Building and Managing Virtual Private Networks
`by Dave Kosiur
`Hal:-york; Wiley Computer Publishing, John Wiley & Sons, lnc_
`
`‘ lSBN:0471295264 Pub Date: o9ro1r93
`
`Preface
`
`PART 1—The Internet and Business
`
`CHAPTER 1—Business on the Internet
`
`The Changing Business Environment
`
`The Internet
`
`The Internet’s Infrastructure
`
`What the Internet Delivers
`
`Using Internet Technology;
`
`Summarx
`
`CHAPTER 2—Virtual Private Networks
`
`The Evolution of Private Networks
`
`What Is an Internet VPN?
`
`Whv Use an Internet VPN?
`
`Cost Savings
`
`Some Detailed Cost Comgarisons
`
`SCENARIO l
`
`SCENARIO 2
`
`SCENARIO 3
`
`Flexibilitv
`
`Scalability
`
`Reduced Tech Suggort
`
`Reduced Eguiflment Reguirements
`
`Meeting Business Exgectations
`
`Summarx
`
`CHAPTER 3—A Closer Look at Internet VPNS
`
`The Architecture of a VPN
`
`1
`
`MICROSOFT 1024
`
`

`
`fuEmmis:=
`‘
`
`I
`
`'-_9%5“.'i€u*;.3f32‘.“ii3:§+l'$Ig
`
`«' 9
`
`-§'§1_'r'rI_:h;§-
`
`_
`
`_'——i
`
`fi“{f«§@1ii.tIv;t1_unl’:?.i_-§§sLwJm1Ifi__cI:ss
`"_(5.iITe:'-"T"m’-I11‘-e. Pfisswiflrfifil
`-..__".-
`
`2
`
`

`
`vi
`Rte i:M:’i'-‘i!ISf7l‘iI1‘e3l1i11'1é§. *‘
`‘.__.
`_*'I_-"I§L_E.'I'u1,..-'~KE‘&”"§;ER1I71FéT-(§&;$3ES_
`..j__...— ____,_
`_,
`
`3
`
`

`
`.
`
`'7e1:'1:§‘m% % igzwtgo 'rEtiifiIti.a
`*
`’
`_
`
`:1smw~m ;
`“
`
`1
`
`':** mw'
`
`4
`
`

`
`SEEIiI_R}T$” miagfinfim
`
`5
`
`

`
`_.e'§-mFI?i:réé§t&!l#;
`
`%L'15l17'@lR“3i¥F!‘L*1i“é“??5‘%$*L
`-
`-
`-4-I.
`.
`-I
`:.o .
`(1.:-_.
`-4-
`-v -- -
`
`_{§3iif'1_'I°~:’!r§L4!;il;F_§:=3;_i'Ii'*lf"nS?:lfi"*l‘.§F§'~‘.-j
`_» - -
`--
`.
`_,...
`
`Z;-;;4k4piI1fi:ifii<fI*».i;?£‘fz*ii§ii1*=V*s2*7<:3i~?*’fiffiE¢.+i¥fi§fiI3.i:'*ffS§
`
`_
`
`M.
`
`_. -:¥Tl?N1H
`
`-
`
`.
`
`6
`
`

`
`+ "'_."f*€;elfSé1‘tT€':-i098‘
`
`L
`
`7
`
`

`
`8
`
`

`
`Building and Managing Virtual Private Networks
`by Dave Kosiur
`Networks Wiley Computer Publishing, John Wiley & Sons, inc.
`ISBN: 0471295264 Pub Date: 09i01l98
`
`Previous Table of Contents |Next
`
`Preface
`
`The world of virtuai private networks (VPNS) has exploded in the last year, with more and more vendors
`offering what they call VPN solutions for business customers. Unfortunately, each vendor has his own
`definition of what a VPN is; to add to the confusion, each potential customer has his own idea of what
`comprises a VPN as well. Mix in the usual portion of marketing hype, and you’ve got quite a confusing
`situation indeed.
`
`One of the purposes of this book is to dispel] as much of the confusion surrounding VPNS as possible.
`Our approach has been based on three main ideas: relate the current usage of the term VPN to past
`private networks so that both experienced and new network managers can see how they’re related;
`carefully describe and compare the various protocols so that you, the reader, will see the advantages and
`disadvantages of each; and always keep in mind that more than one kind of VPN fits into the business
`environment. With the wide Variety of technologies available for VPNS, it should be the customer who
`decides what kind of VPN—and, therefore, what protocols and products—meets his business needs best.
`
`To that end, this book aims to provide you with the background on VPN technologies and products that
`you need to make appropriate business decisions about the design of a VPN and expectations for its use.
`
`Who Should Read This Book
`
`This book is aimed at business and IS managers, system administrators, and network managers who are
`looking to understand what Intemet-based VPNS are and how they can be set up for business use. Our
`goal is to provide the reader with enough background to understand the concepts, protocols, and systems
`associated with VPNS so that his company can decide whether it wants to deploy a VPN and what might
`be the best way to do so, in terms of cost, performance, and technology.
`
`How This Book Is Organized
`
`This book has been organized into five parts:
`
`1. The Internet and Business
`
`2. Securing an Internet VPN
`
`. Building Blocks ofa VPN
`
`. Managing a VPN
`
`. Looking Ahead
`
`9
`
`

`
`Part I, The Internet and Business, covers the relationship between business and Internet, including how
`VPNS can provide competitive advantages to businesses. The first three chapters of the book make up
`Part 1.
`
`Chapter 1, “Business on the Internet,” discusses today’s current dynamic business environment, the
`basics of the lntemet, and how Internet technology meshes with business needs using intranets, extranets,
`and VPNS.
`
`Chapter 2, “Virtual Private Networks,” covers the different types of private networks and virtual private
`networks (VPNs) that have been deployed by businesses over the past 30 years and introduces the focus
`of this book, virtual private networks created using the Internet. Here, you’ll find details on cost
`justifications for lntemet—based VPNS, along with other reasons for using VPNS.
`
`Chapter 3, “A Closer Look at Internet VPNS,” delves into the nature of l.ntemet-based VPNS, introducing
`their architecture as well as the components and protocols that can be used to create a VPN over the
`Internet.
`
`Part II, Securing an Internet VPN, focuses on the security threats facing Internet users and how the three
`main VPN protocols—lPSec, PPTP, and L2TP—deal with these security issues so that you can properly
`design a VPN to meet your needs. Chapters 4 through 8 are included in Part II.
`
`Chapter 4, “Security: Threats and Solutions,” describes the major threats to network security and then
`moves on to detail the principles of different systems for authenticating users and how cryptography is
`used to protect your data.
`
`Chapter 5, “Using IPSec to Build a VPN,” is the first of three chapters presenting the details of the main
`protocols used to create VPNS over the Internet. The first of the trio covers the IP Security Protocol
`(IPSec) and the network components you can use with IPSec for a VPN.
`
`Chapter 6, “Using PPTP to Build a VPN,” discusses the details of PPTP, the Point—to-Point Tunneling
`Protocol. Like Chapter 5, it includes a discussion of protocol details and the devices that can be deployed
`to create a VPN.
`
`Chapter 7, “Using LZTP to Build a VPN,” is the last chapter dealing with VPN protocols; it covers
`L2TP, the Layer2 Tunneling Protocol. It shows how LZTP incorporates some of the features of PPTP and
`lPSec and how its VPN devices differ from those of the other two protocols.
`
`Chapter 8, “Designing Your VPN,” focuses on the issues you should deal with in planning your VPN.
`The major considerations you’ll most likely face in VPN design are classified into three main
`groups—network issues, security issues, and [SP issues. This chapter aims to serve as a transition from
`many of the theoretical and protocol-related issues discussed in the first seven chapters of the book to the
`more pragmatic issues of selecting products and deploying and managing the VPN, which is the focus of
`the remainder of the book.
`
`Part III, Building Blocks ofa VPN, moves into the realm of the products that are available for creating
`VPNs, as well as the role the ISP can play in your VPN.
`
`Chapter 9, “The ISP Connection,” focuses on Internet Service Providers, showing how they relate to the
`lnternet’s infrastructure and the service you can expect from them. Because your VPN is likely to
`become mission-critical, the role of the [SP is crucial to the VPN’s success. We, therefore, cover how
`
`10
`
`

`
`service level agreements are used to state expected ISP performance and how they can be monitored. The
`last part of this chapter summarizes some of the current ISPs that offer special VPN services, including
`outsourced VPNS.
`
`Chapter 10, “Firewalls and Routers,” is the first of three chapters that deal with VPN products. This
`chapter discusses how firewalls and routers can be used to create VPNS. For each type of network device,
`we cover the principal VPN-related requirements and summarize many of the products that are currently
`available in the VPN market.
`
`Chapter 1 1, “VPN Hardware,” continues the product coverage, focusing on VPN hardware. One main
`issue covered in the chapter is the network services that should be integrated in the hardware and the
`resulting effects on network performance and management.
`
`Chapter 12, “VPN Software,” deals with VPN software, mainly the products that can be used with
`existing servers or as adjuncts to Network Operating Systems. As in the previous two chapters, this
`chapter includes a list of requirements and a summary of the available products.
`
`Part IV, Managing a VPN, includes three chapters that cover the three main issues of
`management—security, IP addresses, and performance.
`
`Chapter 13, “Security Management,” describes how VPNS have to mesh with corporate security policies
`and the new policies that may have to be formulated, particularly for managing cryptographic keys and
`digital certificates. The chapter includes suggestions on selecting encryption key lengths, deploying
`authentication services, and how to manage a certificate server for digital certificates.
`
`Chapter 14, “IP Address Management,” covers some of the problems network managers face in
`allocating IP addresses and naming services. It describes the solutions using Dynamic Host
`Corgfiguration Protocol (DHCP) and Dynamic Domain Name System (DDN S) and points out some of the
`problems VPNs can cause with private addressing, Network Address Trcmsfation (NAT), and DNS.
`
`Chapter 15, “Performance Management,” is concerned with the basics of network performance and how
`the demands of new network applications like interactive multimedia can be met both on networks and
`VPNS. The chapter describes the five major approaches to providing differentiated services and how
`network management can be tied to VPN devices, especially through policy—based network management.
`
`Part V, the last part of the book, is called Looking Ahead and covers likely ways to expand your VPN and
`what the future may hold.
`
`Chapter 16, “Extending VPNS to Extranets,” deals specifically with the issues of extending your VPN to
`become an extranet to link business partners together for electronic commerce. It covers some of the
`main reasons for creating an extranet and points out some of the issues you’ll have to deal with while
`getting all the parts of an extranet to work together.
`
`Chapter 17, “Future Directions,” is our attempt to project where the VPN market is going and what’s
`likely to happen in the next few years, in the development of VPN protocols, the products that support
`them, and the uses businesses will create for VPNs.
`
`lPrevious lTable of Contents [Next
`
`11
`
`

`
`Building and Managing Virtual Private Networks
`by Dave Kosiur
`Networks Wiley Computer Publishing, John Wiley & Sons, Inc.
`ISBN: 0471295264 Pub Date: 09i01l98
`
`!Previous Table of Contents lNext
`
`PART I
`
`The Internet and Business
`
`Virtual Private Networks (VPNS) now can provide cost savings of 50 to 75 percent by replacing more
`costly leased lines and remote access servers and reducing equipment and training costs; but they also
`help keep your business network flexible, enabling it to respond faster to changes in business
`partnerships and the marketplace.
`
`As you evaluate your corporate structure for designing a VPN, keep in mind which sites require full-time
`connections and what type of data will cross the VPN, as well as how many telecommuters and mobile
`workers you’ll need to support.
`
`CHAPTER 1
`
`Business on the Internet
`
`Communication is the heart of business. Not only do companies depend on communication to run their
`internal affairs, but they also have to communicate with their suppliers, customers, and markets if they
`expect to stay in business.
`
`In the 90s, the lntemet has become the star of communication. It has captured the imaginations of
`individuals and business owners alike as a new medium for communicating with customers as well as
`business partners. But, the lntemet is a great melting pot of many different technologies. Many of the
`technologies necessary for reliable, secure business quality communications are still in the process of
`being rolled out for routine use. The everyday use of the lntemet for business communication holds great
`promise, but we’ve yet to achieve the plug-and—play stage for many business applications of the Internet.
`
`Today's advances in technology at every level of networking can make it difficult, if not impossible, to
`find a single integrated solution for your business needs. Thus, we find ourselves in the midst of a time in
`which not only are new higher—speed media being introduced for residential and business
`communication, but in which new application environments, such as the Web, not only unify diverse
`services but offer added opportunities such as the new marketing and sales channels found in electronic
`commerce.
`
`The terminology surrounding the lntemet seems to change every day as vendors seek to define new
`market niches and offer their versions of “marketectures.” One aim of this book is to address the
`
`12
`
`

`
`confusion surrounding the technologies that fall under the umbrella term Virtual Private Networks
`(VPNS), providing you with a framework for distinguishing between the different types of VPNS and
`selecting the ones that will meet your business needs.
`
`This book focuses on running VPNS over the Internet. Using the Internet for a Virtual Private Network
`enables you to communicate securely among your offices—wherever they may be located—with greater
`flexibility and at a lower cost than using private networks set up with pre-Internet technologies, such as
`leased lines and modem banks.
`
`This chapter serves as a brief introduction to the structure and capabilities of today’s Internet and how
`the lntemet can be used by businesses to improve their operations. Later chapters will cover the details of
`many of the concepts we introduce here.
`
`The Changing Business Environment
`
`Business today isn’t like it was in the good old days, even if old is only 3-5 years ago. Amidst all the
`downsizing, automation, and increasing numbers of small businesses as well as mega-mergers, one trend
`seems self-evident: Flexibility is the order of the day.
`
`A cornerstone of business flexibility is an adaptable communications network. Well—designed networking
`can help your business deal with many of the changes in current-day business environments~—for
`example, improved customer and partner relations, an increasingly mobile workforce, flattened
`organizational structures, virtual teams, etc. (see Figure 1.1).
`
`Businesses are faced not only with quickly changing projects and markets but also with short-term
`associations with suppliers and other business partners as they attempt to compete. Customers demand
`more-—not just more quality and variety in products but also more information about, and support for, the
`products. As customers demand more, they also can offer more to sellers; smart marketers look to
`increased interactivity with customers to learn more of their needs, leaning towards more individuality
`and treating each customer as a market of one rather than a large number of individuals lumped into a
`single group with average tastes and needs.
`
`I W
`- Ci} —'-'-‘-
`
`FIGURE l.] Changes in today’s business environments.
`
`Even as businesses struggle with these sources and sinks of information, they find their own employees
`dispersed across the planet, trying to get their jobs done in markets that have become increasingly global.
`Businesspersons may well hope that phone calls and videoconferences can make the deal or solve a
`problem, but we're still stuck in a physical world in which face—to—face contacts are valued, useful, and
`often a necessity. Thus, we’re faced with an increasingly mobile workforce, and I’m not referring to
`job-switching (although that happens often enough), just to the number of miles the modem-day worker
`travels to meet business obligations. Yet, amidst all this travel across the planet, each employee needs to
`stay in touch with the home office, wherever it is.
`
`One of the common business trends in the past decade has been a flattening of the business organization,
`
`13
`
`

`
`a move from a hierarchical management structure to one including fewer managers and more interacting
`teams. Flatter organizations, however, require more coordination and communication in order to function
`properly, providing yet another reason for the growth of networks.
`
`In these flatter organizations, it’s not uncommon to see an increasing number of teams formed. These
`teams, which are formed quickly to attack a particular problem and then disbanded, consist of members
`scattered throughout the company, often in more than one country. Much of their work and coordination
`is conducted electronically, transmitted across networks at any and all times of the day. In a global
`business, the sun never sets.
`
`As businesses change, so too must the Information Technology (IT) departments helping to maintain the
`communication infrastructure that’s so important to the company’s success. Three major shifts in
`information technology have occurred during the past few years—from personal computing to
`workgroup computing, from islands of isolated systems to integrated systems, and from intra-enterprise
`computing to inter-enterprise computing. To deal with all these changes and help synchronize the
`organization with business, the IT staff have to maintain flexibility so they can respond to the regular
`order of the day——change.
`
`A primary aim of this book is to illustrate how the Internet and Internet Protocol (IP)-based technologies
`can provide your business with new methods for creating a more flexible and less costly private network
`that better meets today’s business needs. Let’s investigate the Internet a bit before we move on to the
`details of these Intemet-based Virtual Private Networks.
`
`]Previous [Table of Contents ‘Next
`
`14
`
`14
`
`

`
`Building and Managing Virtual Private Networks
`by Dave Kosiur
`Networks Wiley Computer Publishing, John Wiley & Sons, Inc.
`
`‘ ISBN: 0471295264 Pub Date: 09t01t98
`
`{Previous Table of Contents |Next
`
`The Internet
`
`In spite of all the hype and heightened expectations surrounding it, the Internet has truly become one of
`the major technological achievements of this century. Starting out as a simple network connecting four
`computers scattered around the United States, the Internet has become the largest public data network,
`crisscrossing the globe and connecting peoples of all ages, nationalities, and ways of life. Even as it’s
`become a common mode of communication among individuals using computers at home and at the
`workplace, the Internet has become more of a commercial network, offering businesses new forms of
`connectivity, both with other business partners and with their customers.
`
`For all its success, the Internet can be difficult for some to fathom. For instance, the Internet has no
`central governing body that can compel its users to follow a particular procedure. A number of
`organizations deal with different aspects of the lnternet’s governance. For instance, the Internet Society
`(ISOC) helps promote policies and the global connectivity of the Internet, while the Internet Engineering
`Task Force (IETF) is a standards setting body for many of the technical aspects. The World Wide Web
`Consortium (W3C) focuses on standards for the Web and interacts with the IETF in setting standards.
`Addressing and naming of entities on the Internet is important to the functioning of the Internet, and that
`task currently is shared by Network Solutions Inc. and the Internet Assigned Numbers Authority (IANA),
`although the parties involved in this procedure may change before long.
`
`The Internet is a somewhat loose aggregation of networks that work together by virtue of running
`according to a common set of rules, or protocols, the Transfer Control Protocol/Internet Protocol
`(TCP/IP) protocols. These protocols have proven to be an important cornerstone of the lntemet, which
`has evolved in a very open environment guided by a group of selfless, dedicated engineers under the
`guidance of the Internet Architecture Board (IAB), the overseer of the IETF, and a related task force, the
`Internet Research Task Force (IRTF). Despite the proliferation of numerous other networking protocols,
`the TCP/IP protocols have become the preferred means for creating open, extensible networks, both
`within and among businesses as well as for public networking. The seemingly never—ending exponential
`growth of the Internet that started roughly three decades ago is but one proof of the Internet’s popularity
`and flexibility.
`
`The growth of the Internet has been phenomenal by any measure (see Figure 1.2). The Intemet’s
`predecessor, ARPANET, was started in 1969 and connected only four computers at different locations in
`the United States. During the past few years, the number of computers attached to the Internet has been
`doubling annually. According to the survey of Internet domains that’s been run periodically since 198?
`by Network Wizards, more than 30 million computers were connected to the Internet as of February,
`1998. Depending on whom you ask, 50 million users of the Internet may live in the United States alone.
`
`15
`
`

`
`With this growth has come a change in the direction of the Internet. Although the Internet may have
`started out as a network designed primarily for academic research, it's now become a commercialized
`network frequented largely by individuals outside universities and populated by a large number of
`business enterprises.
`
`J ‘II:-Irl Hu-no
`r r.I-.'|.--
`
`-.x--
`um‘!
`Ilr3..Gr-owth of the Intemet.
`
`Business usage of the Internet has grown as well. It’s difficult to measure business-related traffic in any
`reliable coherent fashion. But, one sample indicator of phenomenal growth of business use is the increase
`in the number of computers in what are called .com domain names (reserved for businesses only)-«the
`number of these business-related computers rose from 774,735 in July, 1994, to 8,201.51 1 in August,
`1997.
`
`The Internet’s Infrastructure
`
`The Internet is global in scope and strongly decentralized with no single governing body. The physical
`networks comprising the Internet form a hierarchy (see Figure 1.3) whose top level is composed of the
`high—speed backbone network maintained by MCI (now part of Worldcom); the majority of Internet
`traffic is funnelled onto the backbone through the Network Access PoI'm‘s (NAPS), which are maintained
`by Sprint, Worldcom, and others—these are located in strategic metropolitan areas across the United
`States (see Figure 1.4).
`
`Independently-created national networks set up by PSInet and UUNET, among others, mostly tie into the
`NAPS, but some service providers have made their own arrangements for peering points to help relieve
`some of the load at the NAPS. Lower levels are composed of regional networks, then the individual
`networks found on university campuses, at research organizations, and in businesses.
`
`For most users, the internal structure of the Internet is transparent. They connect to the Internet via their
`Internet Service Provider (ISP) and send e-mail, browse the Web, share files, and connect to other host
`computers on the Intemet without concern for where those other computers are located or how they're
`connected to the Internet. We’ll cover some of the details of tying your internal networks to the Internet
`in the following chapters.
`
`1-u:IanE ‘J'l::
`
`IFICUE if -Ihie Internet hierarchy.
`
`What the Internet Delivers
`
`For a moment, put aside any specific business needs that you may have. Instead, just concentrate on what
`the Internet can offer its users.
`
`16
`
`

`
`The Internet offers its users a wide range of connectivity options, many at low cost. These options range
`from a very high-speed (megabits per second) direct link to the Internet backbone to support data
`exchange or multimedia applications between company sites to the low—end option of using a dial—up
`connection through regular phone lines at speeds of 9,600 to 28,800 bits per seconds.
`
`The near-ubiquity of the Internet makes setting up connections much easier than with any other data
`network. These could be either permanent connections for branch offices or on—the—fly links for your
`mobile workers. While Internet coverage isn’t equal throughout the world, the Internet makes it possible
`to achieve global connectivity at a cost lower than if your business created its own global network.
`
`As mentioned before, the lntemet is built on a series of open protocols. This foundation has made it
`much easier for developers to write networked applications for just about any computing platform,
`promoting a great deal of interoperability. It’s not unusual to find a wide range of Internet applications
`that run on all major operating systems, making your job of offering common networked services easier.
`The World Wide Web has gone even farther by offering developers and content designers alike the
`possibility of working within a single user interface that spans multiple operating systems as well.
`
`I -r
`.'_"I".
`...
`..,
`.
`'
`
`u
`
`.
`,.
`
`l
`
`'.
`
` _.
`
`-
`
`I
`
`_
`_
`
`_
`'
`
`.
`_
`
`-,.
`,
`
`-
`
`u
`
`K
`
`n
`I
`‘
`FIGURE 1.4 Map of U.S. Internet.
`
`The Internet also offers you the opportunity of having a more manageable network. Because you’ve
`outsourced much of the national and global connectivity issues to your Internet Service Provider, you can
`focus more of your attention on other internal network management issues.
`
`Previous [Table of Contents ’Next
`
`17
`
`17
`
`

`
`Building and Managing Virtual Private Networks
`by Dave Kosiur
`Networks Wiley Computer Publishing, John Wiley & Sons, Inc.
`
`‘ ISBN: 0471295264 Pub Date: o9ro1r93
`
`‘Previous Table of Contents |Next
`
`The Internet is not without its shortcomings, however. In many ways, it’s become a victim of its own
`success. For example, the bandwidth available on the Internet backbone and offered by many [SP5 has
`barely been able to keep up with the explosive increase in Internet usage that’s taken place during the
`past few years. That, in tum, has raised some concerns about the reliability of Internet traffic. Brownouts
`and other localized network outages have occurred, but new equipment and policies continue to improve
`the robustness of Internet links.
`
`A related concern has been the Intemet’s capability to handle multimedia traffic, especially real-time
`interactive multimedia. In general, the delays of data transmissions over the Internet make real-time
`multimedia transmissions difficult, but certain ISP networks have been designed with such applications
`in mind, and efforts at improving quality-of-service have started to address the problem. Currently,
`guaranteed performance is restricted by most ISPS to network uptime, but you should expect to see
`minimum delay guarantees offered in the next year or two.
`
`Lastly, and this is an issue we’ll repeatedly address in this book, is the problem of security. Admittedly,
`the majority of data transmitted on the Internet is transmitted in the clear and can be intercepted by
`others. But, methods exist for encrypting data against illegal viewing as well as for preventing
`unauthorized access to private corporate resources, even when they’re linked to the Intemet. Many of the
`reported illegal intrusions into networks are due more to poorly-implemented security policies than to
`any inherent insecurity of the Internet. We’ll see later in this book that robust security is available for
`every aspect of data communications over the Internet.
`
`Using Internet Technology
`
`The lntemet offers business opportunities on what we‘ll call a private level as well as a public level’. The
`public level is where a great deal of attention has been focused over the past few years, as proponents of
`electronic commerce have aimed at the buying and selling of goods and services over the public Internet,
`either to the general public or to other businesses.
`
`But, the private Internet is what this book is all about. Businesses can use the Internet as a means of
`transmitting corporate information privately among their corporate sites, without fear that either hackers
`or the general public will see the information. The plumbing and many of the techniques are the same for
`both the public lntemet and private businesses using the Internet, but the goal differsropen data for
`public access versus protected, private data for businesses. We’ll see in this book that the two goals are
`not contradictory nor are they mutually exclusive.
`
`The fact that these two uses can share many of the same telecommunications resources offers new
`opportunities for business (see Figure 1.5).
`
`18
`
`

`
`Moving private business data on the Internet can also simplify, or at least ease, the setup of more
`business-to-business opportunities. The commonality of the Intemet—its protocols, plumbing, the
`popular Web interface, and so on—make it easier to ensure compatibility between two or more business
`partners (if they’ve embraced the use of the lntemet). If you’re already distributing private business data
`on the lntemet to a select group of employees, it’s not difficult to expand the membership of that select
`group to include a new corporate partner. Today’s techniques make setting up links between new
`business partners a matter of days, if not hours—as long as you’re on the lntemet.
`
`FIGURE 1.5 Using the lntemet for business.
`
`The openness of the TCP/IP protocols and the interoperability that the protocols promote hasn’t escaped
`the attention of the business world. Now we’re seeing not only increased usage of that grand—daddy of
`TCP/IP networks, the lntemet (with a capital 1), but more and more businesses are using TCP/IP to create
`their own corporate networks or intranets, tying together disparate technologies and different types of
`computers into intranets. Now the same applications and expertise that have been used on the Internet
`can be deployed within corporate networks for their own private uses.
`
`It seems only natural that, if your company’s using TCPIIP for its internal networks and if you want to
`communicate with business partners, suppliers, and the like (who are also using TCP/IP), the lntemet can
`become the link between your business and theirs. This underlying concept of extranets means that you
`control access to your computing resources and your business partner does likewise for his resources, but
`you use TCP/IP over the Internet to share common data and increase the efficiency of communications
`between the two of you (see Figure 1.6).
`
`We’ll return to extranets later. The majority of this book is going to focus on another aspect of TCP/IP
`networks for business, using the lntemet to link together a company’s sites and mobile workers into one
`private, secure network. VPNS make secure multisite intranets possible. While intranets primarily focus
`on a set of applications, notably the Web, within a corporate organization, VPNS provide the lower-layer
`network services (or plumbing). Extranets also have a focus on applications that’s similar to that found in
`intranets, but they’re between business partners. VPNS also make extranets easier to implement, because
`the security services offered by VPNs enable you to control access to your corporate resources, and that
`access can include business partners and suppliers.
`
`Internet-based VPNS, the subject of this book, enable you to leverage many of the [ntemet’s inherent
`advantages—global connectivity, distributed resources, and location-independence, for example—to add
`value to your business’s internal operations (see Figure 1.7). Not only can you save money and improve
`connections to international business partners, but you can support more flexible working arrangements,
`both for your employees and business partners.
`
`19
`
`

`
`l_.7
`
`the Intemet’s capabilities to improve business.
`
`Summary
`
`Much of today’s business is focused on information—its creation, analysis, or distribution. This
`preoccupation with information as a source of revenue and competitive advantage not only drives the
`exchange of information between workers and teams within a company but also drives the exchange of
`information between business partners as well as between businesses and their customers.
`
`Today’s accompanying focus on computers and things digital dovetails nicely with the demand for more
`and more information. Digital information is so much easier to obtain and distribute via electronic means
`that networks are becoming both the circulatory and nervous systems of the business world.
`
`While private networks have long proven their usefulness in many corporate environments, the
`current-day trend to obtain information from a multitude of sources, many of them outside the corporate
`walls, has business managers and network architects alike looking for ways to tie together their internal
`private electronic networks with external, more public ones.
`
`The l.nternet offers businesses the means to improve communications not only with their customers and
`business partners but also with