How to Align VPN Planning to Enterprise Security, Mobility Requirements

Solution No. 3: OpenVPN

Like freeware and remote access utilities, OpenVPN's low ongoing costs are attractive to users. The open-source software is a strong solution for smaller companies and individuals. It offers multiplatform support and can be installed in Linux, Unix, Windows and Mac OS X; many community support options are available for OpenVPN. Other strengths of this VPN choice include support for dynamic IP addresses and Network Address Translation (NAT), adaptive link compression, and a modular design that offloads most crypto tasks to the OpenSSL library.

Because of its power and flexibility, OpenVPN can be difficult for users; functionalities are limited without putting effort into configuring and setup. The software does not prevent unencrypted traffic from flowing along the connection and it is able to circumvent firewalls when clients are in restrictive environments.

From a network administrator's standpoint, OpenVPN is actually forgoing the security policies in place. Enterprises should also bear in mind that OpenVPN is based on SSL; a hybrid IPSec and SSL solution offers better use for both the power user and those that only need occasional remote network access.

Solution No. 4: Traditional and paid-for

Enterprises have long debated the benefits of software versus hardware VPNs. Traditional VPN software has been noted as a more cost-effective option, especially with regard to upgrades and scalability. Another advantage of the software approach is that the network does not change; no extra devices need to be installed, and configuration and management tools should remain consistent. As it is software, virtualization is possible. Plus, fail-safe backup systems can "live" in any corporate office, making redundancy much less expensive for enterprises.

The IPSec and SSL protocols are another area of contention around VPN technology. IPSec VPNs have traditionally had large management and administrative overheads associated with them, as they have relied on the manual installation of software agents on each device. SSL VPNs can be limited in their capabilities for achieving full remote access and may not work as well with complex applications.

On the upside, a new generation of IPSec VPNs have streamlined the management headaches and automated the administration and maintenance of hybrid IPSec and SSL VPNs through a single point of administration.

Jörg Hirschmann is Director of Technology / Services for NCP engineering GmbH. Jörg has worked for the company since 1994 and has held various support, consulting, system engineering and training roles. Previously, Jörg was employed in the computing department of Schöller from 1989 to 1991, and gained experience in databases and mainframe computer systems. He can be reached at Joerg.Hirschmann@ncp-e.com.