What is a Virtual Private Network?

Before the Internet became widely used (around the mid-1990s), companies whose offices extended beyond one geographical location had to lease point-to-point circuits (e.g. T1) to connect remote offices to the main office. As network technology evolved, devices that allowed the set up of logical circuits between sites through the Internet were developed. These logical connections were effectively point-to-point, and the remote sites connected by these logical circuits became virtually part of the overall company network. No longer did a company need to lease dedicated point-to-point circuits, all they needed were these devices, Internet access, and they were set. These devices were said to have virtual private network (VPN) capabilities. The virtual private network definition evolved from this concept. In the second half of the 1990s (1996 or later), the Internet became widely used and accepted for commercial application. At roughly the same time, some of workforce started becoming mobile. VPN technology came into play again; this time allowing the mobile workforce to work remotely using their laptop and a dialup modem. These laptops became VPN clients to what is called a VPN concentrator or server. These servers extended the company's network to its remote workforce.

Today, VPN capability is everywhere. Checkpoint was one of the VPN pioneers, but today, many routers and firewalls typically have such capability built-in. Many companies also provide VPN concentrator/server offerings as well. The question still remains. What is a virtual private network?

You can find the virtual private network definition in Wikipedia, but if you are an average computer user, you might just get confused, as is implied by Wikipedia. Without getting too technical, a virtual private network is technology that allows a main computer network (say of a private organization or company) to extend its boundaries beyond its physical boundaries using hardware that understands certain communication protocols (PPTP, IPSec, L2TP) that allow it to tunnel through another network/circuit (typically the Internet) to its remote extension directly to a client or another network. This tunneling protocol allows computers, servers, and other network devices to treat similar devices on the remote side like they are on the same network. As previously noted, companies used to lease expensive T1, T3, or some expensive point-to-point circuits in order to achieve this. And when the Internet became more commercialized, virtual private network technology evolved!

There are three basic applications of VPNs:

• Branch office connection
• Organizational network partnership
• Remote access (mobile users)

With the higher Internet speeds available now to companies, branch office VPN connection isn't that uncommon. At the company I work for, for example, we connected a small 5-person branch office to the main company network by getting the branch business class Internet service and establishing a VPN connection between that branch and the main office.

Organizational network partnerships is less common. Interestingly enough, the same company I work for outsources its financial system off site. The financial system is effectively hosted on a farm of servers outside the my company's network. It was actually located several hundred miles away. To access the outsourced computing services, my company established a partner VPN connection between their network and ours. This VPN connection was established as a tunnel through the Internet. From the perspective of computers on both ends, the VPN tunnel provided a WAN-like (wide area network) link. Note that the subnetworks on both sides don't even use Internet-routable IP addresses! And yet the two networks are able to connect with the aid of VPN technology.

The most common application of VPN technology today is remote access where mobile users connect to their headquarters using their remote access VPN client, their high-speed Internet access, and their laptop. Users typically just need to know their VPN server/concentrator IP address or host name (a name that resolves on the Internet), their network login name and password, and possibly a secure token (which allows for a 2-factor login and authentication). Once they have these essentials, users can setup their VPN client. Starting with Microsoft Windows 2000 the native VPN client is based on the PPTP protocol.

The virtual private network definition can be summed up as technology that allows a computer network to extend its reach beyond its physical boundaries. When applied in a branch office connection or in an organizational network partnership , the virtual private network (VPN) is a logical WAN link. When applied for remote access, the VPN extends the reach of the main network, typically through the Internet. The client computers know no better as the IP address they obtain is within the IP address range of the main network.