Virtual Private Networks

Virtual Private Networks, or VPNs, are hot these days, and vendors know it. Here's a look at the trends and technologies shaping these private networks that use the very public Internet.

Virtual Private Networks, or VPNs, are hot these days, and vendors know it. Here's a look at the trends and technologies shaping these private networks that use the very public Internet.

Trends to Watch

Beyond VPNs?
A relative newcomer to the market says its Instant Virtual Extranet (IVE) goes beyond a VPN in terms of secure access. The solution from Neoteris Inc. (, whose board chairman is Jim Clark of Netscape fame, comes in the form of a network appliance. The company is trying to distance itself from VPNs, which it says are much less secure because VPNs provide a full network-layer connection, opening up the LAN to Trojans, viruses and other vulnerabilities.

Neoteris says the added benefit of an IVE is that authorized users access information at the application layer, increasing administrators' access controls and eliminating any exposure to the LAN. Its administration software allows companies to assign security and application access to individual users or groups down to file and URL level, and the box can handle client/server, SSH/telnet, dynamic Java, Web application, file sharing, and e-mail access over the Internet. Once plugged into your network and configured, users on the Internet communicate with the IVE box, which in turn communicates with network resources and dynamically transforms and carries network content back to the user via SSL, all the while creating a detailed log.

Riding the RAIL
Forrester Research reports that Redundant Arrays of Internet Links (RAIL)—a term it coined—may be the next "networking revolution," making VPNs compelling. RAIL combines VPN gear with route optimization technology to provide consistent performance, increased reliability, and up to 20 percent savings over VPNs without such optimization. Forrester says the route optimization market has "blossomed to include nearly a dozen companies," but that it will shrink by the beginning of 2003 to just four contenders: Sockeye Networks, RouteScience Technologies, Proficient Networks and netVmg.

VPN Deployment

  • At least 60 percent of large enterprises will begin deploying site-to-site VPN links to replace or at least supplement existing WAN services with restoral and bandwidth on demand.

  • More enterprises will abandon the roll-your-own approach in favor of managed services. They're hoping for faster deployment using fewer resources and lower capital expenditures.

  • Early-stage extranet deployments of new firewall-transparent VPN products based on Secure Sockets Layer (SSL) and lightweight clients will commence, as will their use to more cost- effectively support remote access by day extenders.

Source: Giga Information Group

VPN Momentum
It all seemed so simple. Communicating between remote sites and headquarters meant you contracted for communication lines from the phone company, tied them all together with routers and hubs, paid a monthly fee for that connectivity, and then started exchanging data. Your company "owned" the network in the sense that no one else could use it.

But now there's an alternative: VPN (Virtual Private Network) technology that allows your company to use the public, not-secure Internet and create a tunnel from headquarters to a remote site, encrypting data as it goes. The VPN allows you to create a secure, private pathway over the insecure, public Internet.

Total IP VPN services in the United States will grow from over $5.4 billion in 2001 to nearly $14.7 billion in 2006.

Source: IDC

VPNs mean faster implementation and significantly lower cost, because your company no longer has to wait months for a telecommunications provider to set up the private network. VPN hardware and software costs are trivial by comparison. Gone are monthly fees for leased lines—now the Internet routes the traffic.

VPNs also make it possible for remote access. Users can now connect to the corporate network easily, creating a new category of users: Day extenders, or employees who work from home in the evening.

Money TreeWorldwide end-user VPN product and service expenditures will grow 117 percent, from $21.3 billion to $46.2 billion, between 2002 and 2006. SSL VPNs (called Application Layer VPNs) will surge to $871 million by 2005.

Source: Infonetics

SSL VPN: The New Buzzword
The greatest excitement is coming from what's called Secure Sockets Layer (SSL) VPN, which applies VPNs to extranets. If your corporation wants to provide access to its CRM application to its business partners, an SSL VPN is the way to go. You may also see this technology referred to as an Extranet VPN.

SSL VPNs allow a corporation to establish a controlled way for its partners to access its applications without building security into each and every one of those applications. Instead of rolling out a new Web application and building security into this extranet, a company sets up an SSL VPN in a matter of weeks; security is independent of each application.

Aventail Corp. ( is the technology leader in the field, but within the last six months it estimates that more than 20 companies have announced support for the technology. Other players in the market include Safeweb Inc. ( and SonicWALL Inc. (

Aventail says companies it's worked with can typically save 40 to 60 percent by using an SSL VPN over traditional IPSec remote-access solutions. One immediate savings Aventail says its customers realize: Work-at-home users don't need specially equipped laptops to do their jobs—just access to the Web.

SSL VPNs have additional benefits for remote users. Currently, standard VPN access requires a software client on the remote user's PC. This makes them unusable when you're using a kiosk at the airport, for example. With SSL VPN, the user only needs access to a browser, making access possible from kiosks.