VPN |
|
A Virtual Private Network is a private communication network that uses a public (nonsecure) network, usually the Internet, to connect 2 or more remote sites of a company together in a secure manner. Because the underlying public network is considered insecure, complex encryption and authentication algorithms are used in the traffic exchange. Even if somebody can intercept the VPN traffic, if this is properly secured there is no risk of somebody decrypting and using the data. The growth of the Internet led to a large increase in VPN deployments. Provision's experience in managed Internet VPN solutions, using products from leading manufacturers, offers a convincing alternative to conventional WAN technologies. |
|
Despite low installation and operational costs, the customer does not have to accept any
compromise in service quality or security. Thanks to the global reach of the Internet, enterprises
can enjoy the flexibility of being able to quickly adjust their network topology to reflect any
structural or organizational changes. In choosing the architecture the cost and performance of
the VPN solution must however be carefully balanced. Provision takes care of the needs of a
rapidly growing number of internationally active customers, who are already convinced of the
advantages of using Provision's Secure Internet VPN solution. |
|
 |
|
Internet VPNs can be configured to cope with a range of individual requirements. The basic
topologies supported by the Provision's Secure Internet VPN solution can also be combined with one
another:
- "Hub-and-Spoke" VPN: The remote endpoints are connected back to the center directly
or via regional hubs. The remote endpoints tend to be in the same geographic region as the hubs.
- "Fully Meshed" VPN: All locations are connected directly and can communicate with
one another.
- "Partially Meshed" VPN: Individual locations are connected point-to-point as needed.
|
| As a rule the choice of VPN technology is guided by the organizational structure and the existing business
processes in use. The topology chosen, or the number of connections between VPN nodes, plays no part at
all in the cost calculations. For the "hub-and-spoke" architecture there are two variants. Either the
servers and applications are placed at a single central location or they are distributed over a number
of regional locations. The remote locations will then be connected using a VPN gateway. |
|
When all remote locations communicate direct with the central location, all Internet traffic, including
user access to the Internet and e-mail traffic, passes through this one central location. The advantage of
this arrangement is that there is only a one-time investment in a secure high-availability Internet
perimeter, giving effective protection including for instance anti-virus and anti-spam gateways, URL
and content filters, firewalls and intrusion prevention systems. The remote locations themselves each
include just one single VPN gateway. |
|
In implementing regional hubs, proximate company locations are concentrated to one hub.
Applications that need to be accessed from a region are placed at the hub location. User
access to the Internet is allowed via the appropriate hub. All the hub locations are then
connected with the center. In this way any eventual bottleneck that might occur had all
data flowed via a single location can be avoided. This advantage has to be balanced against
the cost of providing Internet perimeter protection at multiple hub locations.
Enterprises that are mainly made up of independent operating units may favor a
decentralized architecture. At each of the locations local services like e-mail or web
servers have to be available from the Internet, and secure Internet Perimeter protection
must be provided. |
