Tolly's Column: Avoiding VPN paralysis

It would be hard to find a network manager uninterested in virtual private networks, and it would be equally difficult to find a common definition of VPNs that net managers can all agree upon. It is not just a semantic issue. Vendors far and wide have recognised the power of the term "VPN" and, rightly or wrongly, seem to christen everything having to do with Internet transport as being a VPN product or service.

It is easy to understand the marketing motivation behind this activity. Not since the magical words "frame relay" came on the scene in the early 1990s have WAN equipment and service providers had a buzzword that engendered universally positive responses.

At the rate we're going, before long there will be few WAN products that are not tagged with the VPN moniker. Because of this, potential customers may easily come down with a case of what I call "VPN paralysis". Until they can figure out exactly what is going on in the market, they may choose to delay acquisition and implementation.

It would be too harsh to blame all cases of VPN paralysis on vendors because, by nature, VPNs are somewhat more confusing than dedicated private networking. As proof, one need only examine what should be the most straightforward implementation of VPN technology, the Microsoft VPN client, to realise the potential confusion associated with the technology.

With the Microsoft package, after dialling a real phone number to connect to your real ISP, you use the same procedure to dial a second connection. The second number you dial, though, isn't a phone number at all but an IP address. And even though the message says you are dialling, you aren't actually dialling the second number (because it isn't a phone number). Finally, what you are connecting to isn't another service provider but a Microsoft VPN tunnel server -- that doesn't even have a modem connected to it -- sitting between the Internet and your corporate network. Got it?

And just in case the user has failed to notice the "double networking" that is taking place, he now has not one but two modem connection icons flashing away on the status bar. And this is only what the end user sees. Just imagine what it takes for the systems manager to configure this.

Tolly is president of The Tolly Group, a strategic consulting and independent testing organisation in Manasquan, New Jersey. He can be reached ktolly@tolly.com or http://www.tolly.com

Join the newsletter!

Error: Please check your email address.

More about MicrosoftTolly Group

Show Comments