Overviews of the VPN technologies
A VPN is a service that offers secure, reliable connectivity over a shared public network infrastructure such as the Internet.
VPNs maintain the same security and management policies as a private network. They are the most cost effective method of establishing a virtual point-to-point connection between remote users and an enterprise customer's network. There are three main types of VPNs.
* Access VPNs—
Provide remote access to an enterprise customer's intranet or extranet over a shared infrastructure. Access VPNs use analog, dial, ISDN, digital subscriber line (DSL), mobile IP, and cable technologies to securely connect mobile users, telecommuters, and branch offices.
* Intranet VPNs—
Link enterprise customer headquarters, remote offices, and branch offices to an internal network over a shared infrastructure using dedicated connections. Intranet VPNs differ from extranet VPNs in that they allow access only to the enterprise customer's employees.
* Extranet VPNs—
Link outside customers, suppliers, partners, or communities of interest to an enterprise customer's network over a shared infrastructure using dedicated connections. Extranet VPNs differ from intranet VPNs in that they allow access to users outside the enterprise.
LIST OF HARDWARE AND SOFTWARE FOR VPN (NEED SOFTWARE INFORMATION)
Regardless of which VPN model is chosen, hardware exists to be managed. In addition to the hardware PC, there must be CPE equipment to terminate the DSL, cable, ISDN, or other broadband connection. In some cases, this is simply a modem that connects the broadband service to the telecommuter's PC, while in other cases it could be a combination of equipment including a router, hub, wireless access point, firewall, or VPN appliance. Like most large scale technology deployments, standardization is critical to maintaining adequate support levels. Driving standardization becomes a difficult challenge, because typically, each of the disparate “last mile providers” will have their own CPE standards which may or may not match others. In the DSL or cable provider world, each provider (BellSouth, Verizon, Cox, RoadRunner, et al) has deployed their own broadband network equipment and selected CPE that is compatible with them. From a support perspective, managing all the different CPE devices and understanding their configuration utilities to set up filters, firewalls, access lists and provide upgrades can be a challenging proposition. Moreover, if VPN appliances, wireless access points, or hubs to connect multiple PCs are deployed, the telecommuter can quickly amass a stack of equipment complete with patch cords, power supplies, etc. that could result in an unsafe, unreliable, or overheated environment.
First Fixed Release
Cisco VPN 3000 Concentrator family
all versions earlier than 4.1.7G
4.1.7G - available now on CCO (includes fixes for CSCeg00323 and CSCsb38075)
Cisco VPN 3000 Concentrator family
4.7.2 - available now on CCO (includes fixes for CSCeg00323 and CSCsb38075)
SCHEDULE OF IMPLEMENTATION FOR THE VPN
Detailed technical and operational planning is critical to the success of any telecommuter program. Poor planning can not only result in frustrated users, but could also compromise business computing resources. The “technology bundle” that telecommuters will use to work remotely includes hardware such as computers, phones, modems and printers as well as software such as operating systems, applications, firewalls, security keys, backup software and diagnosis tools. The heart of the telecommuting technology “bundle” is the VPN or Virtual Private Network. The VPN is comprised of all the hardware and software required to gain authorized access to the corporate network. It can include security tokens, phonebook/dialer software, hardware or software-based data encryption, shared authentication keys and preconfigured “tunnel” paths to authorization servers. Careful consideration must be given to architecting security, designing access methods, establishing hardware and software standards and planning for ongoing upgrades/patches/bug fixes. Companies may seek outsourced vendors and technology partners to assist with the planning, deployment and operation of the project. Select a partner that has a track record of implementing a successful telecommuting program and has outlined best practices procedures to help navigate the myriad of challenges.
Telecommuting technologies are largely transparent to the user, so the ultimate gauge of each telecommuter's satisfaction is the user experience. Plan for a single, integrated VPN and Dialer graphical user interface (GUI) that makes establishing a secure connection seamless. Maintain the same front end whether the telecommuter is using dial-up, broadband, the office LAN, etc. Be sure the front end is smart enough to present the same look and feel irrespective of access method. It should also include all the firewall, digital certificate, virus protection and other embedded software in the background so the telecommuter does not have to manually launch or configure each individually.
The challenge of balancing supportability and standardization with the economics of leveraging existing equipment is a difficult one. Some sample considerations are:
• Issuing new preconfigured PCs for maximum standardization and minimum support costs vs. reloading existing PCs with new VPN and application software to minimize capital expenditures
• Distributing VPN and application software on CDs or via email for telecommuters to self-install on their existing computers vs. having the IS or help desk staff install all of the software
Successful planning will make provisions to accommodate all of these situations and work to find the proper balance between “standardization & control” and “user satisfaction and budget.”
Supporting and maintaining a group of telecommuters, even with the best training and planning, can be difficult. Questions which would normally arise in the office and would probably be handled by asking a coworker are now the sole responsibility of technical support. Since telecommuters are usually physically isolated from other workers, their workflow is very dependent on the proper functioning of their “technology bundle,” and responsive technical support. Studies show that telecommuters tend to work longer hours, usually well into the evening when most traditional office workers have gone home. CIOs have the challenge of deciding the window for technical support (i.e. limit to normal business hours or extend the hours). Most telecommuters prefer a centralized, single point of contact support model. Telecommuters then articulate the problem once to a sole contact who then either remedies the issue or draws from additional resources. A hardware failure can cause a telecommuter to become completely inoperable until a repair can be accommodated. For speed to repair, consider instituting a mandatory data backup policy and if possible, install automated, unattended backup software on the telecommuter's PC. Consider keeping a minimum level of “hot spares” (including PCs, cable/DSL modems, routers, VPN appliances, etc.) preconfigured and kept on hand at the help desk for fast shipment to the telecommuter or choose a service provider that offers this type of CPE maintenance. The volume of calls and occasional need to make an “onsite visit” to assist a telecommuter has inspired many companies to outsource this function to either their telecommuting service provider or to a technical support company who has remote field agents. Whether choosing to insource or outsource the support function, it is important to implement adequate troubleshooting tools and repair processes to keep telecommuters productive. Technical support experts should be maintained in the following categories: hardware repair, application software support, telecom & network support and provisioning/install–deinstall. In addition, a well defined escalation path within the in-house IT department and outsourced partners should be provided for a seamless customer service experience. In addition to “reactive”' support to address telecommuter requests for assistance, many CIOs are embracing a proactive management and monitoring philosophy for the VPN network (similar to the way corporate LAN and WAN networks are managed.) To minimize outages and telecommuter problems, plan to extend WAN management tools to monitor the endpoints of the telecommuter broadband connections and measure uptime and performance. Some VPN service providers offer portals into their management systems so the
VPN endpoints (and corresponding SLAs) can be monitored. Deploying the VPN service to the telecommuter community is just part of the process. Depending on the complexity of the VPN, there are numerous hardware, software and firmware components provided by vendors that continually release upgrades, patches, fixes and enhancements. Each discrete vendor upgrade/patch release must be evaluated on its own merits and then evaluated within the interoperability context of the “technology bundle.” This is the only way to insure that the telecommuter will successfully connect to the resources he or she requires. VPN Service Providers that offer CPE Management will maintain records of each user's hardware, firmware and configuration. They will automatically provide these upgrades/patches transparent to the end-user.
RESPONSIBILITIES AND LEVEL OF SERVICE REQUIRED FROM AN ISP
To implement the successful VPN in this company, the role, responsibility and the level of services is required from the ISP. The ISP, the internet service provider is important because all of the online systems are dependent to the ISP. They offer the internet services for the whole country. Our company is set up as an apex Development Bank with a mandate for facilitating credit flow for promotion and development of agriculture, small scale industries, and cottage and village industries, handcrafts and other rural crafts. It also has the mandate to support all other allied economic activities in rural areas, promote integrated and sustainable rural development and secure prosperity of rural areas. These kinds of requirement for the company, we implement the effective network installation. Among them to secure for our network, we implement the bank VPN.
For more secure the VPN of our company, we must help from the ISP. The internet service provider (ISP) plays an important role in this process. If we do not have any help from the ISP, we can't run and implement the bank online and VPN. For the running of the bank online with the VPN, the internet services are essential requirements for our company. So the connection from ISP is not convenience, we can't run the system successfully. For our country, the Myanmar ISP is responsible all of the services such as (internet, telephone and other electrical communication). This online bank is for the development of the rural areas, so the ISP services must includes for more future of the rural areas.