As enterprises expand their corporate networks to new sites, remote workers and partners, they are increasingly deploying virtual private networks on IP technology. And as they do, they are faced with new challenges: In order to deliver quality of service, flexibility and scalability while providing a wide variety of remote access, for example, many organizations have had to deploy and manage multiple types of VPNs.
eWeek: What were the key challenges you encountered when deploying VPN products?
Benincasa: When we began the deployment, it took a lot of planning to synchronize existing frame [relay] sites with the VPN sites.
Training of personnel worldwide to support the deployment was important. Personnel needed to understand the firewall/VPN software, as well as the security criteria. When we made the change, we moved from a supplier-managed frame [relay] to an in-house-managed VPN.
Once the VPN was installed, we had to ensure that users did not see any reduction in responsiveness or reliability.
Otherwise, the implementation would have been considered a failure, no matter how well it actually went.
Wilson: Desktop maintenance was one issue. Performing desktop maintenance on VPN- connected clients can be a real challenge, and some management applications make it more difficult than others.
Knouse: We deployed a VPN in our retail stores, and the key challenge was the planning and coordination effort. The technical implementation was not difficult—it was making sure that the telecom engineer, the local phone company, the VPN vendor, store manager or shopping center representative, etc., were able to show up at the same time so that the expenses of installation in terms of time on-site and travel expenses were kept to a minimum.
eWeek: What are the top things IT managers should consider when planning a VPN project?
Benincasa: We wanted to minimize latency and multisupplier issues, such as "The problem is not my network," when selecting suppliers to provide the T-1/DSL lines. It was important to try to use one supplier for the best performance. Standardization of the firewall/VPN software was important in order to be able to effectively support the VPN. This would make it easier to manage, trouble-shoot and train for.
Quality and reliability of the software and the T-1 line/backbone were some of the most critical criteria. We wanted to make sure that business needs were being met or exceeded based on our frame network performance. Cost was also an important factor. We could not afford to increase costs for a VPN while, at the same time, trying to improve performance over our frame network.
Kosiur: IT managers should look at the type of security they need for their traffic. They should also look at the reliability of the VPN. If youre going to make this your business- critical LAN/WAN networking technology, you need to make sure theres failover on the devices. As customers become more interested in leveraging VPNs for services like voice- and videoconferencing, they will become increasingly concerned with performance.
Another important point is to look at what kind of cost savings youll actually achieve. A lot of companies decide they can save money by using VPNs but dont factor in additional costs like rolling out clients with secure IDs. You need to be cognizant of the long-term management costs.
Finally, there needs to be a transparency of the VPN. Softwares gotten smarter, so the user doesnt have to be as involved in running a VPN. But its still a product-by-product advance. IT managers looking to deploy VPNs have to carefully figure out what the pain threshold [is] for themselves and their users.