1.1 What Does a VPN Do?
A virtual private network is a way to simulate a private network over a public network, such
as the Internet. It is called "virtual" because it depends on the use of virtual connections—that
is, temporary connections that have no real physical presence, but consist of packets routed
over various machines on the Internet on an ad hoc basis. Secure virtual connections are
created between two machines, a machine and a network, or two networks.
Using the Internet for remote access saves a lot of money. You'll be able to dial in wherever
your Internet service provider (ISP) has a point-of-presence (POP). If you choose an ISP with
nationwide POPs, there's a good chance your LAN will be a local phone call away. Some
ISPs have expanded internationally as well, or have alliances with ISPs overseas. Even many
of the smaller ISPs have toll-free numbers for their roaming users. At the time of this writing,
unlimited access dial-up PPP accounts, suitable for business use, are around $25 per month
per user. At any rate, well-chosen ISP accounts should be cheaper than setting up a modem
pool for remote users and paying the long-distance bill for roaming users. Even toll-free
access from an ISP is typically cheaper than having your own toll-free number, because ISPs
purchase hours in bulk from the long-distance companies.
In many cases, long-haul connections of networks are done with a leased line, a connection to
a frame relay network, or ISDN. We've already mentioned the costs of leasing a "high cap"
leased line such as a T1. Frame relay lines can also give you high speeds without the mileage
charges. You purchase a connection to a frame cloud, which connects you through switches to
your destination. Unlike a leased line, the amount you pay is based more on the bandwidth
that's committed to your circuit than distance. Frame connections are still somewhat
expensive, however. ISDN, like the plain old telephone system, incurs long-distance charges.
In many locations, the local telephone company charges per minute even for local calls, which
again runs expenses up. For situations where corporate office networks are in separate cities,
having each office get a T1, frame relay, or ISDN line to an ISP's local POP would be much
cheaper than connecting the two offices using these technologies. A VPN could then be
instituted between the routers at the two offices, over the Internet.