Clearing Away Virtual Cobwebs

If you are confused about virtual private networks (VPNs), join the club: This common confusion stems from multiple interpretations of a broad definition and frequent misuse of industry jargon.

TWO INTERPRETATIONS OF ONE DEFINITION

A VPN is broadly defined as a private network that uses a public network's infrastructure. This definition has given rise to multiple interpretations, two of which are extremely common. (See "VPN Glossary.")

The first interpretation defines a VPN as a private network that tunnels encrypted packets across an existing IP-based network, such as the Internet or an intranet. All of the VPN solutions discussed in this article are IP-based solutions.

The second interpretation specifies a VPN as a carrier-based service that tunnels encrypted packets through a switched network, such as a frame-relay network or an asynchronous transfer mode (ATM) network. This switched network is privately owned by a telecommunications carrier or an Internet service provider (ISP), but the network is shared by all of the service's customers.

AT&T is a leading provider of carrier-based VPN services, such as its WorldNet Intranet Connect Services (WICS), a global frame-relay network that connects IntranetWare and NetWare networks. CompuServe also offers carrier-based VPN services. CompuServe's primary service, NT Link, tunnels IP, IPX, and other network protocols through a global, high-speed network that includes frame relay, ATM, and packet connections.

JARGON USE AND ABUSE

The confusion about VPNs is also caused by frequent misuse of industry jargon. For example, some articles use the term extranet interchangeably with the term VPN. Although these terms are related, they do not denote the same thing. An extranet is a secure connection that companies use to conduct electronic commerce. You can use a VPN as an extranet solution, just as you can use a VPN as a LAN-to-LAN connectivity solution or as a remote access solution.

The often ambiguous use of the term tunnel also contributes to the confusion surrounding VPNs. When VPN devices exchange encryption keys and establish a confidential session over the Internet, that session is called a tunnel. Encrypted packets are then tunneled across the Internet; that is, these packets are wrapped within tunneling protocols, such as Layer 2 Tunneling Protocol (L2TP). (See "VPN Glossary.") Further confusing the VPN issue is that tunneling protocols are often mistakenly described as if they alone created a VPN. However, tunneling protocols only wrap packets; they don't encrypt the data these packets contain.