Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Build a Robust Network and Security Foundation for Web Services : Page 3

Entrust your Web Services to a multi-layer security architecture enabled by firewalls and virtual private network technology.


advertisement
Site-to-Site VPNs: Build Enterprise-Level VPN Networks
Networks are common barriers to the deployment of an application. The distributed nature of Web services makes flexible network facilities a necessity. Fortunately, VPN technologies enable a high degree of flexibility while enabling secure messaging.

  Hub-and-Spoke Networking Model
Figure 1 | Click here to get a close-up view of the hub-and-spoke networking model.

Microsoft ISA Server and Windows 2000 provide a model known as site-to-site VPN networking to establish VPN connectivity between business partners and their networks. This model enforces security between gateways (perimeter machines that encrypt/decrypt traffic on behalf of other machines). The Windows 2000 Routing and Remote Access (RRAS) service allows the secure interconnection of private networks over a public network (such as the Internet). This network connectivity technique enables two servers—separated on a public network—to create a logical tunnel for data traversing private networks. To the end-user, RRAS VPN services operate as a traditional network router. For the administrator, all VPN connections are maintained in an easy-to-manage interface. For the business owner, inexpensive—but effective—site connectivity is achieved.



Traditional VPN systems are often based upon simple point-to-point connectivity—typically geared toward building a hub-and-spoke networking model. This model is very beneficial if a single provider serves multiple clients (and the clients do not communicate between each other). This model has commonly been used in branch-office transactional systems that must interact with a single location (see Figure 1).

  Mesh VPN Architecture
Figure 2 | Click here to get a close-up view of the mesh VPN architecture.

With Microsoft VPN solutions, a hub-and-spoke VPN system can be implemented quickly. However, to accommodate time-sensitive technologies and uncertain routing conditions to the Internet for a large networking scenario, a dynamically routed "mesh" VPN solution is best. A mesh VPN solution is desirable if all locations on a network require access amongst each other (see Figure 2).

The key to effective VPN solutions is the minimization of transitive paths between sites. In a hub scenario, each intranet site must route through the data center to reach other intranet sites. Again, for time-sensitive transactions, this practice is quite detrimental to performance. The mesh concept alleviates this issue.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date