Wednesday, February 07, 2007

VPN Internet Access Links Facilities

A challenge for many businesses is how to cost effectively link dozens, hundreds or even thousands of facilities into a single enterprise. This includes businesses as diverse as retailing, education, consulting, warehousing, communications and transportation, to name a few. Traditional solutions, such as point to point private lines and Frame Relay networks, have their advantages. But a newer wide area networking scheme becomes more and more attractive as the number of locations increases.

Point to point private lines offer the ultimate in availability, predictable bandwidth and ironclad security. The reason is that they are direct lines between two and only two locations. The only traffic is your traffic. These are perfect for PBX tie lines or VoIP telephony between facilities. They are also ideal for constant high bandwidth applications such as video transport. The downside is that you need a separate line between any two facilities that want to communicate. Or, you can set up a star network managed at the home office with private lines out to each site. Costs are high and increase as each new location is connected.

What many businesses really want is a mesh topology where each location is connected to a provider's network "cloud" so that anybody on the network can talk to anybody else at will. Frame Relay networks have been the traditional offering for this arrangement with private carrier IP and MPLS networks now offering similar functions. But there is another solution that can cost much less than these private network solutions. It's the public network bought and paid for as a public infrastructure. It's the Internet.

The Internet? Yes. Think about it. The Internet is as ubiquitous a communication facility as you can find. Even broadband high speed data service is available nearly everywhere by landline, wireless or satellite link. It's relatively cheap compared to other networks because it is being utilized by millions of individuals and companies. If you can work around its limitations, the Internet is your most cost effective way of linking facilities nationwide or around the world.

Technically, the Internet is never going to be as reliable and predictable as a private network. It's a public thoroughfare with anyone and everyone using it for everything from downloading music to uploading web pages, blasting email messages, making phone calls and playing games in real time. Jitter, lost bits, variable data rates and long latencies are the nature of the beast. Inherent security doesn't exist. That's what's implied by public access.

Fortunately, many applications are resilient to these issues. That's especially true if your traffic is data, including email, point of sale verification, accounting or inventory updates, EDI, faxes, email, or Web enabled commerce. TCP/IP, the primary protocol of the Internet, was designed to be robust in getting data files from point A to point B reliably. If the link slows down temporarily or a few bits are dropped along the way, the system compensates. In fact the Internet was developed as a government initiative to create a communications network that would work even with multiple failures in emergency conditions.

The one loose end is security. The answer is to encrypt your private data so it can travel on a public medium privately. You can't stop someone from intercepting your data packets, but you can stop them from figuring out what the bits represent. This is called "tunneling" through the Internet. By using encryption and decryption software at each node, you create a hybrid between a private and a public network that is called a virtual private network or VPN. There are various standardized methods for doing this, including IPsec or IP security, PPTP or Point to Point Tunneling Protocol, and SSL or Secure Socket Layer.

You can set up an enterprise VPN yourself or opt for a managed VPN solution where a provider handles the routers and security software. Each of your facilities connects to the Internet through a VPN portal using a high speed connection, such as a T1 dedicated Internet line for high reliability. With business grade connectivity prices at an all time low, this could be a good time to install a new VPN solution or upgrade your current inter-facility communications system for higher speed and/or lower costs.

