Before there were VPNs (Virtual Private Networks) there were private networks. There still are. Some situations require so much security that the only way to be sure you maintain control and avoid all intrusion is by using private line point to point connections. You might even go one step further and encrypt the data traveling on those private lines on the odd chance that someone has figured out how to tap in. Private lines make the most sense when you have only two locations to connect. You can order order a “nailed up” T1 line from point to point. By “nailed up” I mean that the connection is hard wired and stays that way as long as you pay the monthly lease. There is no traffic other than yours on this circuit. Whatever you aren’t using to full capacity simply idles while waiting to be used day and night.
Need a lot more bandwidth? You can order DS3 private lines at 45 Mbps or move up to fiber optic service starting at 155 Mbps. An alternative is Carrier Ethernet over copper or fiber. With Ethernet you have many more bandwidth options and the cost is generally lower than with traditional telecom services.
Note that these circuits are dedicated to your locations, but your data may be multiplexed with data from other users while it is on the line. SONET fiber service and Ethernet over Fiber has so much bandwidth that it doesn’t make economic sense to use an entire strand or even a wavelength for 50 or 100 Mbps of traffic.
This is the beginning of virtual private networking. In this case, the provider divvies up the available bandwidth by TDM (Time Division Multiplexing) time slots or virtual private circuits. Since the network is privately operated, you have the protection that the general public has no outside access to any of this traffic and no way to snoop on your data stream or cause trouble.
If you need really massive amounts of bandwidth, you can rent wavelengths on fiber circuits at typically 5 Gbps or rent dark fiber strands themselves that can support nearly unlimited bandwidth. These offer an increased security in that only your traffic is on the wavelength or fiber strand.
Another VPN methodology is the MPLS network. MPLS or Multi Protocol Label Switching also runs on privately operated networks. It transports IP traffic as well as other protocols but doesn’t use IP labels for routing. Instead MPLS switches install special tags on each packet upon entry to the network and remove them before egress. This is where the virtual private designation comes in. You share the network with other users, but the proprietary MPLS technology protects the privacy of your data while it is on the network. You’ll hear this service referred to as MPLS VPN.
The most common application for VPN is when using the Internet as your connection from point to point or to the general public. If you do business on the Internet, you don’t really have a choice. You may also want to have home workers or traveling employees connect to your business systems without the expense of private lines. The challenge is how to make an inherently risky network like the Internet into something your can trust with sensitive date.
The answer is “tunneling.” This is a concept for creating private channels through a public network. The tunneling is accomplished by encrypting each packet so that it makes no sense to anyone but the intended parties. There are two software methods commonly used to accomplish this.
The legacy method is IPsec or Internet Protocol security. This requires special software to be installed on the company server and client computer. IPsec does the encryption and decryption and must be specially set up to create the virtually private tunnel. One installed, you have a VPN connection from wherever you want to use that particular computer. Other computers must have the same software installed or they won’t work on the VPN.
A competing method is called SLL or Secure Socket Layer. This is the technology you use when accessing your bank account or secure email. It’s become so standard that it is built into all Web browsers and many email programs. With SSL, you need a user account ID and a password to access your remote account. The nice feature is that you an access your account from just about any computer, private or public, and know that your data is securely encrypted.
Are you in need of a business-grade private or virtually private network connection? If so, check out the options and decide which works best for your applications.
