Online extra | VPNs, literally speaking
- By David Essex
- May 25, 2006
Looking to help an agency implement a virtual private network? Experts recommend the following considerations when answering a request for proposals:
- Get a list of applications, operating systems and client hardware that the agency needs. Claims of application compatibility can exceed reality, and some software runs too slowly. Ask vendors what methods they use to ensure interoperability with applications.
- Get the numbers that will tell if a VPN can handle the customer's expected workload: concurrent users and throughput in megabits per second (Mbps).
- Be sure VPN supports authentication protocols. If an upgrade is necessary down the road, look for VPN support of strong authentication technologies, such as RSA's SecurID.
- Make sure VPN supports IPv6, is upgradeable through software or works with a separate network box that handles translations with the more widely available protocol IPv4.
- Ask about a product's ability to support multimedia applications, especially multicast video, which goes out simultaneously to multiple remote users.
- Make sure a router or switch has enough spare slots for the VPN cards needed to handle both internal and external networks.
- Voice over IP is best run on VPN devices that explicitly support quality-of-service features, such as prioritization of voice traffic. Network latency times on VPNs should not exceed voice over Internet protocol latency requirements. Also, look for bi-directional network connections: PBXs need it to furnish features such as callback to IP-based "soft" phones that run on desktop PCs.
- Don't take Web browser compatibility for granted. Some VPNs are only guaranteed to work with Microsoft's Internet Explorer and have limited support for alternatives such as Mozilla Firefox and Netscape.
- Ensure compatibility with desktop security suites, which are notoriously quirky about accommodating new, networked applications over the Internet. Users might be unable to run the VPN, or worse, they might open security breaches by shutting off firewalls or anti-virus programs to get the VPN to run.
- Prepare a detailed breakdown of the security features of a VPN appliance itself. Address how it's hardened against attacks and how it discovers and remedies vulnerabilities.