Offering higher encryption standards and added security features, hardware VPN devices are also becoming more dynamic in nature.
Accessing the corporate network no longer requires your physical presence at the office. You can relax in the comfort of your home, or in a browsing centre, and use an Internet connection with a virtual private network (VPN) solution to access the corporate network. Though market offerings include both software and hardware VPN solutions, hardware solutions offer more security, performance and flexibility than their software counterparts. Hardware VPNs are also the ideal solution for connecting two Local Area Networks (LAN).
Hardware VPN appliances integrate authentication, encryption, a hardware firewall and other VPN functions into a single package. These appliances can be easily managed through a Web browser interface. They also include load-balancing features, and can handle large client loads. Designed for permanent connectivity, these appliances allow many client devices—PCs or Internet phones, for example—to connect to a remote network over the VPN.
Hardware-based Internet Protocol (IP) VPN concentrators use high-performance cryptography engines to establish secure VPN tunnels over the public Internet. They use dedicated onboard hardware to ensure that the processing demands of the encryption used do not affect VPN throughput. (Throughput is the amount of digital data delivered per unit of time, to a certain terminal in a network.) Industry-standard encryption algorithms like Data Encryption standard (DES), 3DES and the Advanced Encryption Standard (AES) ensure that data is kept secure while in transit over the Internet. Due to the assistance provided by hardware, simultaneous services are now possible without performance degradation. As Shubhomoy Biswas, country manager—India, SonicWall, says, “Since hardware VPNs are hardware-to-hardware based, they are more secure, have better performance, and from some perspectives are more flexible since only the routers have to know about the VPN; individual computers do not. As such, all computers behind the routers are on the VPN. Basically, it connects two LANs together into one LAN through the VPN tunnel. In most cases, intermediary Internet routers are not aware of the VPN and so do not get in the way like they do with software VPNs.”
Easy and fast deployment
Hardware VPN devices provide fast and easy deployment, along with scalability to thousands of sites. Deployments are easy and secure because policy and configuration are pushed from the central site. A hardware VPN solution is designed for permanent connectivity and allows more than one device to use the VPN—more than one PC, for instance, or Internet phones
Traditional hardware VPN gateways did not offer much security. While they maintained privacy by sending information over the Internet via an encrypted tunnel, the system was insecure since it was open to threats from the site or computer at the other end of the tunnel. Remote users could unwittingly provide a gateway for viruses, worms, Trojans and other threats to enter the corporate network. New-generation hardware VPN concentrators use an Intrusion Prevention System (IPS)-based threat suppression engine to perform high-speed analysis of all traffic within the VPN. This helps to enforce usage policies, and offers proactive real-time protection against threats.
The IPS continually cleanses the network at each layer, checking both Internet and intranet traffic, eradicating threats and helping to prevent bandwidth hijacking and malicious traffic. This includes spyware, worms, viruses, Trojans, phishing attempts, security threats faced by VoIP, application anomalies and vulnerabilities. The latest VPN appliances support integrated network security, including virus protection, intrusion prevention, anti-spyware and content filtering.
Better performance and MPLS solutions
As organisations implement converged applications like VoIP, streaming media, collaboration tools and more, VPN connectivity needs to meet the demands of these bandwidth-hungry and time-sensitive new applications. Bandwidth shaping, Quality of Service (QoS) and support of multi-cast streams within the VPN tunnel have therefore become essential functions that are ably supported by new-generation hardware.
High-availability enhancements are also incorporated into the latest VPN devices, providing a simplified network design, and reduced configuration complexity on remote peers—especially with respect to defining gateway lists.
Another innovation in VPN technology is the incorporation of Multi-Protocol Label Switching (MPLS)-based Layer 3 VPNs, enabling scalable personalised IP services at the network edge and better operational efficiency. Juniper and Cisco have developed MPLS-based Layer3 VPNs. “Our 7600 series has integrated high-density Ethernet switching, carrier-class IP/MPLS routing, and 10-Gbps interfaces, benefiting enterprises and helping enable service providers to deliver both consumer and business services over a single converged Carrier Ethernet network,” says Ravi Khanchandani, country manager, systems engineering, ITS, Cisco India.
Static set-ups give way to dynamic ones
Dynamic multipoint VPNs are a new development in IPSec VPNs. “Earlier, we used to define VPN endpoints. You have the source and the destination, and these should be defined to establish a VPN tunnel. Now, more ingredients are incorporated into the devices so the device itself can identify the source and destination. It reduces the configuration requirements and makes the device dynamic,” says Prasad Babu, country manager, Juniper India. New-generation IPSec VPN devices showcase higher performance, and their capacity has increased to multiple gigabits.
Looking to the future
The innovations are unceasing. Newer technology will continue to make VPNs even more flexible. “IP VPNs will remain a popular solution to providing Internet-based remote access. MPLS-based Layer 3 VPNs have already begun to replace traditional leased lines and frame-relay lines. Standalone IP VPN concentrators have become less popular, while multi-function security appliances that include IP VPN features have become more typical,” says Matt Walmsley, product marketing director, Asia Pacific, 3Com.
Manufacturers are striving to deliver appliances that combine security with high performance levels. “The next-generation VPN product will be expected to perform all types of compliance, be it a disaster-recovery tool, support for mobile phones, and secure Wi-Fi networks, apart from providing remote access, which is the basic requirement of a VPN,” says Ajay Kumar, country manager, Avantail.
What’s more, devices in the offing may soon be able to connect more than 5000 users, using a single platform—all without compromising on performance and security, thanks to constant innovation and development.