Ready for rollout

Advances in VPNs (virtual private networks) seem to appear almost on a daily basis. Aimed at bringing networks together in a secure, cost-effective manner, the technology generally lives up to its promises. However, there are some trade-offs and fledgling areas of development.

For starters, only a handful of interoperable products are now shipping. Although the core protocols are fairly stable, significant work remains to be done within the IETF and the IPSec community. Also, while VPN devices offer a cost-effective alternative to leased lines or frame relay for remote offices and extranets, bear in mind that your service provider can't guarantee VPN performance (or any network performance) once the traffic leaves its network. If you require predictable performance, such as throughput or latency, stick with frame relay or leased lines. But if minimizing costs is a more important consideration for your remote networking, VPNs are well-positioned to hook you up.

As is typical of technologies that are still new on the scene, VPN management processes and platforms are somewhat clunky and difficult to use, especially compared to remote-access servers and other network-infrastructure devices. But remarkably, the vendors are making real improvements based on customer feedback. Despite a few rough edges, VPN technology is viable now.

LAN-to-LAN VPNs promise to bring diverse networks together regardless of the underlying infrastructure. With a major IPSec RFC on the standards track at the IETF, interoperable products have been shipping for about 18 months. In light of this, we gave VPNs a middling score for maturity. The ICSA has been certifying VPN products as interoperable since May 1998 and currently lists 12 products as interoperable. While the level of interoperability is somewhat limited, at least in version 1.0 of ICSA certification, the criteria is adequate to ensure usability in a multivendor environment.

For example, current products support...