VPN configuration

Sun May 14 07:23:42 EDT 2000

first the careats - i build network in UK, so i have no experience of US
specific detailed cost comparisions, but some of this stuff is qualitatively
the same wherever you are.

The costs for frame will depend on locations and carrier so lots of
variables - costs for VPN only ddepend on the tail circuits.

Probably VPN is cheaper.

I doubt you will get an SLA for a VPN unless you can use an "outsourced" VPN
service from a single ISP, whereas this is standard for Frame. If you use
multiple ISPs, then you probably cant predict where your traffic goesday by
day, and an enforceable SLA is unlikely to be available.

Even if you do use a single ISP VPN, there is likely to be more variation in
latency etc with VPN, as your traffic is not as well insulated from other
customers of the same ISP. This is not an inherant technical limitation,
just reflects relative product maturity and operating experience by a
carrier.

Frame is more "secure by design" - less overhead as no encryption normally
needed, which translates into more line bandwidth for your traffic, less
overhead for processing, cost on attached routers etc.

Bottom line - i would prefer Frame for paranoia, SLA etc, and you can
improve reliability with dial backup, dual access links etc as needed as
these are standard frame enhancements, but it is likely to cost more. I can
also insist on a lot more detail from the carrier, guaranteed latency and so
on. Finally, ISP IP networks tend to "churn" much more and 1 major cause of
outages is engineering change - less of these should translate into higher
reliability.

As an aside, differences in cost between these 2 should be of an issue here,
as the UK conurbations are a maximum of 500 miles apart vs 1000s for US, so
"long" distance costs are a lower proportion of a total carrier costs (or at
least should be - thats another argument).

Stephen

Stephen Hope C. Eng, Network Consultant, shope at datarange.co.uk,
Datarange Communications PLC, part of Energis, WWW:
http://www.datarange.co.uk <http://www.datarange.co.uk/>
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4190 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776 4189

-----Original Message-----
From: Jeanne Wright [mailto:JeanneW at THORNTONOIL.COM]
Sent: Friday, May 12, 2000 12:46 PM
To: VPN at SECURITYFOCUS.COM
Subject: VPN configuration

I am working on a WAN design for a 130 store retail operation in 5 states. I
want to do credit card authorizations as well as data transfers and web
applications. The 2 main designs recommended by different companies are a
56K Frame or a 56K VPN.

Has anyone gone through this analysis already and found that one or the
other is better in uptime, throughput and security? I am leaning towards a
VPN but am concerned about the credit card authorization and the costs to
manage the VPN.

Thanks -

Jeanne Wright
Director of IT
jeannew at thorntonoil.com

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Datarange Communications PLC.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Datarange Communications PLC accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Datarange Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM