Telecommuters herald the growth of VPNs, but there are still some growing pains.
Imagine one of those horribly busy days at work: e-mail inbox filling faster than it can be emptied, a forgotten presentation due in a few hours, and a need to jump from file to file, application to application, just to knock one more thing off the to-do list. Now imagine you’re doing this with a cat curled up around your ankles in an office designed to meet your personal tastes and with a view of your own backyard. The work doesn’t seem so hellish anymore, does it? The introduction of the virtual private network (VPN) has been a boon to telecommuters, who find they can work at home and be just as productive as they would at the office. Sometimes they can actually work even harder, without the distractions of a ringing phone or Joyce from down the hall talking about her weekend.
With companies becoming more budget-conscious, and employees yearning to spend more time with family, VPN adoption has been booming. Infonetics Research put 2001 VPN hardware revenues at $1.3 billion, and projected that the figure would rise to $2.9 billion by 2005. Employee demand is part of the reason that the VPN market is growing, even as a downturn in the network industry looms. Research firm IDC noted that since 9/11, telecommuting has increased. The company estimates that the number of mobile professionals will grow from 15.9 million in 2001 to 21 million in 2006.
As businesses race to expand networking capability, however, they’re finding that the technology isn’t perfect. Although the benefits appear to trump the obstacles, VPNs are still undergoing growing pains, leaving administrators and users sometimes scrambling to adjust.
Making a connection
The way VPNs work is actually fairly simple compared to some networking technologies. The technology sets up tunnels between end-user sites through the Internet. Many companies prefer a DIY approach, and vendors like Microsoft foster that mentality by including standard VPN software in operating systems. This allows IT pros to set up remote access or site-to-site systems that can either connect teleworkers to the corporate network or add remote offices to the enterprise network without the cost of private lines or frame relay. VPN client software in the employee’s PC cooperates with a VPN gateway, which in turn uses a router to steer traffic to the corporate LAN.
VPNs are growing rapidly because companies find that they can utilize the home Internet access that many employees already have. Creating wide area networks like is was much cheaper and easier than dealing with dedicated leased lines. Users switch from dial-up to cable or DSL, it works even better for their companies.
Scott Jones, product manager for Novell’s VPN security software, BorderManager, says the value to companies that use VPNs is well established, and that networking changes effectively helped to secure the technology.
“Prior to VPN, most people who wanted secure remote access would have a bank of modems, or they’d have to throw providers lots of money,” Jones says. “This ensured a controlled path. But with the advent of VPNs, companies got Internet connections, their employees had their own connections, and they could leverage that existing infrastructure. It solved the remote access problem.”
It may have removed one problem, but others cropped up. Most noticeably, just last year cable companies were charging a different rate for VPN service than they did for standard cable service, even though there was little change in what the user received. In some cases, the charge was much higher, sometimes approaching three times the rate of consumer prices.
With the ISP shakeout, such rate fluctuations may become a thing of the past, however, as cable companies work to keep hold of corporate customers.
Pete Davis, product manager for remote access product lines at Cisco, says, “ISPs would love to charge more for people using VPN, but really, you can’t blame them. Wouldn’t you rather make $200 a month rather than $50 for the same service? But the reality is that people have realized that consumer-grade service is fine for a VPN, and most ISPs have stopped adopting that two-rate system as a strategy.”
With the freshly lowered cost of connection, many companies have forged ahead in the past year to implement VPNs, trying to keep IT budgets trim, give employees quick access, and protect the corporate server from busybodies and marauders.
Plugging in to problems
When several key employees at Brainlink moved out of town, the New York City-based application development firm decided that they didn’t want to replace them. Installing a VPN seemed a perfect solution, although not always an easy one.
“When we looked at VPNs two years ago, the market was still in flux,” says Raj Goel, chief technology officer. “Everyone charged atrociously high prices, and so we decided to roll out our own.” Brainlink decided to redo its networks, building a VPN into the new architecture. After three tries, the tech staff was finally happy with the results.
“For everything we got right, we got something else wrong,” says Goel. “I still haven’t found a seamless VPN. Despite what a vendor will tell you, every VPN product has some ugly wart that makes it less than transparent.”
With an extremely limited budget, the company decided to use some freeware, a couple of low-end PCs, and a lot of experimentation. Goel says setting up such a “play space” allowed them to fool around with networking alternatives without getting bogged down in a single vendor’s solution. After learning the intricacies of the VPN world, Brainlink eventually went with a commercial product, adopting Cisco’s VPN architecture. Even though they’re happy with the decision, Goel still favors the experimental approach.
“VPNs are not standard products,” he says. “They’re still a fairly young, a lot of changes are still happening.”
One change is the time it takes to implement, and the ability to do so over a variety of operating systems. Gregory Talmo, network coordinator for the Minneapolis-based Breck School, had to roll out a VPN for 140 users, most of them teachers, in the scant few summer months. The fact that Breck is Macintosh-based may have given other network gurus pause, but Talmo says it wasn’t a problem combining Cisco with Apple.
The only stumbling block, he says, was that staff members are on different operating systems, both on OS9 and OS X. “That largely limited our choices,” Talmo says. “We could have waited [for OS X 10.2], but we would have been dealing with a beta product.”
OS X10.2 has built-in VPN capacity, thus bringing Apple in line with the Windows VPN world.
Another area witnessing enormous changes in the VPN field is security, which has been beefed up at a brisk rate. Although most VPN software comes with a firewall, that often isn’t enough to protect an enterprise-wide network. One solution is creating a split firewall, with one barrier at the company and the other at the telecommuter’s home. This isolates the employee’s device from others on the network.
A more common strategy, however, is to implement some heavy-duty authentication solutions. A host of security companies, from consultants to biometric device manufacturers, are targeting VPN technology to provide multiple levels of security.
“There are different levels of security control,” says Dore Rosenblum, vice president of marketing for Filanet, a Sunnyvale, Calif.-based VPN security device maker. “Right now, it’s much more difficult to crack a VPN than in the past, given the appliances that companies are using.”
Sometimes, however, a lot of security can be just a little too much. “There can be some overkill,” Rosenblum says. “Sometimes security can get in the way. An example is biometrics; if you scratch your finger, it might not recognize your fingerprint. So, you can go to unlimited ends, and yes, it will safeguard things a little more when you put those things in place, but at the end of the day, it adds a lot more complexity.”
Wireless access can present its own headaches to an IT department. Some attention has been given to incidents in which hackers break into a system simply by using a laptop and a wireless card, cracking a corporate network from a company’s parking lot. Even with a greater focus on wireless-system breaches, many people may not think that popping onto a corporate network from an unsecured laptop is such a high risk.
Rosenblum says: “I would guess the majority of small and medium businesses, and home users, have no idea how they’re opening themselves up. I would expect someone who is looking to implement VPN security would understand some of the security exposures, but it’s just now emerging as an issue.”
Those who might lay the network open for exposure are, of course, the telecommuters who happily log on and go through the authentication procedures, secure in the knowledge that all is well. But it’s not always the end-user who might stumble into shaky security.
Mark Merkow, author of “Virtual Private Networks for Dummies” (Wiley), notes that IT management needs to spend time locking networks down. He says, “Novice and amateur system administrators don’t tend to understand the rigor necessary to maintain security, which often leads to compromises that, if not caught and remedied, lead to a false sense of security.”
Then, too, there is the third player: the machine. “Interoperability between devices of different manufacturers could lead to an inability to communicate,” says Merkow. “If one vendor’s implementation of IPSec, for example, differs from another vendor’s implementation, the cryptology is not likely to operate as intended and troubleshooting becomes next to impossible.”
Hits, despite errors
Beyond security issues, VPNs also present other troubleshooting concerns, but some have nothing to do with the software, the devices, or the implementation. Sometimes, it’s all about the user.
After Raleigh, N.C.-based Tangram Enterprise Solutions rolled out its own VPN, IT staffers were delighted with how their Linux box acted as its own VPN server, running free open source software to communicate with Windows workstations. The difficulty they found was entirely human-based.
“I would say that part of the problem for us is managing expectations,” says John Charnovich, the company’s CIO. “When we moved to a VPN, some users thought that it would automatically improve performance, but some of them still had dial-up access at their locations, whereas other folks had fast access capabilities.”
The result, he notes, was uneven performance that wasn’t necessarily connected to the VPN, but was perceived to be. Other times, an ISP would drop the connection and tech support would get a call from users assuming that the glitch was on Tangram’s end.
Still, Charnovich says, he wouldn’t go back. “With the VPN technology available today, it would almost be silly not to use it.”
Most companies are trying to prove they aren’t that silly. Despite the minor obstacles that VPNs present-device and software incompatibility, ISP issues, user training needs, and security concerns-the technology is allowing telecommuters to connect with their offices in a way they never have before. Beyond mere e-mail checking and Web surfing, VPNs can zoom teleworkers right to their virtual desktops and keep them connected in speed and style. As of yet, there’s no way to replicate the experience of hearing about Joyce’s weekend or of listening to the manic buzz of phones in multiple cubicles, but perhaps that, too, is a good thing.