Should I use a hardware or software VPN?

Continue Reading This Article

Get IT Done: Software VPN vs. hardware VPN
Submit your e-mail address below. Unfortunately, IPsec is much harder to configure correctly, and requires that you issue every VPN client a digital certificate or a group preshared secret. For example, some appliances generate an install package that contains both the VPN software and configuration. Tsahi Levent-Levi explains how Azure outage spotlights cloud infrastructure choices One difference in Microsoft's cloud infrastructure design may have contributed to the extended outage this week in an Azure

Software vs. hardware VPN

IT managers often have to make decisions between hardware and software to do a job. VPNs can be supported by a variety of devices. Should you consider relying on your routers or other dedicated hardware? Or, would it be cheaper or easier to configure some general-purpose file server with the correct protocols and applications? Unfortunately, there is no single golden rule that can answer these questions. Each network will present its own unique demands.

However, there are some general guidelines that can be used to help in the decision. The best predictor of IT project success is relevant experience with the technology and processes involved. For example, if you have a significant knowledge of Windows-based server networking, then a strong argument should be made for considering a software solution that shares the same platform as your network operating system NOS.

Being able to directly utilize existing user and group assignments and privileges make administration easier. Lower cost is another plus of a software system, especially when the basic software is already included in the cost of the NOS. In some cases, router manufacturers charge more for VPN capability in their products. Windows workstations have the necessary software to use Windows server VPNs, another factor in their favor. However, there are certainly several strong arguments against network server-based VPNs.

Security is perhaps the greatest concern. Worms and countless other cyber attacks are much more common on software-based systems. Exposing a server to the public network demands great diligence to stay ahead of patches, locking of common port vulnerabilities, and guarding against myriad other points of attack.

VPN authentication and encryption can also place a significant load on a general-purpose server. Unless you support a limited number of clients, you should dedicate a single system exclusively to providing VPN services. With a sufficient number of clients, software-based VPNs can become bogged down.

The maximum numbers of users that can be supported often expressed as the simultaneous number of tunnels are much lower than with a dedicated hardware solution. For example, Windows NT Server 4. Only the larger, more expensive, multiport routers have the custom application-specific integrated circuits ASICs and advanced technology to handle enterprise or service provider-level needs. High performance, massive client loads, redundancy, and load balancing are only possible when dealing with the largest dedicated hardware devices.

Support for additional networking protocols or triple Data Encryption Standard and Internet Protocol Security typically require more costly equipment. Administration is typically done through a web browser interface. Placing a VPN on a network potentially exposes it to unauthorized access. Make it a routine to check log files to detect who and when your systems are being accessed. Remember that firewall devices are of paramount importance to complement your overall security plans.

Another viable option to consider is the outsourcing of your VPN to your Internet service provider. Corporations have learned that offloading equipment maintenance and administration tasks to others for e-mail and application hosting may reduce costs. When going this route, consider account administration of your VPN users as a critical concern.

Historically, I tend to caution against solutions that take control out of the corporate computer room. Make sure that your provider can meet your demands for security, performance and ease of use.

For more information, read this tip on choosing the right VPN for your enterprise: VM templates in vSphere enable IT administrators to manage large environments by rapidly deploying fully configured VMs using the Creating a VM template is a fairly straightforward process. Even so, it's a good idea to familiarize yourself with Microsoft's Despite the enhanced separation that hyper-converged infrastructure can offer, it's better to mix environments and use rules to To effectively monitor hybrid cloud infrastructure -- without being overloaded with data and alerts -- IT teams need to rethink Azure Cloud Shell's browser-based model frees IT teams from installation headaches but presents some formatting and timeout One difference in Microsoft's cloud infrastructure design may have contributed to the extended outage this week in an Azure Email attacks are inevitable, so supporting incident response policies and procedures is necessary to ensure your enterprise is Exposing a server to the public network demands great diligence to stay ahead of patches, locking of common port vulnerabilities, and guarding against myriad other points of attack.

VPN authentication and encryption can also place a significant load on a general-purpose server. Unless you support a limited number of clients, you should dedicate a single system exclusively to providing VPN services. With a sufficient number of clients, software-based VPNs can become bogged down. The maximum numbers of users that can be supported often expressed as the simultaneous number of tunnels are much lower than with a dedicated hardware solution.

Only the larger, more expensive, multiport routers have the custom application-specific integrated circuits ASICs and advanced technology to handle enterprise or service provider-level needs.

High performance, massive client loads, redundancy, and load balancing are only possible when dealing with the largest dedicated hardware devices.

Support for additional networking protocols or triple Data Encryption Standard and Internet Protocol Security typically require more costly equipment. Administration is typically done through a web browser interface. Placing a VPN on a network potentially exposes it to unauthorized access.

Make it a routine to check log files to detect who and when your systems are being accessed. Remember that firewall devices are of paramount importance to complement your overall security plans. Another viable option to consider is the outsourcing of your VPN to your Internet service provider. Corporations have learned that offloading equipment maintenance and administration tasks to others for e-mail and application hosting may reduce costs.

When going this route, consider account administration of your VPN users as a critical concern. Historically, I tend to caution against solutions that take control out of the corporate computer room. Make sure that your provider can meet your demands for security, performance and ease of use.


Leave a Reply