Ray Richards is founder of Mindspan Consultants and a technology journalist hailing from Ottawa, Canada

Skip site navigation and move to main content of page.

Virtual Private Networks

Within the last few articles we took at look at server and OS alternatives, as our examination of core networking components has continued. This month I thought we'd explore intra-enterprise connectivity with an investigation of Virtual Private Networks or VPNs. 

The times they are a changin'

It seems like only yesterday when should you desire to connect branch offices via an electronic link, you had to utilize ISDN or frame relay over leased lines which provided a direct point to point conduit. While this was relatively fast and secure, it remained very EXPENSIVE! Corporations had to seriously weigh the benefits of cybernetic inclusion for smaller or more remote offices before expending serious capital on what in most cases essentially constituted business process facilitation versus the myriad of other concerns facing contemporary industry. Now, with the impending maturation and acceptance of Internet based technologies which render that most public of networks a secure and inexpensive medium by which to expedite delivery of sensitive corporate data, Virtual Private Networks are becoming truly ubiquitous.

How do they work?

VPNs operate in much the same fashion as traditional WANs with the exception that they employ the Internet cloud by way of a router and the employment of authentication, encryption, tunneling or all of the above as the means by which remote connectivity is achieved. While the term encryption is fairly obvious, tunneling is less so. There are two primary encryption standards in use for VPNs: DES (Data Encryption Standard) a widely accepted data cloaking scheme which employs a 56 bit key, and Triple DES, the 168 bit DES extension which thus far has never been cracked.

Tunneling is a protocol (PPTP by Microsoft is the most broadly employed) wherein data is transported over IP, (other standard protocols such as IPX or NetBEUI may also be buried within the IP packet ensuring compatibility) most often in encrypted form, by way of a "tunnel" that crosses the gulf of cyberspace and terminates not at the remote connectivity hardware which is the traditional gateway to the WAN, but directly to the individual NT server the user in question has been authenticated to, bypassing all others in the organization. This provides very strong security indeed and has served to accelerate acceptance of the VPN as a viable alternative to conventional WAN architectures.

Why are VPNs so attractive?

As mentioned earlier the cost of leased lines is definitely prohibitive however, as an added bonus, the decreased demand on internal technical services personnel is evident as the maintenance of traditional modem banks, normally a constant source of frustration, has been conveniently offloaded to the ISP. Furthermore, extranets:  extensions of  the VPN which include trading partners, suppliers, customers and prospects within your electronic fold, may be employed to enormous benefit at a fraction of the cost of established ERP solutions from the likes of  SAP or Baan, who upon realization, have incorporated VPN into their product suites as well. In today's rapid paced corporate world, as delivery cycles are decreasing due to fierce competition and unforgiving customer demands, management of the supply chain has become paramount. VPNs may be utilized to address this issue with great success. Consider the following fictitious scenario:

Fred, owner of the MightyMart chain of food stores, has been losing market share to his competition due to their ability to more effectively respond to client desires and somehow offer lower prices to boot. Upon careful consideration Fred decides to address the matter by taking his CIO's suggestion to implement a VPN. After six months of planning, design and piloting, the rubber meets the road for MightyMart's shiny new Virtual Private Network and extranet.

Fred has provided secure real-time connections to all of his chain stores, and has centralized accounting, shipping and receiving and inventory management within head office. This has dramatically reduced duplication of effort and consequently increased profitability. Fred can at a glance now see how his stores are doing on any given day. He has implemented an electronic stock balancing agent which automatically informs shipping and receiving to move product from locations experiencing surplus to those in situations of impending shortage. Additionally, Fred has the ability to closely monitor the stock levels of perishable foodstuffs and take appropriate action when expiry dates are approaching. This greatly reduces waste and again increases profits. He has constructed a central data warehouse which he may mine to spot trends and capitalize on fickle customer desires as well as discover problem areas and move to correct them.

Fred's extranet connects him with his suppliers who have been given the responsibility of automatically replenishing stores once specific target thresholds have been met. This again reduces staffing costs and has the collateral effect of dramatically improved customer satisfaction. Clients learn that if they want it... Fred'll have it. Further to this, Fred has secured better price points from his suppliers due to the fact that he has guaranteed orders over the course of the contract. He may also establish supplier performance metrics in order to accurately gauge whether or not to enter into follow-on agreements with them. Suppliers, being aware of this, make a genuine effort to keep Fred and his customers happy at all times.

Fred has also extended his extranet to his customer base, providing low cost marketing - including sale notifications, printable coupons and real-time ordering for registered clients. Fred has even instituted a program by which data from online transactions is analyzed and details of impending sales are emailed to customers who match a predetermined profile. As you can well imagine, Fred has now become a leader in the marketplace and has secured his position in this highly competitive, low margin industry.

A few caveats

While all this sounds great, there are a few things to bear in mind when considering a Virtual Private Network. Security, while essential, is definitely a prime consumer of network bandwidth. You must conduct a thorough study of the hardware available in order to determine what best suits your throughput needs and is scalable enough to support future requirements. Another point to note is that although this security is extremely resistant to malicious attack, nothing exposed to the Internet is impregnable. You must therefore weigh which systems are most vulnerable to violation and mitigate these exposures with all means at your disposal. If managed correctly VPNs are an excellent tool which should provide the means for sustained growth in IM well into the next millenium.

Originally published in Ottawa Computes! magazine, November, 1998, by technology columnist, Ray Richards.


Article Index