Effort required to setup and maintain a VPN
Jon Carnes
jonc at HAHT.COM
Tue Jan 4 10:45:32 EST 2000
Chris is 100% on the mark.
The human-factors load caused by handling our dial-up VPN clients is
stunning. On going "maintenance" for Dial-up VPN is about 1000x that of our
network to network based VPN's.
Jon Carnes
MIS - HAHT Software
----- Original Message -----
From: "Chris Carlson" <carlsonmail at YAHOO.COM>
To: <VPN at SECURITYFOCUS.COM>
Sent: Tuesday, January 04, 2000 12:01 AM
Subject: Re: Effort required to setup and maintain a VPN
> Joe,
>
> Not sure about managed VPN services, but I can give
> you information on the effort to maintain a 7,500
> person VPN system at my customer site.
>
> 1) Account creation/deletion issues
> 2) Rollout/update of VPN client software
> 3) User training, Help Desk support, 24x7 support
> 4) Additional VPN servers (for global geographic
> coverage)
> 5) System upgrades, patches, network monitoring
> 6) Unforeseen requirements (support for third-parties,
> emergency access, etc.)
>
> While managed VPN services would address items 4 and
> 5, I can say that most of the effort and budget is on
> human capital to support items 1, 2, and 3.
>
> My team of two full-time and five matrixed employees
> handle items 4, 5, and 6 of our VPN system in-house.
> But items 1, 2, and 3 have required upwards of 75 full
> and part-time employees spread across the US, Europe,
> and Asia! Cross-training, making the system painless
> and effortless to manage, role-based administration,
> access control considerations, user and system level
> reporting, security logs, disaster recovery, and
> real-time account histories (including adds, mods,
> deletes, and terms) all play an important
> consideration on top of the technical features.
>
> Please investigate these soft issues while you perform
> your due-diligence on managed VPN services.
>
> One former customer of mine had 2 FTEs and 6 matrixed
> employees to manage a 20,000 person dial-in
> infrastructure. But how hard is it to configure
> dial-up networking, static passwords, and an 800
> number on a user's machine?? Installing third-party
> VPN software, rolling out global ISP provider phone
> numbers and dialers, adding new user accounts, and
> distributing SecurID/ACE token cards for strong
> authentication blew their personnel budget out of the
> water. Their managed WAN provider which tried to
> pitch managed VPN services couldn't address any of
> these issues!!
>
> Good luck with your efforts!
>
> Chris
> --
>
> --- Joe Nall <joe at NALL.COM> wrote:
> > In a recent local debate about managed VPNs the
> > following questions came
> > up:
> > How many hours does it take to set up a VPN?
> > How much time per month do you spend taking care of
> > it?
> > What factors affect admin load the most?
> >
> > I'm looking for personal experiences or opinions.
> > We had local answers
> > from 10 minutes to set up and no effort to maintain
> > to months to set up
> > and full time to maintain.
> >
> > Curious,
> > Joe Nall
> >
> > VPN is sponsored by SecurityFocus.COM
> >
>
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://messenger.yahoo.com
>
> VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list