Virtual private network installation and integration

This tip, courtesy of SearchNetworking.com, ensures that systems integrators and network consultants will have the tools to install and integrate VPNs successfully and efficiently.

Windows Networking Project Guide Get more tips and strategies on building, troubleshooting and securing your customer's Windows network.

If you have made the decision to move forward with a virtual private network (VPN), you'll want to ensure that the solution is installed correctly and integrates with the current environment. This is where the rubber meets the road in the effort to get the system up and running as efficiently (and correctly) as possible.

If you are at the point of installing and integrating the VPN solution, then hopefully you will have acquired VPN equipment that meets the following requirements:

1. Provides a software client that is compatible with the client systems deployed in your environment (e.g., do not buy the Windows 2000 version if you have Windows XP).
2. Has a server that supports interfaces required for your environment.
3. Provides security functionality that meets or exceeds corporate security policies.
4. Provides an adequate number of sessions, allowing for anticipated concurrent usage as well as room for future growth.
5. Provides maintenance options from the vendor. (Note: This is not a requirement, but if you are new to the VPN world and cannot justify supporting it, this is certainly an option.)

These are fundamental requirements. In addition, you will need to make sure that the installed clients can support the software (e.g., enough memory and the right operating system).

The key to a successful VPN deployment is proper planning and the right approach. If you plan properly and clearly identify all of your requirements and the integration points up front, the actual installation becomes an execution of a well-thought-out plan, including a detailed design, integration plan and testing plan.

Develop a detailed VPN design

There are three main components of a VPN solution: the VPN access server, the VPN client and the VPN software that is installed on the client.

In general, the client software is configured to match what the server is providing in terms of access, authorization and encryption. You will want to put your VPN concentrator in a secure location that can be firewalled off from the corporate network. In most cases, the VPN server will terminate IPSEC/SSL sessions from Internet VPN users, so putting the VPN server in a DMZ is always a good idea.

The detailed VPN design lays out all of the specific addressing, security, logical segmentation, physical connectivity and naming conventions that will be configured on the VPN server and the equipment that the VPN server connects to (such as a LAN switch in the DMZ). It is always helpful to define these details in advance because this ensures that you are covering all aspects of the integration before actually going out and installing and configuring the platforms.

Be sure to collect all the relevant VPN information (usernames/passwords, encryption details) that needs to be configured, and create templates for installation. These can then be used as troubleshooting tools as well.

Plan for testing and integration

A common oversight in VPN installation is the integration into the existing network. Vendors are famous for touting their solutions as "plug & play," when, in reality, modifications to the existing environment will have to be made in order to "plug" the solution seamlessly into the current network. You will need to design and configure VLANs, IP addressing and IP routing parameters on the current network in order to support the VPN. This should be a part of your detailed design.

Once the design is on paper, you should develop scripts for testing whether the solution delivers the required functionality once it is installed. This will allow for solution validation and drastically reduce those dreaded Day 2 installation calls (new system installed and no one can get it to work). If feasible, try to deploy the design in a proof-of-concept/pilot environment. If this is possible, you can develop the test scripts using actual solution parameters and screenshots.

Finally, you will want to develop the integration plan. This consists of two distinct entities. One is the resources and time frames required to deploy the solution, and the other is the tasks that will be executed during deployment (install, configure, test, and turn-over to production). If you plan ahead around these key areas, you will have no surprises when deploying the solution, and you will also be able to turn over to production with very little hand-holding of end users and support staff.

About the author
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has more than 10 years of experience providing strategic, business and technical consulting services. Robbie lives in Atlanta and is a graduate of Clemson University. His background includes positions as a principal architect at International Network Services, Lucent, Frontway and Callisma.

This tip originally appeared on SearchNetworking.com.

Rate this Tip To rate tips, you must be a member of SearchNetworkingChannel.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Developing a VPN Architecture VPN setup guide, part 2: How to configure Windows Vista workstations Vista VPN setup guide, part 1: How to configure Windows Server 2008 How can VARs determine which kind of VPN is the best fit for each customer's applications? Infonetics: Ethernet and IP MPLS VPN growth continues VPN tunnel troubles Establishing peer-to-peer wireless file transfers over a VPN How to set up a Windows VPN: A step-by-step guide VPN fundamentals for VARs and network consultants Exploring remote access VPN point-to-point tunneling solutions IPsec VPNs: Identity and authentication options VPN Equipment and Services Selling affordable VPN, branch networking in tough economy with Aruba Selling advanced VPN technology FAQ Virtual Private Network (VPN) Podcast For VPNs with both browser- and client-based access, why would anyone use the client-based method? As customers start using mobile devices, they are using fewer VPN-enabled desktops. Are there new VPN solutions that can be offered for mobile workers? How would a value-added reseller sell a new SSL VPN concentrator to a customer who already has a firewall/VPN? Access limitation on Cisco 3000 concentrators Implementing ISA servers Avaya Partner Program Checklist VPN fundamentals for VARs and network consultants Virtual Private Networks (VPNs) VPN setup guide, part 2: How to configure Windows Vista workstations Vista VPN setup guide, part 1: How to configure Windows Server 2008 Windows VPN client side troubleshooting Troubleshooting Windows VPN connectivity on the server side Windows VPN user account troubleshooting How to set up a Windows VPN: A step-by-step guide VPN fundamentals for VARs and network consultants SSL VPNs: Five popular products compared IPsec VPNs: Identity and authentication options VPN troubleshooting: Beyond the basics RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.