An IP-based virtual private server (IP-VPN) enables organizations to connect their sites and subordinate centers with different needs to the same network regardless of their location in a country. This facilitates intercommunication and gathers all required services in a dedicated integrated network. The service also enables users to access software as well as “cloud” applications across a country, city or a province. HiWEB wide static and mobile networks make feasible creation of an integrated network for organizations and companies in more than 500 cities in Iran. Depending on costumers’ demands, HiWEB can also provide redundancy services and applications.
Different Types of VPN Based on Encryption
Encrypted VPN connections employ various encryption mechanisms for secure transmission of information over a public network. A good example is the IPsec VPN network.
This type of VPN connects two or multiple private networks so that they can share resources. However, in such networks either the sent information is not important or the security is provided through methods other than encryption. One method is traffic routing through multiprotocol label switching (MPLS)VPN. Traffic separation means the information exchanged between two private networks are only routed to them. In such methods the security can be provided in higher layers such as SSL.
Both methods may provide reliable security depending on the security policy of the organization; however, encryption method is commonly used in securing VPNs. Use of other VPNs, MPLS for instance, depends on how securely and comprehensively the routing operation is implemented.
Different Types of VPN Based on Implementation Layer
VPNs are implemented based on The Open Systems Interconnection model (OSI model) and therefore can be classified accordingly. The layers can be highly important in securing VPN connections. For example, the layer on which encryption is performed can highly affect the size of encrypted traffic. The level of VPN transparency for users is also associated with implementation layer.
Data-Link Layer VPN:
Using data-link layer (layer 2 of OSI mode), two private networks can be connected through protocols such as ATM and Frame Relay. Although this mechanism seems appropriate, it is costly, since it requires a dedicated layer 2. Frame Relay and ATM protocols do not provide security, since they can only separate traffics on layer two based on which connections they belong to. Therefore, if higher security measures are required, more appropriate encryption mechanisms must be employed.
Network Layer VPN:
Network Layer VPNs use layer 3 tunneling protocols and/or encryption techniques, an example of which is IPsec Tunneling protocol. Other examples are Generic Routing Encapsulation (GRE) and Layer 2 Tunneling Protocol (L2TP). It should be noted that L2TP establishes the tunnel in layer 2 traffic, but uses layer 3 for this purpose; therefore, it is classified as a network layer VPN. This layer is very appropriate for implementing encryption. In the next sections we will elaborate on this VPN type.
Application Layer VPN:
This type of VPN is created to work with specific applications. SSL-based VPNs are good examples of this category. SSL provides encryption between the web browser and the server running SLL protocol. SSH is another example which is known as a secure encryption mechanism for logging into different parts of a network. A disadvantage of this type is that as new services and applications are added, the protocol should be re-implemented to support them.
VPNs of this type connect multiple private networks inside an organization. This VPN is used when distant branches or offices of an organization should be securely connected to a central network.
Extranet VPNs are used to connect two or more private networks of multiple organizations. These are commonly used for business-to-business (B2B) scenarios where two or more companies require business communications.