dcsimg
Login | Register   
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


advertisement
 

Build a Robust Network and Security Foundation for Web Services : Page 3

Entrust your Web Services to a multi-layer security architecture enabled by firewalls and virtual private network technology.


advertisement

WEBINAR:

On-Demand

Application Security Testing: An Integral Part of DevOps


Site-to-Site VPNs: Build Enterprise-Level VPN Networks
Networks are common barriers to the deployment of an application. The distributed nature of Web services makes flexible network facilities a necessity. Fortunately, VPN technologies enable a high degree of flexibility while enabling secure messaging.

  Hub-and-Spoke Networking Model
Figure 1 | Click here to get a close-up view of the hub-and-spoke networking model.

Microsoft ISA Server and Windows 2000 provide a model known as site-to-site VPN networking to establish VPN connectivity between business partners and their networks. This model enforces security between gateways (perimeter machines that encrypt/decrypt traffic on behalf of other machines). The Windows 2000 Routing and Remote Access (RRAS) service allows the secure interconnection of private networks over a public network (such as the Internet). This network connectivity technique enables two servers—separated on a public network—to create a logical tunnel for data traversing private networks. To the end-user, RRAS VPN services operate as a traditional network router. For the administrator, all VPN connections are maintained in an easy-to-manage interface. For the business owner, inexpensive—but effective—site connectivity is achieved.



Traditional VPN systems are often based upon simple point-to-point connectivity—typically geared toward building a hub-and-spoke networking model. This model is very beneficial if a single provider serves multiple clients (and the clients do not communicate between each other). This model has commonly been used in branch-office transactional systems that must interact with a single location (see Figure 1).

  Mesh VPN Architecture
Figure 2 | Click here to get a close-up view of the mesh VPN architecture.

With Microsoft VPN solutions, a hub-and-spoke VPN system can be implemented quickly. However, to accommodate time-sensitive technologies and uncertain routing conditions to the Internet for a large networking scenario, a dynamically routed "mesh" VPN solution is best. A mesh VPN solution is desirable if all locations on a network require access amongst each other (see Figure 2).

The key to effective VPN solutions is the minimization of transitive paths between sites. In a hub scenario, each intranet site must route through the data center to reach other intranet sites. Again, for time-sensitive transactions, this practice is quite detrimental to performance. The mesh concept alleviates this issue.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date