Factors to consider with a managed S2S VPN
In a recent SearchSecurity webcast, speaker Lisa Phifer, vice president and
owner of consulting firm Core Competence, addressed technological developments
in virtual private networks. Here Lisa answers a user-submitted question that
she didn't have time to answer during the broadcast. If you missed our webcast
New directions in VPNs or would like to review it, you may listen to the
recorded webcast on-demand or download the presentation without audio.
My company is rolling out a managed S2S VPN, replacing the existing Frame Relay.
What are the "gotchas" or things that providers should provide?
Either MPLS or IPsec can be used to create a site-to-site VPN that replaces a
private Frame Relay VPN. An MPLS-based managed VPN service is functionally
closer to your existing Frame Relay service and will probably include direct
control over quality-of-service metrics that you're used to controlling with FR.
An IPsec-based managed VPN service usually focuses more on securing traffic over
the public network and less on performance characteristics, so look carefully at
QoS metrics and service-level agreements.
You'll also want to consider the location of VPN endpoints. MPLS managed
services are often network-based services, where the managed service really
starts at the edge of your provider's network. Some IPsec managed services are
network-based, but most are based on customer premises equipment (CPE) deployed
at the edge of your own network. CPE installation and configuration can raise
cost, but provide security all the way to your site and can give you more direct
control over VPN access to your network. Some providers also offer hybrid
services with IPsec on the first hop and MPLS over the core.
To learn more about service characteristics, take a look at the S2S
VPN table in
my 2003 MSSP Survey for ISP-Planet.
--------------------------------------------------------------------------------
MORE INFORMATION ON VPNs:
Visit our Featured Topic, VPNs: IPsec vs. SSL, for an overview of VPN
technologies.
Lisa Phifer helps clear up VPN misconceptions in this tip, VPN fast facts: True
or False?
Browse through our collection of Best Web Links on VPNs for more resources on
the Web