Virtual Private Networks (VPN)
VPNs are a channel through the Internet that are protected from outside interference: like eavesdropping, forgery, and illegal access. It does this by scrambling the data signal using encryption techniques. VPNs operate a bit like the Channel Tunnel: If you have to cross the Sea, where there are sharks and pirates, use the Tunnel. You can go from dry, safe land on one side to dry safe land on the other, without ever getting your feet wet. VPNs have two basic uses:
- As a cheap replacement for a leased line between two offices.
So if your company has a main office and a branch office somewhere, almost certainly the computers in the branch office will need access to the Servers in the main office. The most obvious way is to ask BT to provide you with a connection between the two offices - a so-called Leased Line, but this can be very expensive. The better solution is to provide each office with a Broadband Internet connection (almost certainly the Head Office already has one), and then join the two offices with a VPN. Many modern Broadband Modem/Routers have built in VPN technology, although it may cost a little extra, but beware, it's not usually possible to add the VPN software to a model that doesn't have it in the first place.
So establishing a secure private connection between two offices can be zero cost once you have bought the needed routers, and can be even cheaper if your existing routers already have the facility.
Some products make it very easy to establish a VPN by simply typing in the same secret word or phrase at both ends. If your product asks you to obtain a Public Key Certificate - call us for help..
- As a security mechanism when providing access for remote working.
See Remote Working below...
Remote Working
There are many techniques and products that claim to provide "Remote Working" facilities, they come in all shapes and sizes. If you are in any doubt that a product will provide the form of remote working that your business needs - contact Bazaar Systems.
Here are a number of basic network models for Remote Working. The way to select between them depends on what type of Network you have in the Office and at Home, and on the level of security you require.
Model One - For a single Office PC
This is the simplest form of Remote Working; suitable for a small business that has a PC in the Office (but not a server) running a number of packages, and a PC at home. The owner of the business simply wants to be able to operate the Office PC from home. Fortunately Microsoft XP has a built-in feature called "Remote Access" which is useful here. It allows the Home PC to look and feel like the Office PC.
The Home PC needs to use the "Remote Desktop Connection" software that is built in to WIndows XP. The Office PC needs to turn on the facility that allows the home PC to access it. This is done in the System Window (Control Panel > System ) by selecting the Remote tab. The Remote tab has two types of Remote Access: Remote Assistance and Remote Access. It is Remote Acess we need here; Remote Assistance is designed for Helpdesk and Support staff and needs to be turned on each time it is used - no good here, where the whole point is that the Office PC is unattended.
One minor problem with this facility is that while the Client software is built in to XP and freely obtainable for most prior Windows versions, the Access software is only built-in to XP Professional. So anyone using XP Home edition on their Office PC will need an upgrade to XP Pro. If you are in any doubt which version of XP you have the General tab of Control Panel > System will tell you.
Requirements:
- The Office computer needs either a fixed Internet address, host name or DDNS subscription.
- Windows XP professional
Security Considerations.
- You MUST have a good Firewall mounted on the Office PC.
Model Two - For an Office LAN
This is suitable for a small Office that has a number of PCs connected on a LAN. The LAN provides a sharing mechanism for services like Internet access and printers, but there are no Servers on the LAN. The simplest way to provide Remote Working is to buy a Router that supports IPsec. If you have a LAN then you probably already have a Router - it's the box that makes the LAN work. Depending on when you bought it, it may also function as an ADSL modem and Firewall. This model uses a VPN tunnel between the Remote Worker and the Office Router. This causes the Remote client to look as though it has been plugged into the local LAN.
L2TP
This is a proprietory Microsoft VPN protocol, so only works if you have Microsoft products at both end of the link. This shouldn't present a problem to domestic and very small businesses where a single PC is already connected to the Internet. However medium and large businesses are often reluctant to connect Microsoft products directly to the Internet as their reputation for security is not what it could be, and anyone cracking the Microsoft gateway would gain immediate access to the company's networks, servers, desktops,etc. This is despite the fact that large companies could afford to place highly expensive Firewalls in front of them. XP Home edition has a built-in L2TP client, but you need at least a Microsoft Server product as the Gateway at the Office end.
There are pros and cons with all these techniques depending on what you need to do. Contact Bazaar Systems if you want to discuss which would better meet your requirements.
With many years of design and implementation experience in this field, Bazaar Systems can help you establish not only the physical networks themselves, but also the DHCP and DNS structures that are needed to make them work. 
Return to Top of Page