based VPN technology by eliminating the need to install client software on worker's machines. Analyst firm Infonetics reckons the SSL-based remote access market will exceed $600 million by 2006.

Organisations have four basic choices when installing an IP VPN: to manage their own customer premise equipment (CPE); to get a provider to manage their CPE; to get the provider to host their IP VPNs on their own network; or adopt some combination of the above.

Only the biggest companies should consider managing their own CPE. But even the biggest companies today are looking for service providers to manage their IP VPNs. According to the In-Stat/MDR survey, 74 per cent of firms which now have VPNs in place will switch over to provider-managed services, on cost as well as management grounds.

Bandwidth management and Quality of Service (QoS) are complex technical challenges often more easily handled using VPNs built over a shared IP backbone belonging to a service provider, using MPLS.

Risk management

Most IP VPNs are secured by IPsec, a set of transport and tunnelling protocols which maintains security and privacy while using a shared public infrastructure. Transport mode is less secure as it encrypts only the data portion of each packet, leaving the header untouched. For enterprise-class security tunnelling is required. IPsec does this by encrypting data and sending it through a "tunnel" which cannot be entered by data that is not properly encrypted. For additional security, the originating and receiving network addresses, as well as the data can be encrypted. In practice, IPsec can secure an IPN VPN to a standard approaching that of a dedicated private network.

According to Henry Goldberg, senior analyst at In-Stat/MDR, many of the security worries attached to IP VPNs are unfounded:

"All of the forms of IP VPN services offer considerable security. The MPLS and Virtual Router over ATM network-based services are implemented over a service provider's closed or private IP infrastructure, and provide similar security to traditional Layer 2 Frame Relay or ATM service.

"Network-based IPsec services can be implemented in different ways. It provides highly secure encryption and authentication of traffic, and in some cases may be implemented in addition to the previous MPLS or Virtual Router over ATM solution for customers that want a high degree of security."

As the security concerns are addressed the IP VPN is beginning to be considered as viable for enterprise deployment. But carriers must do more to remove security fears, Caroline Jones, analyst for Gartner's worldwide telecommunications and networking group, says. "Security continues to be a major issue for the uptake of IP VPNs in every region and those business sectors where data is highly sensitive. To benefit from VPNs' great potential, service providers need to remember that a security solution for one region may not succeed worldwide." ®

This briefing note is sponsored by Telewest

Secure remote control for conventional and virtual desktops

More from The Register

next story
HP busts out new ProLiant Gen9 servers
Think those are cool? Wait till you get a load of our racks
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Like condoms, data now comes in big and HUGE sizes
Linux Foundation lights a fire under storage devs with new conference
Community chest: Storage firms need to pay open-source debts
Samba implementation? Time to get some devs on the job
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
Forrester says it's time to give up on physical storage arrays
The physical/virtual storage tipping point may just have arrived
prev story


5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?