What is a VPN?

The term VPN is very popular in the IT world today and it gets thrown around quite often as a method interconnecting data networks. I'm sure some of you have been sitting in a meeting and heard the phrase "we'll just use a VPN" and had no idea what they were talking about. To be quite frank, being a Network and Security Engineer for many years now I've heard the question "What about using a VPN?" way to often by someone that didn't really didn't even know what it was. If you do know about VPNs then this article is probably not for you. However, if you don't know what a VPN is or know very little about them then I think this article can offer you some insight into the world of Virtual Private Networking.

The most common function of a VPN is to connect multiple private networks securely across an unsecured public network like the Internet. A private network in this case would be a network in which the traffic is not freely accessible by the public. If we break down the meaning of Virtual Private Network in the instance explained above it would be as follows. The two end points of this "network" are private networks that are seamlessly connected across a public network in which neither private network knows about, creating a "Virtual Private Network" between them.

The VPN came about mostly due to companies expanding their businesses geographically. Expansion across the country and even the world made logistics a nightmare for many companies open to the global market. The need for fast, secure and reliable connectivity to maintain their business needs became greater and greater. Prior to VPN technology internetwork connectivity had to be maintained by expensive leased lines that generally grew in cost when they grew in distance. Many companies resorted to remote access dial configurations to a central location with an 800 numbers that could roll over multiple telephone lines. Of course the cost to maintain the lines and the charge for the 800 number was also expensive. With the popularity of the Internet growing it was only a matter of time before technologies that could leverage a preexisting world wide network and build secure network connectivity would emerge.

Since most companies already relied on the Internet for email and web access they generally had a readily available connection at most sites they could use for LAN to LAN (Local Area Network) VPN connectivity. Sometimes the bandwidth (speed) of the connection might have to be upgraded in order to carry the extra data but it would still be less expensive than having to add an extra connection for the company data alone, not to mention the extra expense of the dedicated circuit depending on where it would terminate geographically. In some cases where a remote office was too small to have its own dedicated circuit they might have used dialup internet for these functions but that's ok, you can build Client to LAN VPNs over those dialup connections as well. These scenarios are becoming more popular and replacing a lot of older technologies like frame-relay that used to power large enterprise network WANs (Wide Area Network).

Security is of course a concern when private network traffic is using a public network as a transit medium so generally VPNs are built between networks using an encrypted VPN tunnel. There are many forms of VPNs that could be classified in the layers of the OSI (Open Systems Interconnection Reference Model) but I won't go that in depth here since that is out of the scope of this beginners document.

In this document I will classify them into two categories: Encrypted and Non-Encrypted VPNs.

Encrypted VPN

An encrypted VPN will secure the traffic that is being sent across an unsecured public network by using various types of encryption mechanisms. IPSec is the most popular form of encrypted VPN tunnel in use today when building a secure VPN tunnel over the Internet.

Non-Encrypted VPN

A non-encrypted VPN would mean that either the data flowing across the VPN is not secured at all or is being secured by means other than data encryption. MPLS (Multi Protocol Label Switching) VPNs use route segregation across a virtual connection between the two private networks to secure the routing of the traffic between only them across the public network. A GRE (Generic Routing Encapsulation) tunnel can be used as well in order to hide a global network from the private end points and even encapsulate multiple protocols inside of TCP/IP that normally couldn't be routed over an all IP network. This type of tunnel could actually be encrypted by a higher layer protocol like SSL (Secure Socket Layer) as well.

So we've seen that VPNs can save money by reducing circuit costs between remote offices and headquarters but VPNs can also used by companies that have recently acquired by another company and the two networks now need to be integrated. This is particularly handy for networks that need to merge quickly or that have great geographic boundaries. Both of these types of networks would be considered an Intranet VPN. What if multiple companies form a partnership and need to share certain valuable network resources with one another? An Extranet VPN could be used in this specific type of situation. Another use for a VPN is to support mobile or home users that need to access network resources away from the office.

With the security, reliability, scalability and ease of management available in many forms of VPNs today its no wonder their popularity continues to grow. One thing is certain, no matter how many different ways there are to setup a VPN the goal of seamless network connectivity regardless of the geographic location and the quicker return ROI (Return on investment) of the software/equipment versus traditional leased lines remain the same. Hopefully the next time you're in a position where the term VPN is brought up as a viable solution you will have a little better understand behind the concept of Virtual Private Networking.