AceCP is a provider of
Enterprise Content Management
Services and Knowledge.
What is a Virtual Private Network (VPN)?
by Robert Kraai 01/07/2011
VPN or Virtual Private Network is a method of creating a tunnel through the public Internet between two nodes or locations such that each node operates as if it is on the same network as the other node. A node might be a computer, a router, a smart phone, or any piece of hardware that can connect to a network.
Some Nodes may have the ability to create a VPN as a part of their standard operating system (like routers and many smart phones). Other nodes may have some capability, but need additional software installed for different types of VPN (like Windows or Linux based computers). In many cases, the VPN software provider has a special program to install on the local computer in order to allow it to create the tunnel. Examples of this are the Cisco VPN client (installed over the web or through a setup program on Windows) and the Juniper Networks client (typically installed over the web).
The key goal of VPNs is to create secure communication between two or more different physical locations. If you have employees or consultants that are working outside of the office (such as from home or from another city), then they can have access to the organization's computer assets and applications without having to travel to a company location. An organization that is spread across town or across the globe can set up high speed VPNs between offices such that employees from one office have exactly the same access to the network as employees from another office.
The picture above represents some general uses of a VPN. In this case, there is a Router in the Kansas City office that has the capability of accepting VPN connections. Someone has logged in from home, someone from their smart phone, and the Chicago Office has a more permanent connection made through their own VPN enabled router. A connection may be predetermined from a predetermined location (like Chicago-Kansas City), or it may be on demand from a random location (like home-Kansas City). All the remote connections provide the user access to the Servers and Applications in the Kansas City office without having to physically go to the KC office and use the local Wi-Fi or hard wired network connection.
The line drawn with the green center has significance. A VPN starts as a standard TCP/IP connection (a story for another article). This is one of the two forms of connections that all computers on the Internet use. If you connect to download a web page, you connect using TCP/IP, and then your browser interprets that data and displays it to you. If you log into a web site that has a secured connection (you may have noticed the "https://" sites and pages), then it makes the same connection, but encrypts the data so that it is hard to intercept your private information. This is done using an encryption key (like a fancy Orphan Annie decoder ring) that the computers use on each end to change the data before it is sent, and then change it back when it is received. For https, the key is shared from the server (meaning that the web server creates a key that is unique to the visitor, shares it with the browsing computer, and then they both use it). This is called Secure Socket Layer, or SSL. Some VPN software used this technique for creating the connection. However the VPN key for is typically more complicated, and may even be pre shared (methods include being typed in to the VPN software on the connecting computer, typed as part of the user's authentication, or some other pre shared key).
It's called a pipe because the standard Internet Protocol surrounds the encrypted data like a pipeline of information from one location to another without allowing access to the data. Thus, the green line above with the lines around it represents encrypted data being shared across the public Internet through a VPN pipe.