VPNs have recently moved on to become second generation technology. From having one or two VPNs, companies are now looking to install large numbers. These numbers are likely to grow steadily and in a few years’ time, organisations may potentially have thousands of VPNs. This proliferation brings undoubted benefits, but also some very major challenges for IT department.
First generation VPNs frequently replaced much more expensive leased lines and provided major cost benefits, as well as delivering the standard of security required by large organisations. Early adopters did encounter some technical issues but these were generally resolved by their ISPs, by skilled internal staff or by outside consultants. Generally companies had few VPNs to manage and the cost/benefit ratio was justifiable.
Opportunities and challenges
Second generation VPN deployment brings a different set of opportunities and challenges. The opportunities include:
- better and more secure communications over the Internet as VPNs formalise security with authentication and encryption
- email security (this is currently a very insecure area)
- improved efficiency and better communications with branch offices, third parties and remote users dialling in.
Offset against the opportunities are some major challenges for the IT department. Security is a key issue. Companies are moving from a single entry point or a low volume of entry points to a situation of multiple entry points. This needs supervision and management on an hourly basis to ensure security is maintained. Authentication and encryption are very important here.
With multiple VPNs, we have a scenario where senior management is looking to the IT department to deliver cost savings, as well as taking telecoms responsibility. What’s often forgotten in the cost cutting equation is the effect of managing large numbers of VPNs, which can bring sharply increased workload and expense to the IT help desk.
For example, supporting a remote customer on a VPN and identifying whether their problem lies with their PC, VPN software, connection to the Internet or the VPN tunnel is not a happy dream, whether you´ve outsourced your helpdesk or not!
Additionally, VPNs, and especially encrypted VPNs, can become an internet performance bottleneck. So a major part of the challenge is to manage this environment to actually deliver a business benefit rather than a corporate nightmare.
Managing VPNs alters as numbers of connections increase. Key VPN features become ease of deployment, ease of management, and the ability to have a comprehensive network and security overview. Centralised management and troubleshooting become crucial, as does good management reporting.
Because of the changing requirements of installing large numbers of VPNs, the product itself has evolved. VPN appliances, such as that available from WatchGuard, are now more common than software only VPNs. Statistics show this to be a growing trend. Appliances are becoming increasingly popular because they are easier to install, easier to manage (particularly with large numbers) and more cost effective.
Some key areas to consider, if you want to maximise the benefits of multiple VPNs, are how you will manage them, how you will get the best performance out of them, and what steps you should take to provide failure protection and load balancing.
Projected traffic growth is a crucial element in planning for multiple VPNs. Accommodating the volume of traffic and managing VPNs within the infrastructure will become increasingly important.
As businesses become more dependent on VPNs, it is vital to provide failover protection, both for equipment failure and ISP problems. This is because the cost of losing extranet applications could run into many thousands (or tens of thousands) of pounds for each hour they are off line. Failover protection is typically coupled with load balancing and includes facilities such as management reporting and alerting. Suppliers such as Radware offer this type of solution.
VPNs undoubtedly can bring major benefits. But unless companies plan properly when installing multiple VPNs, they could well encounter major security, support and performance problems. And any cost savings could be superseded by large business losses.
Senior management may overlook the potential downside of multiple VPNs in their eagerness to cut costs and improve communications. However proper planning and appropriate security measures will promote effective implementation. And if you use the right VPN appliance products and management tools, together with suitable load balancing and high availability solutions, this will ensure that installing VPNs is an investment that pays off rather than a corporate curse.