Virtual Private Networks What is a VPN? Data Security IPsec Quality of Service for VPNs A Major Breakthrough for VPNs

What Is A VPN? A VPN (Virtual Private Network) is a private connection between two or more machines that sends private data traffic over a shared or public network. This technology enables organizations to extend their network to branch offices and remote users by creating a private WAN via the Internet.

Data Security And QoS Because VPNs rely on the public Internet as a delivery mechanism, network managers must address two key issues: data security and Quality of Service (QoS). It has been stated that resolving these two issues together has been like trying to mix oil and water.

VPNs And The Data Security Issue Security is a huge concern on VPNs because enterprise data must regularly pass through the public Internet, where data can easily be intercepted and potentially misused. To secure enterprise data, VPNs rely on data encryption. Encryption protocols are used to encode data prior to delivery across the VPN, and to decode the data at the receiving end.

VPNs And The Data Security Issue (cont’d) The most commonly used standard for secure Internet communications is Internet Protocol Security (IPSec). IPsec is a developing standard for security at the network or packet processing layer of network communication. Through widespread adoption of the IPSec standard, and the growing prevalence of desktop-based encryption, the issue of data security on VPNs has largely been solved.

IPsec (Internet Protocol Security) IPsec provides two choices of security service: Authentication Header, which essentially allows authentication of the sender of data, and Encapsulating Security Payload, which supports both authentication of the sender and encryption of data as well. The specific information associated with each of these services is inserted into the packet in a header that follows the IP packet header.

Quality Of Service For VPNs The next challenge facing VPN managers is Quality of Service (QoS). Managers have turned to QoS solutions in an attempt to solve this dilemma, starting with traditional hardware devices.

Traditional QoS Solutions for VPNs The biggest drawback to traditional QoS is its inability to prioritize encrypted packets, making it virtually unusable in VPN environments. Traditional QoS relies on the use of individual IP packet fields to differentiate and prioritize packets. IPSec and other encryption technologies protect data by making most of the IP packet fields unreadable.

A Major Breakthrough For VPNs By controlling traffic at the application level, prior to IPSec packet encryption, Centerwise, a client-side approach software packaged developed by Centricity Software, completely avoids the issue of having to prioritize encrypted packets. Instead of looking at individual packets, Centerwise controls the flow of applications at the desktop, where traffic originates.

A Major Breakthrough For VPNs (cont’d) Centerwise Agents running at the desktop interact with applications directly, providing virtual session-layer control and ensuring the proper allocation of resources to users and applications. To determine the resource allocations for each traffic flow, Agents rely on policy instructions from the Centerwise Control Point (CP).

A Major Breakthrough For VPNs (cont’d) The CP works dynamically and automatically-24/7-to provide a smooth, even distribution of resources, and allows network managers to easily establish higher priorities for key users and applications.

Conclusion The appeal of a VPN is the global presence of the Internet. Communication links can be made quickly, cheaply, and safely across the world. With Centerwise, VPN managers no longer need to worry about how to prioritize encrypted traffic at a router or appliance. Traffic is prioritized at the desktop before it reaches the network layer and IPSec encryption, and applications are then ready for secure and reliable delivery across the VPN.

Centerwise Centerwise is a client-side approach software package designed to bolster application performance and lighten the load of network managers by moving bandwidth management from the network to the desktop. Centerwise runs on Windows 95, 98, NT and 2000 machines. It can support up to 20,000 end users, with upgrades. Branch office editions start at $5,000, and enterprise editions from $25,000.