The following aspects of a VPN must be maintained on an ongoing basis in order for the solution to scale and adapt to ever-increasing security requirements for enterprise traffic. Before deploying a VPN solution, be sure to address how your organization will handle the following concerns:
End-user support
You will need to have the ability to add users to the database and the ability to support a certain number of concurrent user sessions. Limitations in either of these areas can cause limitations in the overall system. In addition, processes must be built in order to automate the addition of end users to the system as efficiently as possible. You do not want to be the single point of contact for adding users because this can create security breaches and limit the number of users that can be efficiently added.
Tunnel architecture
A proliferation of tunnels is required to support the connectivity needs of the enterprise.
Requires Free Membership to View
SearchEnterpriseWAN.com members gain immediate and unlimited access to breaking industry news, best practices for designing and managing Wide Area Networks, WAN Security, and more -- all at no cost. Join me on SearchEnterpriseWAN.com today!
Kate Gerwig, Editorial Director
Most VPN platforms claim support for a finite number of tunnels, but there can be performance degradation before those limits are reached. More important is the topology of the tunnels as it relates to site-to-site traffic. Tunnel topology will affect your ability to troubleshoot problems on the VPN -- the more tunnels, the more paths the traffic has to take. Build the tunnel topology to meet actual traffic patterns.
Key management
Managing keys can be a tremendous burden because keys must not only be generated and distributed but stored in a secure fashion. In many cases, this can require a dedicated resource.
Maintenance
You must be prepared to handle the hardware and software maintenance of the VPN platform itself. Can the system be upgraded without causing a service outage? Does the system require patches to support new features and capabilities? Who will be responsible for ongoing maintenance of the platform?
All of these areas can influence the cost, resources and time it takes to keep the system up and running. These should be factors that are considered on the front end prior to purchasing a solution, and processes should be built into the operational environment to address these on an ongoing basis.
About the author:
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has more than 10 years of experience providing strategic, business and technical consulting services. Robbie lives in Atlanta and is a graduate of Clemson University. His background includes positions as a principal architect at International Network Services, Lucent, Frontway and Callisma.
This was first published in July 2006