VPN

Stephen Hope shope at ENERGIS-EIS.CO.UK
Wed Jan 31 03:43:46 EST 2001 

Claribel,

this is long reply as every so often i spend a fair amount of time getting
involved in exactly this kind of issue.

For this level of problem - the VPN is an "irrelevant complication".

The answer to this has a lot more to do with the application structure and
database design.

The Q you are actually asking is "if the network link vanishes between a
client and a  database server during a transaction, does the application /
database leave the data in a clean state".

In practise, this should only be a problem if the users are making changes
to the database. Read only accesses should not change the database, so there
should be no oppotunity to get the change corrupted (the old saying that a
bad application programmer can break a good system design any day of the
week may apply here...)

If the "hit" happens between starting a database change and completing it -
hopefully the database commits all of the change or none. "transaction
integrity" is a fundamental requirement for any production system but is
very difficult to test comprehensively. This gets much harder with systems
which talk to multiple back end databases, as all the associated
transactions have to be co-ordinated.

The fact that the network between client and server happens to cross a VPN
does not affect the answer - the whole point of a VPN is just more choices
for how traffic gets from A to B, and "should" be invisible to applications.
In practise there can be visible effects, such as latency, jitter, supported
MTU, connection setup delay and so on. But that is something you need to
test anyway.

There is a long tradition of computer applications which are written making
some real bad assumptions about the underlying networks - the famous ones
are "zero latency, infinite bandwidth", but the ones that cause the most
trouble are often "no jitter, no faults, no retries or interruptions in
service".

Applications are a lot easier to get wrong for client server or 3 tier
networks simply as the components are more likely to be distributed. I
recommend that you give software development a simulated network to test the
app on...

Of course VPNs are new tech, and run over the Internet, both of which are
likely to make the network performance more variable than a traditional
private line system.

Anyway - 1 line answer - VPN should not affect this problem - the is just a
type of network in this circumstance, and the fault lies with the relevant
application.

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Balance, Claribel
> [mailto:Claribel.Balance at HHS.CO.SANTA-CLARA.CA.US]
> Sent: 30 January 2001 23:54
> To: VPN at SECURITYFOCUS.COM
> Subject: FW: VPN
>
>
> -----Original Message-----
> From: Tina Bird [mailto:tbird at precision-guesswork.com]
> Sent: Tuesday, January 30, 2001 2:48 PM
> To: Balance, Claribel
> Subject: Re: VPN
>
>
> Please forward this question to vpn at securityfocus.com
>
> On Tue, 30 Jan 2001, Balance, Claribel wrote:
>
> > Date: Tue, 30 Jan 2001 15:31:14 -0800
> > From: "Balance, Claribel"
> <Claribel.Balance at hhs.CO.Santa-Clara.CA.US>
> > To: "'tbird at precision-guesswork.com'"
> <tbird at precision-guesswork.com>
> > Subject: VPN
> >
> > I was just reading through your website and just getting my
> feet wet with
> > regards to VPN. Do you happen to know if a database gets
> corrupted with
> the
> > use of VPN if one is in the middle of a session and the
> system goes down?
> I
> > heard this from my manager who was present at a vendor
> presention and
> would
> > just like to find out its validity.
> >
> > Any information you may have with regards to this would be of help.
> >
> > Claribel R. Balance
> >
>
> VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html
> life: http://kubarb.phsx.ukans.edu/~tbird
> work: http://www.counterpane.com
>
> VPN is sponsored by SecurityFocus.COM
>

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list