Vpn Virtual Private Networking

VPN – VIRTUAL PRIVATE NETWORKING

The Internet has been long touted for its E-Commerce capabilities. But, perhaps the most overlooked aspect of the Internet is its viability as a low-cost data/voice communications vehicle.

Internet as Communications vehicle

From its very founding roots, the Internet has been based on a collection of technologies to exchange information between different or unrelated computers - i.e. communications. The Transmission Control Protocol/Internet Protocol (TCP/IP), a.k.a. "IP" was developed in the late 60's and early 70's. Microsoft’s adoption of TCP/IP as its standard networking protocol is widely believed to have been responsible for unleashing the Internet connectivity boom of the late '90s.

IP based communications packetizes each block of data and has the advantage of being a many to many topology thereby enabling multiple devices to communicate through the same circuit, consecutively. Furthermore, the networks are often redundant, so if one route between devices is unavailable, the packet is automatically re-routed through alternate channels.

The Old Way - Leased Data Circuits

Traditional approaches to data communications have revolved around telephone based dedicated data lines. These circuits, while quite reliable, were generally low in bandwidth, and expensive. Costs for these point-to-point circuits range from $50/mo to $1000/mo. The costs have been traditionally held high due to tariffs and fees imposed by the local phone monopolies, and have been "leased" by the customer.

Dumb terminals/printers vs IP-based devices (PC's/Print Servers)

Equipment used on Leased Data Circuits generally employ "serial communications" and required a one-to-one connection between the host computer and terminal devices. These were typically known as "dumb" terminals. Multiplexors are often used to support multiple serial devices over a single data circuit. Communications equipment (modems, DSU's, multiplexors) costs are moderately high but terminal equipment is affordable, simple and easily maintained.

"IP" based devices on the other hand, carry their communication traffic across a common link. Each device has it's own IP address and is able to respond to the packets addressed to itself, without interfering with other packets destined for other devices on the same link. The communications gear (routers, hubs) is generally inexpensive. However, the terminal equipment (PC's and Print Servers) are more expensive and complex, leading to more software and maintenance.

TELNET – Terminal Emulator

Telnet, a common terminal emulator program, represents a widely used method of communicating between computers, and is very prevalent in today’s mainframe or legacy systems. The remote computer, thru the use of a terminal emulator, acts as a simple data entry/display device, with the host computer processing all keystrokes and controls access to the software and data.

The telnet protocol sends remote users traffic over the user's local Internet connection, thereby avoiding long distance or leased line charges and is ideal for a telecommuter or mobile sales force.

Security concerns do exist for telnet as communications are un-encrypted and could theoretically be eavesdropped on by unscrupulous individuals with access to the Internet. Good hardware based firewalls should be employed to protect your servers, allowing only telnet services through.

VPN - Virtual Private Network & Tunneling

For those requiring better security, Virtual Private Networking (VPN) offers encrypted communications between devices. Both ends of a VPN connection must use a common encryption key, also known as a "private key". The VPN devices then use that private key to encrypt all packets exchanged between them. This technology is widely accepted as secure and reliable, even on the most open public networks. VPN's provide their services through the ability to "tunnel" through the Internet. Not only are the communications encrypted, but multiple Local Area Networks (LANs) are connected in a virtual Wide Area Network (WAN) configuration via this tunnel.

A WAN can provide all services typically associated with a LAN, from File and Print Sharing to Network File Sharing, and can save thousands of dollars in line costs and reduce overall hardware and management expenses.

Other Networking Services

Internet access of course provides much more than a communication route for your internal computer systems. It brings with it a whole range of additional services, such as web browsing, email, instant messaging and voice-over-internet phones (VoIP), many of which add great value to a business’s information management technology. Many have suggested that access to these services is at least as valuable as communications to the corporate mainframe.

Types Of Connections

One of the tremendous advantages of “IP” communications is its ability to utilize a variety of types of Internet connections. T-1 circuits provided by telco's offer the highest bandwidth available (1500Kbaud), and at the highest price point too ($900-$1,500/month). DSL (Digital Subscriber Line) and cable modems offer similar broadband speeds at considerable price savings ($30-$120/month) over T-1 lines. These circuits generally offer 128Kbaud-768Kbaud upload speeds, with even faster download speeds. Even simple 56Kbaud dial-up circuits offered by local Internet Service Providers can be used for a mere $15-$25/month, plus the cost of the phone line. However, 56Kbaud dial-up lines should be used only as a last resort for small branches.

Your server’s Internet connection will require a publicly accessible "static IP address". Within the Internet, an IP address is akin to your telephone number. Many dial-up Internet connections are given a new (or "Dynamic") IP address each time the connection is established. Just like in the telephone world, it would be difficult to receive incoming phone calls if your phone number changed every time it was used. So too in the Internet world, it's difficult to connect to your server, if it's IP address is subject to change.

Case Study

Our case study is of a moderate sized, independent welding supply/industrial gas distributor. Their four branches are all located within 150 miles of the main office, but all are long-distance toll calls, two of which cross state lines. Traditional 4-wire, 9600 baud, analog leased lines had been used to connect dumb terminals and printers in the branches to their mainframe system. Performance of the remote devices was acceptable, though newer technologies associated with Internet access were non-existent. Communications costs for three leased lines was approximately $1,200/month. The fourth branch had not been brought on-line due to the prohibitive cost of a leased line. Projected total cost using traditional leased lines was around $2,000/month.

56Kbaud digital point-to-point circuits were initially promoted by the incumbent telco, but offered no significant cost savings or enhanced functionality. 56Kbaud Frame Relay circuits did reduce the overall monthly cost slightly, but required the inevitable transition to "IP" based terminal devices thereby making the investment payback quite long.

VPN was then investigated as a method of securely connecting their branches through the Internet. A typical DSL connection was projected at $80/month at the main office (including static IP), with an additional $60/month for each branch store. Two branches were not served by DSL, so a cable modem provider was selected at slightly higher costs. Total monthly communication costs for the five Internet connections are now roughly $350, yielding a savings of $1,650 per month. This savings can be applied to the cost of the new "IP" based PC's, communications hardware and print servers needed at the branches with a projected pay-back period of less than 1.5 years.

Long distance voice toll charges between branches are expected to be reduced dramatically as new forms of inter-office communication replace traditional voice calls.

Pitfalls

Implementation of any new technology can be fraught with potential pitfalls, and Internet based communications is no different. DSL and CableTV companies are struggling to ramp-up to the demand for their new low cost broadband offerings, and often promise services or installation schedules that aren't met. Do not opt for "self-installation" of the equipment as there is still a great deal of technical know-how needed get these circuits up and running. A prudent implementer would research broadband availability and arrange its installation prior to disconnecting existing legacy connections or equipment.

Long-term contracts for broadband service should be avoided if possible as costs continue to drop dramatically as vendors compete for market share. Today's "bargain" will almost certainly be over-priced in one to two year’s time.

New, "IP" based PC hardware is generally more expensive to buy and maintain than its "dumb" terminal counterpart. Organizations must consider the deployment and maintenance costs for this new, more sophisticated platform.

Consideration will also need to be given to training employees on the use of new services. Like any new tool brought into the workplace, it should be accompanied by a realistic and thorough implementation and training plan.

Finally, web browsing, email, and instant messaging can be tremendous productivity enhancing tools, they likewise can be easily abused by unsupervised personnel. Consider implementing an acceptable use policy before bringing the technology on-line.

Summary

The new Internet age has brought with it many promises - some of which are yet to be attained. Use of the Internet for its core strength as a communications vehicle though appears to be a technology that can dramatically reduce costs while equally dramatically advancing functionality and productivity.

About the author;

David J. Frea is President of INFONETICS, Inc., a software supplier to Welding Supply and Industrial Gas distributors. INFONETICS has been an NWSA/GAWDA associate member since 1988, and holds a seat on the GAWDA Management Information committee. Mr. Frea can be reached by phone at 614-875-2006 or email .