InformationWeek

October 26, 1998

My VPN Success Story

By Jason Levitt

eems like only a few years ago, I was a struggling telecommuter addict with a slow dial-up modem connection between Texas (my office) and New York (home of InformationWeek and its parent company, CMP Media) running Microsoft Mail for PC Networks 3.0. Later, I got an upgrade to a faster, but extremely expensive (mostly because of long-distance telephone charges) ISDN connection using Lotus Notes 4.5. Performance was especially poor because the ISDN was connected via my computer's serial port.

A virtual private network changed all that. It's as if I just graduated from rehab and life is rosy again. There are no more long-distance telephone charges, I've improved the stability of my computer, I've increased my network throughput, and I'm even off of my serial port (I could have gotten off my serial port before, but I just didn't have it in me).

I can make these statements with some sincerity since it's my personal business experience as a user, and not the outcome of some test handled under laboratory conditions. On the other hand, since I wasn't the one who did the dirty work of integrating the Bay Networks Extranet Switch into our corporate LAN (that person may be back in rehab), I don't really know what kind of effort was expended on the back end to get these results. But from my perspective, it was worth the effort.

Infrastructure Backgrounder
Like many companies, CMP Media provides Internet service provider services for its employees. This is done out of necessity. We have many remote users, home office users, and branch offices around the world. To ensure reliable access to our corporate publishing network, we've needed to maintain banks of dial-up ISDN and modem connections for our reporters and editors. While this has worked well, it has also required a great deal of money to use and maintain. There are also security concerns. Each available dial-in port and router represents another possible security hole--another location that requires constant security auditing.

VPNs To The Rescue
OK, so here's my point: CMP installed a VPN server (the Bay Networks Extranet Switch) and I was one of the early users. Our VPN pretty much solves all the problems mentioned above. The two charts below illustrate why.

Old Way--No VPN; CMP Media is my ISP:
* ISDN or analog modem.
* Long-distance telephone charges to New York.
* Switched phone network.

Advantages:
1. Easy to guarantee reliability with redundancy.
2. My connection's reliability is not usually affected by public Internet traffic, outages, or routing problems.

Disadvantages:
1. Mediocre performance (especially when using computer's serial ports).
2. Long-distance phone network charges are exorbitant.
3. More possible security holes.

New Way--I use a VPN and a local ISP:
* Use best bandwidth (xDSL, cable modem, or ISDN)
* Fixed monthly cost
* Connect through the corporate firewall

Advantages:
1. No long-distance charges.
2. Performance is as good as your connection to the Internet and your ISP's connection to the Internet.
3. One (or maybe two or three) security points of entry to maintain through the corporate firewall. Eases administration.
4. CMP gets out of the ISP business.

Disadvantages:
1. Subject to public Internet routing and congestion problems.

One of the really enjoyable aspects of the new VPN was how easy it is to use. We use the New Oak, now owned by Bay Networks, client software for Windows (figure 1) and Network TeleSystems' excellent TunnelBuilder software for the Macintosh (figure 2) to connect to the Bay Networks Extranet Switch. Once you have any kind of Internet connection established, turning on your VPN is a trivial matter of clicking a "connect" button. Figure 1 shows what the New Oak client looks like in the connected state, and Figure 2 shows the setup panel for TunnelBuilder. Both clients make use of PPTP (Point To Point Tunneling Protocol) and 128-bit encryption to safeguard the virtual LAN connection.

FIGURE 1

FIGURE 2

Till Next Time
Our VPN is working, and working well. As an added bonus, the stability of my computer has improved since I stopped using the serial port (I've found this is true of most computers). Our VPN is only routing IP right now, but I need AppleTalk to access our QuarkCopyDesk server. If we get that up and running, it'll be the topic of my next Internet Zone.

AuthorITies Archive

Send Us Your Feedback

Top of the Page


Karyl Scott: Enterprise View Karyl will explore the business and technology issues surrounding enterprise systems.		Stuart J. Johnston: Redmond Watch As our eyes and ears in Redmond, Stuart gives his perspective on the latest events at Microsoft.		Charles Pelton: Eye On IT Charles explores IT management issues and strategies that business and technology managers must face.		Lou Bertin: The Observer Lou offers a view of the good, the bad, and the bizarre developments in the technology business.