VPN configuration

[Bennett Todd]

If you're passing credit card auth, I'd definitely specify VPN (in
the sense we use the word in these parts, for encrypted network
links). It would probably be a good idea, if you can afford the
infrastructure costs (or if you don't also need internet access to
these 130 stores) to do it over dedicated links (e.g. frame), just
for performance and reliability. But I wouldn't plan on trusting a
frame provider to never have their systems compromised, nor to never
make a config mistake exposing your traffic to other companies.

If uptime and performance are critically important --- seems like
they would be --- then you've got an interesting network design
problem as well, probably worth getting a routing god to help you
there. I'd guess (and this is just a guess, I'm not that
knowlegeable about routing) that the best organization for that
many end nodes would involve two levels of structure, where shops
are assigned to regions, every shop in a given region has links to
at least two regional hubs, and all the regional hubs, primary and
backup, are fully-meshed.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20000512/b777393f/attachment.pgp