What is a VPN? .. Explaining Virtual Private Networks

As it is most commonly defined, a virtual private network (VPN) allows two or more private networks to be connected over a publicly accessed network. In a sense, VPNs are similar to wide area networks (WAN) or a securely encrypted tunnel, but the key feature of VPNs is that they are able to use public networks like the Internet rather than rely on expensive, private leased lines. At they same time, VPNs have the same security and encryption features as a private network, while taking the advantage of the economies of scale and remote accessibility of large public networks.

A VPN is an especially effective means of exchanging critical information for employees working remotely in branch offices, at home, or on the road. It can securely deliver information between vendors, suppliers, and business partners, who may have a huge physical distance between them. Since companies no longer have to invest in the actual infrastructure themselves, they can reduce their operational costs by outsourcing network services to service providers. VPNs can also reduce costs by eliminating the need for long-distance telephone charges to obtain remote access, as client need only call into the service provider's nearest access point.

VPNs today are set up a variety of ways, and can be built over ATM, frame relay, and X.25 technologies. However, the most popular current method is to deploy IP-based VPNs, which offer more flexibility and ease of connectivity. Since most corporate intranets use IP or Web technologies, IP-VPNs can more transparently extend these capabilities over a wide network. An IP-VPN link can be set up anywhere in the world between two endpoints, and the IP network automatically handles the traffic routing.

Privacy and protection of data is of utmost importance when deploying services over the Internet, where it can be vulnerable to attacks or illegal entry. Secure IP-VPNs are networks that are secured by encryption and authentication, and layered on an existing IP network. In response to security issues, the Internet Engineering Task Force (ietf.org) has developed the IP Security (IPSec) protocol suite, a set of IP extensions that offer strong data authentication and privacy guarantees.

Although security features differ from product to product, most IP-VPN providers generally private network tunnelling through the IP backbone, data encryption, authentication proxying,, firewall, and spam filtering.

VPN products fall into three broad categories: hardware-based systems, firewall-based systems, and standalone application packages. Most hardware-based VPNs are encrypting routers, which are considered secure and simple to use, as they are the nearest thing to "plug-and-play" equipment available. However, they may not be as flexible as software-based systems, which are ideal in situations where both endpoints of a VPN are not controlled by the same organization, which is typical for business partnerships or when client support is required. Firewall-based VPNs are considered among the most secure, as they take advantage of the firewall's existing security mechanisms. However, if the firewall is already loaded, performance issues may pop up.

However, as the VPN market continues to rapidly evolve, the lines between different VPN architectures are increasingly blurred; many hardware vendors have included software clients to their product offerings, and extended their server capabilities to include the security features found in software- or firewall-based VPNs. Similarly, some standalone products have added support for hardware-based encryptors to boost their performance.

Companies providing managed VPN services will usually bundle other value-added services to their secure global connectivity such as consulting, design and support for emerging applications, such as voice over IP, e-commerce, and network-hosted applications.