Sunday, November 08, 2009
Google  
Web voicendata.com
  RSS | Archive    
• Saarc CEO Conclave 2009 at Dhaka, Bangladesh from October 30 to November 1, 2009
 Home > V&D PLUS > IP VPN: Private Tunnel
  V&D PLUS
IP VPN: Private Tunnel
Only the recipient at the other end of a transmission can see inside a protective encryption shell—over an extended enterprise network
Thursday, May 15, 2003
Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit

What makes an IP VPN ‘private’ is a tunnel that is created during a VPN session. The term tunnel implies some sort of fixed path through a network. But, that is not the case. Since your traffic is IP-based, it is likely that your VPN packets will take different paths through the network. What makes the IP VPN transmission a tunnel is the fact that only the recipients at the other end of your transmission can see inside your protective encryption shell. Tunneling technology encrypts and encapsulates your own network protocols (which may be other than IP) within Internet protocol (IP). While IP Security (IPSec) and Layer 2 Tunneling Protocol (L2TP) are two widely used tunneling methods, IPSec has emerged as the technology of choice among IP VPN users today.

Today’s competitive environment calls for companies of all size to maximize productivity in order to grow revenues, cut costs, enhance customer satisfaction, boost bottom lines and survive economic slowdowns. The fittest would survive.

To stay ahead, enterprises are deploying various mission-critical applications, ranging from enterprise resource planning (ERP) to customer relationship management (CRM) and supply chain management (SCM). With all these mission-critical applications requiring network connectivity, the role of networks is becoming critical to businesses. The evolution of internetworking technologies has clearly been a key contributor to the vastly improved efficiencies within organizations. Networking is in. And it’s here to stay.

In the battle for business supremacy, and even survival, factors like remote offices, mobility of employees, extended supply chains and global reach have become decisive across industries. The actual location of employees, offices, factories and warehouses has become secondary because internetworking technologies help connect people and business processes in ways unimaginable until a few years ago.

On one hand, increased connectivity within the enterprise offers tremendous advantage and flexibility. But on the other hand, it also requires unassailable network security. Transmitting sensitive data across a public network such as the Internet and allowing transactions to take place over an intranet or extranet is not without risks. If an unauthorized party disrupts or damages the corporate network or intercepts key files, results can be costly.

Dilemma of Legacy Networks
A comparison of various WAN options across private lines, ATM, Frame Relay, and IP VPNs shows that while private networks are secure, they are also complex and cumbersome to set up and manage, and costly to maintain. And they are not usually flexible or scalable. Private networks, by design, are limited. Because a given private line links only two sites of a single customer in a point-to-point fashion (no one else can use that capacity), they deliver a secure but expensive and rigid solution.

There is no way to connect a third site and have all sites interconnected in an any-to-any fashion without requiring each site to maintain leased line connections to each of the other sites. Further, users have to pay the same amount whether they run traffic for three hours or 24 hours a day.

Frame Relay or ATM networks are efficient when it comes to stable traffic patterns in a spoke-to-hub design. They work best where traffic flow is steady and predictable from the remote sites to the central location. These approaches involve setting up a permanent virtual circuit between each spoke and hub. Setting up numerous permanent virtual circuits (PVCs) is costly and justifiable only if the PVCs are expected to see high utilization. Consequently, these networks also tend to be complex, cumbersome and costly. Moreover, supporting IP along with legacy networks would mean higher overheads. Hence, the migration from legacy to IP in the entire network has to be a one-time event, and cannot be done in a piecemeal manner.

IP-based networks are more efficient for mesh networks, where traffic flows in a many-to-many pattern. IP-based networks do not require PVCs, and users need not constantly set up and adjust PVCs between communicating points. IP-based VPNs give the freedom and flexibility to scale a business quickly, easily, and cost-effectively.

Historically, Frame Relay or ATM hindered enterprises from fully extending their corporate networks to include remote sites, traveling employees or business partners such as suppliers, distributors or dealers. Today, the shackles have been removed and IP VPNs have emerged strongly as a compelling alternative for corporations that are looking to reap the rewards of a fully connected enterprise. Moreover, concerns about the security of IP VPNs have been dispelled by the adoption of advanced techniques to ensure that IP VPNs are as secure as private line networks.

How Secure Is It?
IP VPNs are private partitioned networks that reside on and transport data over either a public network like the Internet or the private network of a service provider. IP VPNs combine the security of a private network with the scalability and pervasiveness of the Internet. They use shared facilities under software control that provide the appearance, functions, and benefits of a private network, including security, continuous availability and reliability.

IP VPNs have built-in mechanisms to ensure that data traveling over shared IP infrastructure is as secure as over a private line network. Measures include packet encapsulation (tunneling), encryption, and authentication to ensure that sensitive data reaches its destination without being tampered by unauthorized parties. In cases where the customer chooses to avail of the IP VPN services from a service provider, data is routed through the provider’s private IP network, which ensures that the data is not exposed to all and sundry, as would be the case with a public Internet-based VPN.

The Security Techniques
What makes an IP VPN ‘private’ is a tunnel that is created during a VPN session. The term tunnel implies some sort of fixed path through a network. But, that is not the case. Since your traffic is IP-based, it is likely that your VPN packets will take different paths through the network. What makes the IP VPN transmission a tunnel is the fact that only the recipients at the other end of your transmission can see inside your protective encryption shell. Tunneling technology encrypts and encapsulates your own network protocols (which may be other than IP) within Internet protocol (IP). While IP Security (IPSec) and Layer 2 Tunneling Protocol (L2TP) are two widely used tunneling methods, IPSec has emerged as the technology of choice among IP VPN users today.

Encryption is a technique used to scramble and unscramble information. The VPN gateway at the sending location encrypts the information before sending it through the tunnel over the Internet. The VPN gateway at the receiving location decrypts the information back into clear-text. The industry has published well-known and well-tested encryption algorithms, such as the popular Data Encryption Standard (DES), which uses a 56-bit key. Since the encryption algorithms are standardized and known to all, they require the use of keys to make the data secure. DES has been developed even further with its 3DES (triple DES) system that encrypts information multiple times. Triple DES uses the technique of encrypting, decrypting, and encrypting (EDE) to increase the key length from 56 bits to 168 bits, thus making it extremely difficult for hackers to break the coding. Further, if you establish a policy of periodically changing your keys, you will make it virtually impossible for any trespasser to break into the network.

The life span of a key is called a crypto-period. At the end of this period, keys expire. Since it was noticed that frequent change in keys actually increase the risk of disclosure, another ingenious method was designed which uses what are called symmetrical and asymmetrical keys. The use of symmetrical keys involves using the same key at each end of the tunnel to encrypt and decrypt information. Symmetrical keys are akin to ‘shared secrets’. The logistics of managing these keys is complicated because they are hard to distribute, given that the keys have to be kept confidential. Commonly used methods of distribution of symmetrical keys are manual and involve using paper, removable media, or hardware docking. Asymmetrical keys are more complicated to design, but logistically easier to manage. Asymmetrical keys allow information to be encrypted with one key and decrypted with a different key. The two keys used in this scenario are referred to as private and public keys.

Further, digitally certified and validated transactions are legally valid and enjoy the protection provided by the most advanced security techniques available today.

Make no mistake. Constant and diligent security monitoring is as integral to IP VPN security as any of the mechanisms described above. Because IP VPN is often used within small offices or at remote locations, companies need to make sure they have a comprehensive policy and security solution, including firewalls and virus-scanning software, in place right from the start.

Productivity Booster
Whether enabling secure access for employees in a branch office or for traveling salespersons or business partners, companies using IP VPNs benefit greatly by expanding their employees’ ability to remain productive, no matter where they are located in the world. Because of this, IP VPNs have quickly become the latest standard in providing remote access to the corporate network.

In fact, the Yankee Group reports that 79 percent of the US companies with at least 500 employees and two sites use VPN solutions to provide secure access to traveling employees. About 63 percent use them to ensure secure site-to-site connections, and 50 percent use them to provide network access to customers and partners. "IP VPN is a highly effective tool for a company that has offices and people geographically dispersed," says the Yankee Group. "It extends the corporate network." In a Gartner survey, almost 90 percent of the companies in the US surveyed reported cost savings from switching to a VPN solution, primarily due to lower connectivity charges. On an average, the companies surveyed by Gartner realized a 54 percent return on their VPN investments over 18 months. "IP VPNs have emerged as a viable alternative to point-to-point communication and dedicated lines," says The Aberdeen Group. "They’re an attractive solution for managing people and data."  

Reduced Total Cost of Ownership
It is now widely accepted that IP VPNs lower the costs of extending an enterprise network to reach a geographically dispersed end-user base, be it employees or business partners. They also lower the total cost of ownership (TCO) by requiring lower-performance routing equipment at the customer premise and by eliminating the need for costly long distance calls through the use of a shared IP backbone.

Studies comparing the TCO for a private line network with that of an IP VPN-based network reveal that enterprises can reap savings of up to 45 percent by deploying IP VPNs for their WAN connectivity needs. Given that the costs of legacy networks mount up disproportionately with the size and complexity of the network, customers stand to save more as the size and scale of their network grows.

The savings for a large Indian enterprise with several hundred or thousand geographically dispersed locations can run into hundreds of crores of rupees. Moreover, customers have the optional added benefit of outsourcing the management of the network.

Choosing the Right Service Provider
The Indian enterprise customer has a variety of choices today, when it comes to choosing a service provider. Service providers can be broadly categorized as telecom carriers and data networking services providers. Telcos tend to be broad generalists with a wide variety of offerings in voice and data. Several telcos have expended large amounts in laying fiber, an activity which requires deep pockets and basic project management skills. The sales proposition of a typical telco is usually centered around being a one-stop shop for voice and data. On the other hand, there are service providers who have specialized in data-oriented offerings to the market place. Enterprises need to carefully evaluate the strengths of a service provider before deciding upon it.

Excerpts from a Sify whitepaper

Page(s)   1  

Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit
CASE STUDY: Migrating to IP
VPN: Public Resources Private Network
STRUCTURED CABLING: Happy Days ahead…
 





 

Current Issue


ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice





Your Opinion Matters

Does cloud computing cast a cloud on the future of IT professionals?

Is your Accounts Payable Solution working for you? Think Again…

   CIOL Services
IT News | IT Jobs | IT Outsourcing | IT Shopping
 



  For Voice&Data Print Subscription
  [ Magazine Subscription ]  [ Contact Info ]  [ Advertise : Online | Magazine | Advertising Print | Mediakit Print ]
 
Other CyberMedia web sites
[Dataquest]  [PCQuest]  [CIOL]  [Living Digital]  [IDC India]
[DQ Channels]  [The DQweek]  [CyberMedia Events]
[CyberMedia Digital]  [Cyber Astro]  [CyberMedia India]
[Global Services]  [BioSpectrum]  [BioSpectrum Asia]
[Computer Shopper]   [College Buying Guide]   [Voice&DataConnect

CyberMedia India Ltd

 
  Copyright © CMIL. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmaster@ciol.com