Chapter 8: Architecture

Chapter 8: Architecture

Overview

As you?d expect, the architecture of a VPN is determined primarily by what you want the VPN to do. A VPN to serve road warriors will have one set of design requirements, while a VPN connecting two LANs will have another. A VPN extranet will have different requirements from a VPN intranet with respect to security. A VPN that is outsourced, with the work being done by a network service provider, mandates one type of design, while a LAN implemented in-house imposes different constraints.

In terms of physical architecture, the primary issue in all of these scenarios is where the VPN begins and ends; the tunneled, encrypted connection can terminate outside or inside the firewall, for example, or at the firewall itself. If the VPN is outsourced to a network service provider, it may terminate at the service provider?s POP. While the most popular protocols are fairly fexible, even the choice of protocol can infuence where the VPN terminates, as we?ve seen in our discussion of Secure SHell and SOCKS v.5.

VPN functions can be implemented in routers and switches; in firewalls; in dedicated boxes that do nothing but authentication, tunneling, and encryption/decryption for the VPN; and in workstations and laptops. A standalone box can be built specifically for that purpose, with the programming hardwired into the hardware and special chips handling encryption and decryption, or it can be a generic computer, with the VPN functions handled by software installed on the machine.

8.1...

< Previous Excerpt Next Excerpt >

Purchase This Book

Virtual Private Networks: Making the Right Connection

TABLE OF CONTENTS

Chapter 8: Architecture

Contact Preferences

This is embarrasing...

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

This is embarrasing...