When Virtual Private Networks arrived on the scene, they promised bulletproof security for enterprises at a fraction of the leased-line cost. However, enthusiasm for VPNs waned as the encryption technology available failed to match expectations of high-speed performance and maximum-security requirements. But times have changed.
When Virtual Private Networks (VPNs) arrived on the technology scene they promised bulletproof security for corporate networks at a fraction of the leased-line cost. As time passed, the enthusiasm for VPNs waned - the encryption technology available didn't match companies' dual expectations of high-speed performance and maximum-security requirements.
This technology hurdle has now been addressed with sophisticated developments in high-speed crypto ASIC design and production. VPN infrastructure manufacturers are now meeting expectations with the highest level of security (IPSec using 3DES - CBC mode) at speeds of 2G bit/sec. These performance improvements are essential in reflecting the momentum of VPN adoption. Both service providers and company managed networks have focused expectations relative to return on investment, flexibility and better-centralized management. By meeting these expectations, VPN product revenues more than doubled to $706 million in the first half of 2001, up from $313 million in the first half of 2000, according to Infonetics Research.
VPNs are maturing at a time when secure network accessibility is becoming increasingly important to companies with multiple branches, telecommuters and workers-on-the-go. Companies are also embracing VPNs for their intrinsic ability to slash operating costs and prevent unauthorized access to sensitive corporate information. VPNs are so compelling that over 50 percent of all companies plan on deploying VPNs by 2002, according to analysts.
Enterprises aren't the only ones embracing VPNs. Telcos and service providers also gain a competitive advantage by offering VPN capability bundled with their existing applications and services. For these providers, VPN solutions are deployed seamlessly to customers at a fraction of the cost individual companies could implement a comparable VPN. Reselling VPN services is a lucrative opportunity for telcos and service providers. A VPN solution combined with an IPSec client and a firewall secures access to critical corporate resources and provides solid protection against unwanted Internet intrusion.
Some of the key capabilities companies should demand of their VPNs are:
Speed: Speed is a crucial criterion in choosing a VPN. For large enterprises VPN solutions exist that run at speeds up to 2G bit/sec and offer 100 to in excess of 40,000 VPN tunnels. The critical component of exploiting the speed is the technology's capacity to scale over a line of products. By having the ASIC engine that can be implemented in every VPN appliance from the Soho to the medium size business up to the high-density service provider or Fortune 500 HQ, the installation strategy can be managed effectively with no compromise on performance.
Security and cost reduction: VPNs are a compelling business solution because they provide the highest end-to-end security at wire-speed at a sizable cost reduction compared to a private network. They provide strong security (3DES-CBC mode) for users and managers of Fortune 500 companies, hosted e-business sites and applications, branch offices and mobile or remote workers. A VPN solution, an IPSec client and a firewall combine to control access to information, while protecting against Internet intrusion. By implementing a VPN solution that integrates additional security applications such as intrusion detection, digital certificate support, DOS, Radius capability and client authentication, a powerful communications platform is developed using the Internet for the transport of company business information.
Vastly increased flexibility: VPN infrastructure equipment today should provide a scalable architecture to evolve with your business. VPN appliances should provide multiple network interfaces, solid high availability functionality, a scalable product line, interoperability with existing infrastructure equipment and network management, eliminating the need for additional network devices. Port configurations include failover provisioning, so that in an event of port failure, another port will automatically take over, keeping your network operational. VLANs and virtual routers enable multiple virtual networks to be hosted on one physical infrastructure. Implementation flexibility should include a management interface that allows customization of the communication platform as well as rock solid fail-over for nearly every hardware and software component as is warranted within the network infrastructure.
Robert Bova is executive vice president of The Americas and Pacific Rim at Asita Technologies and can be reached at email@example.com.
This article was first published in Intranet Journal, an internet.com site.