Virtual Private Networks: Trends and Strategies Presented by: Rick Blum Victor Danevich Brian Schulz January 19, 2000 Lucent NetCare Knowledge Seminars Sharing the Knowledge Behind the Network
10/1/ Background s Lucent NetCare Professional Services is a provider of communications consulting, intelligent maintenance, and management solutions for next generation networks. s Seminar Objectives Provide insight into current efforts and future plans for virtual private networks (VPNs). Help organizations assess their progress developing VPN solutions. Identify barriers and challenges to achieving goals.
10/1/ VPN Definition A computer network designed to use a shared WAN infrastructure to securely transport data communications using IP. Internal implementation: all VPN functionality resides outside the service provider network (WAN). Managed solutions: provided by carrier VPN capabilities via carrier POP, or Carrier managed premises equipment
10/1/ Secure Internet/IP VPNs Shared IP Network Branch Offices Corporate Headquarters Customers, Suppliers Remote Workers Internet Secure IP VPN emulates a private network over a shared IP network, often the public Internet.
10/1/ Market Trends s Improve remote access for Mobile workers Branch offices Partners and customers (extranet) s Promise of substantial reductions in WAN costs s Quickly evolving technology s Market has moved from curiosity to deployment
10/1/ Importance to IT Strategy of Implementing or Improving VPN
10/1/ Most Important Networking Objective Driving VPN Strategy
10/1/ Situation: Large Accounting/Consulting Firm s75,000 potential remote access users s7 million minutes connect time/mo. sDial-up cost $0.07/minute over “800” line sTotal monthly connection cost = $490,000 VPN Solution: s4,500 users created 90% of traffic sConnect to VPN via $20/mo. sVPN implementation cost minimal using existing technologies sOngoing savings = $350,000/mo. Case Study: Cost Reduction
10/1/ Multiple VPN Stakeholders/Types ? Decision IT Network Organization IT Security Group Finance Firewall-based Router-based Server-based Dedicated device
10/1/ Internal Firewall-Based VPN Firewall- based VPN Gateway Firewall- based VPN Gateway Server Wkstn File Server Server Wkstn VPN Tunnel VPN Mgmt. Domain VPN Mgmt. Domain Internet or shared network
10/1/ Internal Router-Based VPN Router- based VPN Gateway Router- based VPN Gateway Server Wkstn File Server Server Wkstn VPN Tunnel Internet or shared network VPN Mgmt. Domain VPN Mgmt. Domain
10/1/ Internal Server-Based VPN Server- based VPN Gateway Server- based VPN Gateway Server Wkstn File Server Server Wkstn VPN Tunnel Internet or shared network VPN Mgmt. Domain VPN Mgmt. Domain
10/1/ Internal Dedicated VPN Device Dedicated VPN Gateway Dedicated VPN Gateway Server Wkstn File Server Server Wkstn VPN Tunnel Internet or shared network VPN Mgmt. Domain VPN Mgmt. Domain
10/1/ One Client, Multiple VPN Implementations Situation: Large Bank with 800 Clients sFirewall-based: Remote access sRouter-based: WAN connectivity sSoftware-based: Disaster recovery sDedicated device: Multiple clients
10/1/ VPN Types Implemented or Being Considered
10/1/ Managed VPN Solution SP VPN Gateway SP VPN Gateway Server Wkstn File Server Server Wkstn VPN Tunnel Internet or shared network VPN Management Domain
10/1/ Managed VPN Solution s Encrypted IPSec tunnels secure data traversing the shared IP infrastructure. s Global VPN NOC configures, monitors and manages all customers’ VPNs. s VPN Routers (managed CPE) shape traffic, collect performance statistics and route customer traffic. s Remote access users employ PC client software to securely access data at corporate sites. Enterprise B Site 1 Company A Site 3 Company A Site 2 Company A Site 1 Enterprise B Site 2 Enterprise B Site 3 Enterprise B Remote User Company A Remote User Encrypted Traffic Global VPN NOC Network Monitoring VPN Config.
10/1/ VPN Tunneling Protocols Implemented or Planned to be Implemented
10/1/ Authentication Technologies Implemented or Planned to be Implemented
10/1/ VPN Gap
10/1/ Area That is Biggest Challenge to Resolving VPN Issues
10/1/ Organizational Considerations sPolicies s Staffing sProcedures sSupport
10/1/ Areas in Which Help is Needed to Evaluate, Implement, or Enhance VPN Capabilities
10/1/ The Bottom Line sA shortage of experienced network professionals skilled in VPN technologies will remain for some time. sEvaluations of the advantages of an internal implementation versus a managed VPN service should give due consideration to the cost of acquiring and/or retaining VPN expertise while ultimate technological directions are still uncertain.
10/1/ The Bottom Line (cont.) sVPN protocols and technologies for access and authentication are still evolving, as are the various options for implementing a VPN in software or hardware. sBalance short-term needs for specific capabilities against long-term advantages of compatibility and interoperability. The goal is to find a solution that will follow these tenets, and also provide scalability as VPN products mature.
10/1/ The Bottom Line (cont.) sTechnology will be only the starting point for a successful VPN strategy. In the earliest stages of planning, consider the organizational impact of the VPN. sBuild into the overall plan the specific processes, procedures, and end-user training that will be required to smoothly transition to a VPN computing model.
10/1/ Lucent Knows VPNs s Lucent NetCare Professional Services Network consulting services Network security practice s Lucent VPN Product Set VPN RoutersVPN Policy Manager VPN Gateway Integral VPN Client s Lucent VPNWorX End-to-End Solution Enterprises Service Providers
10/1/ Question and Answer Q&A ? !
10/1/ Thank You s VPN Whitepaper Available after Web Seminar at s Feedback Survey Tell us what you think about this seminar s For More Information Call NetCare