Friday, January 1, 1999

Virtual private networks and Domino servers

FROM GROUP COMPUTING

By Doug Dillaman

If you're a Notes or Domino administrator, you probably worry about costs and security, especially if your network contains Domino servers in remote locations.

How can you keep such a network secure? You can connect the servers by dial-up phone lines of course, but your costs will probably be high and difficult to control, as users log in and out on a schedule that suits them, not your budget. You can also connect the servers with a WAN, which may give you higher speed at a cost you can control. But a WAN will probably be even more costly than phone lines.

That leaves the Internet, which is inexpensive and readily accessible from almost any part of the world. Nevertheless, many administrators would rather not take the security risk of exposing their Domino servers to the Internet.

Fortunately, there's an alternative: a Virtual Private Network (VPN), which combines the security of a Wide Area Network (WAN) with the ubiquity and inexpensiveness of the Internet. Will a VPN solve your problems? Before we answer that question, let's see what a VPN is.

Internet vs. VPN

Let's start by first taking a look at the Internet. The Internet is simply a huge TCP/IP network, not unlike the LAN or WAN that links the computers in your office. The Internet contains a huge number of fixed IP addresses that are assigned to specific computers, such as Web servers. These fixed addresses are in contrast to the dynamic IP addresses that are pooled by ISPs and assigned to users when they call in to the Internet. The ISP is assigned a set of fixed IP addresses, and when a caller dials in, an IP address from that pool is dynamically and randomly assigned to the caller.

Because the Internet is really a TCP/IP network, file servers can be networked together over the Internet just as they can be on a LAN or WAN. Simply provide a dedicated address for each server, perform some quick network configuration, and you have a LAN or WAN over the Internet.

For some businesses, such a network is an attractive option. They might have a central office with a large network (and an IS department to match), connected to small branches with local file servers. The branch offices may be too small to have their own administrators or to be part of a WAN, with a large WAN pipe entering every office. If a great deal of data is regularly transferred between offices, however, a phone line network will probably be quite expensive. But an Internet network solves these problems: you don't need dedicated administrators or a large WAN pipe in every office, and you certainly won't incur long-distance phone charges.