Virtual Private Network Design: Scope, Limitation, And Implementation

Scope of Virtual Private Network Design

A virtual private network is designed for a small and medium enterprise after the analysis of the service requirement and the protocols used for the development of a VPN network solution. An analysis is made on the architecture that should be used for the development of the network and a road map of the process is interpreted in the report for following it and support the administrator for the management of the development process of the project. The technologies that can be applied for increasing the efficiency and scalability of the network framework is analyzed such that it can be implemented for meeting the long term goals of the organization. The scope and limitation of the project is analyzed and a solution design is created before starting the project development process such that the design is evaluated by aligning it with the requirement of the organization.

The scope of designing the VPN network design are as follows:

• Use of secure authentication mechanism and changing password on regular basis for increasing the security of VPN network
• Selection of type of VPN depending on the requirement and structure of the organization.
• Bypassing the filtered and blocked websites and access all the websites and services
• Increasing the efficiency of bandwidth and network with the implementation of VPN.
• Reducing the cost of maintenance and communication for communicating with the remote branches

 The limitation for designing the VPN network are as follows:

• Understanding the installation and configuration of the security issues of the network for ensuring sufficient protection is implemented for the network
• Ensuring reliability and performance for the internet based VPN and application of sufficient protection for the organizational resources
• Compatibility of the different VPN product with the equipment used for the development of the network
• Selection of the router and the transmission link for eliminating the risk of slower VPN speed and testing it according to the requirement.

There are different component that are needed for the development of the network solution and there are different elements that are needed for the management of the components. A client VPN software is needed for establishment of secure connection with the remote branch. The routers should be selected such that it have support of VPN and firewalls should be deployed such that legitimate VPN traffic are allowed to access the internal network of the organization. A VPN server is needed to be installed in the network for management of the session and management of the incoming data traffic for maintaining access of the network resources. The channels used for communication should be encrypted and the physical access of the VPN server should be restricted for the management of high level security.

The network topology of the VPN network infrastructure is developed with the use of public telecommunication network and the WAN is extended from the core site to reach the branches of the network. Proper encryption technique is applied and security procedure is applied for keeping the data private. The implementation of VPN helps in enabling the company to share distributed data and application without much expense [12]. Dedicated leased lines are not needed for transmitting the data packets and internet can be used for serving the needs of the users and improve the performance of the organization. There are different network monitoring tools that can be applied for the identification of flow of data packet and the selection of the topology.  

Subnet Name	Needed Size	Allocated Size	Address	Mask	Dec Mask	Assignable Range	Broadcast
Admin network	50	62	193.177.30.128	/26	255.255.255.192	193.177.30.129 – 193.177.30.190	193.177.30.191
Finance Network	100	126	193.177.30.0	/25	255.255.255.128	193.177.30.1 – 193.177.30.126	193.177.30.127
Sales Network	200	254	193.177.28.0	/24	255.255.255.0	193.177.28.1 – 193.177.28.254	193.177.28.255
Dispatch Network	150	254	193.177.29.0	/24	255.255.255.0	193.177.29.1 – 193.177.29.254	193.177.29.255

Limitations for Virtual Private Network Design

The following are the security implication that can be applied for increasing the security of the VPN network.

• The connection of VPN can be strengthened with the deployment of firewall
• An IDP or IPS system can be deployed for monitoring the attack and increasing the efficiency of the system
• The remote client should be installed with Antivirus software for prevention of spread of virus in the network [6]
• The logging of the user into the server should be managed and auditing function should be implemented for recording the unauthorized attempts and reviewing the vulnerability of the network.

The network policy should be developed for the deployment of the network framework and provide guidelines to the user for the appropriate usage of the VPN and distribute it to the responsible people for controlling and governing the usage of VPN. The user access policy should be developed for the management of the access rights for the user and providing them to access the necessary resources.

The servers should be connected via redundant link for the management of the network loads and reduce the risk of unavailability due to failure of link. The data traffic in the network is needed to be managed and the servers should have support for virtualization such that it can be used for serving more number of users [2]. A regular backup of the network should be performed and stored in remote location such that it can be used for restoring the network in case of disaster and no data is lost. A power backup plan should also be created such that the situation of power outrages can be handled and the uptime of the network is increased.   

For the implementation of the VPN service a research is done on the business needs and it is found that VPN can be deployed for getting various service such as:

Remote access VPN – This is used for connecting a remote user using mobile or home network to connect with the private network of the organization. The VPN is used for permitting secured, encrypted connectivity between the private network and remote users.

Intranet VPN – This type of VPN is created for establishing connection between two fixed location and it can be branch to branch, head office to branch, etc [5]. This protocol is used for joining multiple remote location and work as a single private network.   

Extranet VPN – It is used for connecting the business partner of the organization for example customer, supplier and allow the user to work with other parties and securely share data in the shared environment.

WAN replacement – VPN can be used as an alternative to WAN because the maintenance cost of WAN is much higher specially in case of network dispersed over a larger geographical area. A less cost is required for VPN because the overhead cost for management of WAN is higher and the scalability is higher [10]. The reliability and performance of the network can be improved with the implementation of VPN and creating a tunnel for communication via the internet.

Components Needed for VPN Connection

Conclusion

It can be concluded that it is essential to identify the scope and limitation of the project for identification of errors and resolving it before deployment of the network framework. The requirement of the organization is needed to be analyzed such that it helps in analyzing the VPN parts and service essential for the development of the project. The network topology that should be followed for the development of the network is needed to be identified and an IP addressing plan is created for the configuration of the network interface of the hardware device essential for the development of the network framework. AN analysis is made on the security requirement of the organization and a security feature and policy is applied to the network for increasing the security of the network. A redundancy and failover plan is created for increasing the availability of the network and provide service to the users.

Aguado, Alejandro, et al. “VPN Service Provisioning via Virtual Router Deployment and Quantum Key Distribution.” 2018 Optical Fiber Communications Conference and Exposition (OFC). IEEE, 2018.

Aznar, José, et al. “CNSMO: A Network Services Manager/Orchestrator tool for cloud federated environments.” Ad Hoc Networking Workshop (Med-Hoc-Net), 2016 Mediterranean. IEEE, 2016.

Baranda, Jorge, et al. “Orchestration of end-to-end network services in the 5G-Crosshaul multi-domain multi-technology transport network.” IEEE Communications Magazine7 (2018): 184-191.

Baucke, Stephan, et al. “Cloud API support for self-service Virtual Network Function (VNF) deployment.” Network Function Virtualization and Software Defined Network (NFV-SDN), 2015 IEEE Conference on. IEEE, 2015.

Brown, Gabriel. “Mobile edge computing use cases and deployment options.” Juniper White Paper(2016): 1-10.

DeLong, Mark R., et al. “Protecting sensitive research data and meeting researchers needs: Duke University’s Protected Network.” arXiv preprint arXiv:1710.03317(2017).

Hong, Tae Chul, et al. “Network architecture for control and non-payload communication of UAV.” Information and Communication Technology Convergence (ICTC), 2016 International Conference on. IEEE, 2016.

Khan, Ateeq, et al. “Variability management in Infrastructure as a Service: Scenarios in cloud deployment models.” Computing, Networking and Communications (ICNC), 2017 International Conference on. IEEE, 2017.

Liang, Chengchao, and F. Richard Yu. “Wireless network virtualization: A survey, some research issues and challenges.” IEEE Communications Surveys & Tutorials1 (2015): 358-380.

Liu, Guojun, et al. “Evolution Models of Power Communication Network Management Based on IPv6 Network.” 2015 International Conference on Industrial Technology and Management Science. Atlantis Press, 2015.

Perrig, Adrian, et al. “Deployment and Operation.” SCION: A Secure Internet Architecture. Springer, Cham, 2017. 191-239.

Shankar, R., and S. Duraisamy. “Different Service Models and Deployment Models of Cloud Computing: Challenges.” (2018).