Critical. Authoritative. Strategic.


CBR is proudly produced & published
by Technews
Issue Date: August 2000 (es)

Seven tips for selecting a VPN solution

August 2000
Francois Smit, Marketing Manager, Trispen Technologies

VPNs offer a variety of compelling business benefits, such as reducing communication costs, enabling and empowering remote workers and telecommuters, connecting all an organisation's offices into one network and sharing information resources with business partners and industry peers.
With the current high levels of interest in VPNs and the variety of products to choose from, it is opportune to give some guidance on how to select a VPN product. The following tips should provide interested parties with a framework along this tricky path.
1. Understand your needs and the role a VPN will play in your business
VPNs are often hyped as the solution to your communication requirements, but what do you really need? What do you want to achieve by setting up a VPN? The following are just some options - cost reduction, remote access for employees, forming an extended workplace, setting up communication channels with branch offices or a shared network with business partners, enabling communities of interest, securing all your company information flowing over your own intranet... Will you only be adding security features to an existing infrastructure, or will you need to develop or upgrade your current infrastructure? What level of security do you need? What performance levels do you require? Do you require end-to-end security, or only LAN-to-LAN? Does your technical staff have the necessary expertise? Lastly, but most importantly, you have to know your users and their various and changing requirements.
2. Understand the different types of VPNs
There are two major types of VPNs that you will have to investigate to determine which one, or possibly a combination of the two, will work the best for you. First, there are IP-based VPNs that are the ideal solution for all Internet and intranet-based communications, as well as for secure and cost-effective remote access. Although you will have to build these VPNs yourself, they allow you a lot of flexibility. They also make it very easy and cost-effective to extend your network across the world. Second, there are managed VPNs or QoS VPNs as they are also sometimes called. VPN service providers offer these VPNs and guarantee a certain level of service in terms of bandwidth, up-time etc. Typically they provide their own private network backbone, as this is the only way they can guarantee the level of service. The one drawback of managed VPNs is that they have implemented very little or no security, although most organisations see the privacy of such a network as secure enough. Since your sensitive and confidential information flows over this network in the clear, this kind of false trust - that no one will be able to get their hands on it because the network is 'private' - could well backfire. You should insist on proper security for your information. Other drawbacks of managed VPNs is higher cost and less flexibility vis-a-vis IP-based VPNs.
3. Get to grips with the technology basics
This is a part that scares many people away, but it really is not difficult to understand enough to make an informed choice. In the first place, there are various protocols that have been developed that can be used to establish a VPN. The most prominent of these are L2F (Layer 2 Forwarding), PPTP (Point-to-point Tunneling Protocol), L2TP (Layer 2 Tunneling Protocol) and IPSec (Internet Protocol Security). Of these, only IPSec offers strong security features, and it has already established itself as the dominant protocol. A useful reference to understand more of the IPSec and PPTP protocols can be found at In the second place, there are four classes of VPN implementations, namely standalone systems (eg IP-Granite), firewall-based systems (eg Checkpoint), router-based systems (eg Cisco) and operating system-based VPNs (eg Windows 2000). There are a number of advantages and disadvantages associated with each one, and the most appropriate choice depends on your particular circumstances, although standalone systems give the best flexibility and performance. Lastly, there are additional and complementary forms of authentication, such as certificates, tokens (eg smartcards) and biometric devices. Your favourite security VAR will be able to advise you on these.
4. Look for a product that will grow as you grow
Most organisations experience a need for their IT systems to be able to adapt and grow as they are themselves are changing. By the same token, many companies have been frustrated by decisions that lacked the foresight to cater for their current situation. For this reason, it is important to consider these issues when selecting a VPN product. In particular, three areas should be highlighted, namely scalability, flexibility and interoperability. A scalable product will enable you to easily implement a pilot project, and to roll it out to the rest of the organisation as required. It will also allow you to easily add and remove users, sites and partners as your business needs change. Flexibility is needed to cater for a variety of applications and circumstances. For example, deciding on a router-based approach for a VPN might limit you when you suddenly need end-to-end security. Unfortunately not all products interoperate equally well with one another. The advent of IPSec as a protocol has helped a lot, but make sure you will be able to connect to someone else's network by choosing a product that has been successfully tested against its peers.
5. Test drive a few products
This is another important step that you should not ignore. You will learn more by testing a particular product on a section of your own network than by listening to the advice of many. Testing will enable you to understand and evaluate the impact on your network in terms of performance ramifications and the work required in rolling it out to the organisation. You should also determine which class of VPN to implement, and where you should deploy hardware products and where software products.
6. Look for ease-of-use
An easy to use product not only meets with less resistance from users, but will also result in lower costs to the company in terms of support and maintenance. Look out for a product that is easy to deploy throughout the organisation and to business partners. If any software has to be loaded on end-users' PCs, it has to be easy to install, configure and update. Some products allow for multiple policies that enable users to work at the office using one policy, and from home using another. Finally, an efficient management system will facilitate easy and effective administration of the VPN, enabling you to centrally or remotely manage the various components, setting policies, updating configurations and cope with changes in the network configuration.
7. Look for the value offerings
Once you have decided which type and class of VPN suits your requirements the best, you should also evaluate the various products to determine which one offers you the best value for your money. Unfortunately, this may not be an easy step as the different products all have their own particular strengths and weaknesses. Understand which features you really need; do not simply go for the brand leaders. You should also evaluate the total cost of ownership (TCO) to your organisation, and look beyond the direct cost of purchasing the product. Factors that can influence the TCO are the price of a service level agreement (SLA), ease of use for all involved, reliability and the total cost per user. The cost per user is determined by adding all the various cost components together, and dividing this total by the number of users who will use the VPN.
The benefits associated with deploying a VPN in or for your organisation are substantial and numerous. Following through on the above tips will ensure that you leverage your VPN to unlock maximum business value.
For details contact Francois Smit at Trispen Technologies on tel: (012) 672 5794.

Others who read this also read these articles

Search Site

Search Directory

  • Search for:


Previous Issues