Proceed with caution

Virtual private networks can be cost effective, easy to use, and flexible, but security is still a major concern.

By Lauren Gibbons Paul | Posted Jun 1, 1999
Page 1 of 2
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

This time last year, Dave Dengler was facing a conundrum. The CIO for Keane Inc., a Boston-based management consulting firm, Dengler wanted to encourage his company's consultants to access Keane's intranet more often when they were on the road. "We had just spent a lot of time building a knowledge management system [on the intranet] and we wanted people to use it," says Dengler. This system is a repository for the company's intellectual property. It includes information on the Keane sales process, industry and company knowledge, proposals, and presentations. The idea is for consultants to be able to access a presentation that's already been created so they don't have to do the work over again.


Dave Dengler, CIO for Keane Inc.

On the other hand, Dengler knew his dial-up charges would skyrocket as remote usage went up, since the fees were based on per-minute usage time. And that was not a happy thought. Dengler had already seen his costs increase 400% from the beginning to the end of 1998. So, he began to look for alternatives to using the dial-up radio server service from Sprint Communications Co.

The idea of building a virtual private network (VPN) soon presented itself as the answer to his prayers. Dengler had been thinking about VPNs for a few years and had some familiarity with the concept. So when he saw how his dial-up bills were skyrocketing, he decided to look into VPNs more closely. With a VPN, Dengler could eliminate the per-minute usage fees and give his nomadic users a reliable, friendly way to access their files, e-mail, and intranet content.

VPN's Advantages
Forrester Research asked IT managers from 22 large companies in late 1997 why they chose a VPN over other network approaches. The response:


Source: Forrester Research Inc., late 1997 report

"It had to be easy to use. It had to be secure. And it had to be cost effective," says Dengler. After evaluating products from AT&T Corp., GTE Corp., and other vendors, he decided to build a VPN based on the RiverWorks family of products from Indus River Networks Inc. of Acton, Mass. The RiverWorks suite comprises a tunnel server (which creates the tunnel and encrypts the traffic), a management server (for network management capability), and the RiverPilot Universal Access Manager (client remote-access software). Now, nearly 2,500 Keane consultants and salespeople access the intranet via the VPN, making it one of the larger installations from any vendor in the country. The payoff: Dengler's Sprint bill dropped $10,000 from April to May of this year, and he expects to reduce his remote-employee access costs by two-thirds once all the road warriors are using the VPN. "This caps my costs. That's the most important thing," says Dengler. Now, he wholeheartedly welcomes an explosion in remote access usage.

Virtual private nirvana

AT A GLANCE: Keane Inc.
The company: Keane Inc., of Boston

The problem: Remote employee access to Keane's corporate intranet was growing rapidly--and dial-up access fees were exploding right along with usage.

The solution: By creating a secure VPN over the Internet using Indus River Networks Inc.'s Riverworks VPN gateway, dial-up costs were reduced.

Loosely defined, a VPN is a private, secure tunnel through the Internet, which companies can use as a WAN to connect geographically dispersed users, customers, and business partners. Companies can build their own VPNs using a wealth of products (from vendors such as Check Point Software Technologies Inc., Cisco Systems Inc., Indus River, Network Associates Inc., and 3Com Corp.) or elect to outsource the VPN to a carrier (such as AT&T and MCI WorldCom USA).

Common applications are connecting corporate branch offices, giving mobile employees intranet access, and linking a corporation's trading partners on an extranet. The second of these, connecting remote employees to the corporate intranet, is the biggest growth area today, says Jay Chaudhry, executive vice president and general manager of VeriSign Inc., a Mountain View, Calif., vendor that helps companies evaluate and deploy VPN products.

As the Keane example shows, cost is the clearest reason to choose a VPN over other networking alternatives. VPNs boast cost savings of between 20% and 80% over dial-up, Frame Relay, and leased-line access, according to Infonetics Research Inc., a market research company in San Jose, Calif. Ted Julian, an analyst at Forrester Research Inc., compares accessing the corporate network via leased lines to driving to work in a tank, an undoubtedly expensive proposition. "VPNs are the Honda Civic. They're much more cost effective," says Julian, at the Cambridge, Mass., headquarters of Forrester.

Future VPN Use
The majority of IT managers at 22 large companies estimated VPN use would grow over the next two years.


Source: Forrester Research Inc., late 1997 report

Cost isn't the only advantage, however. VPNs in theory are easier to manage than the other alternatives, making it a snap to add and remove users. And at its best, the technology is transparent to the end user, with no additional training required.

Keane's Dengler says RiverPilot, the RiverWorks dialer, is particularly user friendly. It can figure out where the user is calling from and automatically choose the most cost-effective number to call to get into Earthlink, Keane's ISP. The dialer has embedded intelligence that allows it to prescribe a solution if there's a problem--for instance, if the modem cable is unplugged. Users applaud this capability, says Dengler.

Access control is a problem

When implemented properly, VPNs are more secure than conventional WANs. With most implementations, all data going through the tunnel is encrypted and users are authenticated prior to being allowed through the VPN gateway. But security is one of the trickiest VPN issues. The stakes are high, since all the data is flowing over a public network (i.e., the Internet), which is inherently totally insecure. So, users must implement VPNs in conjunction with strong firewalls and encryption and authentication products.

"Security is an extremely critical piece of it," says VeriSign's Chaudhry. Choosing a firewall, a VPN gateway, and strategies for encryption and authentication of users are the biggest headaches of the VPN implementation, he says. VeriSign sells a product that authenticates users via Public Key Infrastructure (PKI) digital certificates, a newly developed security standard.


Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter