Today’s businesses expect a lot when it comes to their data networks. Speed, reliability, robustness, and scalability are just a few of the performance parameters with high standards from business users. One area in particular requiring special emphasis is security. Choosing the right network infrastructure is critical to ensuring that your security requirements are met end to end…and everywhere in between.
For example…. do NOT be so enamored with a traditional VPN backbone (e.g. Layer 2-based VPN services such as ATM and Frame Relay) that you overlook the drawbacks in maintaining the secure environment that your company applications will require. A standard VPN will not offer the same level of privacy and security as will a private dedicated backbone. At least not without extra effort on your part… and higher costs therefore in the long run.
A typical virtual private network (VPN) is a computer network that is layered on top of an underlying computer network. This is most commonly a public telecommunication infrastructure such as the internet. The private nature of a VPN means that the data travelling over the VPN is not generally visible to, or is encapsulated from, the underlying network traffic. Although it is run “layered” on top of a public pathway (the internet)…. secure segregation of the two is enacted through using encrypted tunnels to ensure that data cannot be accessed without authorization.
The purpose of a VPN is to enable remote locations and/or individual users (e.g. telecommute staff) to access a company’s network with some expectation of secure activity. An additional intent is to avoid the perceived high cost of owned or leased lines (dedicated circuits) that can only be used by one business. So, the goal of a VPN is to provide the organization with the same, secure capabilities, as a dedicated network. But at a much lower cost.
However that presumption is misleading. A traditional VPN network is not as secure as you likely expect and need. After all… it is still tied to a public infrastructure. A talented and persistent intruder can still defeat most encryption safeguards. Plus, a glitch in the hardware or software leaves your information open to public eyes. The appearance of failsafe privacy and security is really just that…. an appearance.
As for cost…. the price tag of the extra hardware and software to enable encrypted communication over your entire network is not cheap. Even though it may appear so compared to other options you may be considering. There’s much more to the cost than set-up, installation, and encryption software. Don’t overlook the maintenance, oversight, and trouble shooting of those safeguards. Particularly since you are responsible for all of that…. forever…. just to try and save a few pennies.
This is where MPLS comes in.
The architecture and protocols of MPLS (Multi-Protocol Label Switching) are predicated on the absolute privacy and security enabled via a dedicated network infrastructure. Put simply….. the entire network is completely separate and unto itself. You own it, share it with no one, and there is no connectivity of any kind with a public infrastructure. Now that is security.
To further drive home the main point of this entire article in simple terms….. with private lines or MPLS solutions, there is no path from the public into those network facilities. With VPN over the internet, the path is there and it’s your responsibility to provide your own security. Think of the difference between a brick wall, and a brick wall with a door. VPN over the internet is the wall with a door, and you have to manage the lock and keys.
Once your MPLS core is configured and operating….. you’re done. In fact it’s unlikely you would even have much involvement with that. Your provider will do it all for you. Since it’s a dedicated circuit network you are not responsible for the maintenance, oversight, and troubleshooting you would be with a VPN. In short…. it’s hands off for you. No recurring costs except the monthly “leasing” fee for the lines comprising your network.
Before you play the cost card….. look deeper. The price of all dedicated circuits has been dropping dramatically for the last few years. Whether it’s copper or fiber based…. the sticker shock days of old for dedicated T1 lines, DS3 Bandwidth, or SONET circuits (e.g. OCx) is long past. In fact…. probably the best deal for you today is pursuing MPLS over an Ethernet backbone. You’ll get the best of both security and cost savings.