With those results in hand, Prue approached his superiors with a solid business case. Let workers for the Canadian vacuum cleaner maker take advantage of increasingly common high-speed connections to the ‘Net – cable modems, digital subscriber line and the like – to get real work done at home. Oh, and by the way, we can save a heap on the 800 number dial-up remote access services folks were using to access the corporate LAN, Prue pointed out.
The initial goal was pretty straightforward. “What was being looked for was the simple ability to do anything we could do via dial-up but over the Internet,” Prue explains. He points specifically to accessing the company’s Microsoft Exchange e-mail servers and transferring files back and forth with Fantom’s Windows NT servers.
With such compelling logic and his own experience behind him, Prue got the go-ahead. Now it was time to do the research. After poking around a bit, Prue decided to check out his existing firewall vendor, Secure Computing, which slid Fantom some new VPN gear to experiment with.
Prue basically liked what he saw, especially the way the Secure offering worked with his existing SecureZone 2.0 firewall, which now serves as the basis of one of two different VPN approaches.
Just the basics
For people with fairly simple needs, Prue crafted a fairly simple solution. These employees simply tunnel through the firewall into the Fantom LAN using the Point-to-Point Tunneling Protocol (PPTP) that is built into Microsoft Proxy Server 2.0, a tool that is bundled with Microsoft BackOffice and also available separately.
Those who have lower-end machines and lower-end needs should not feel too slighted. With the home-grown PPTP package, users can access what they need. With the strong encryption, Prue knows their data is not likely to be compromised.
This strictly software-centric approach required no changes to the firewall, Prue says. For people with more rigorous requirements, Prue crafted a much higher-end system. These users are equipped with SecureClient software that, with the firewall’s permission, gives them access to sensitive corporate data. The key to this approach is defining who can get to what. By using smart cards, the users can be posi-tively identified. And the smart cards make the system that much more secure.
But not everyone is the same, or deserves the same access. Fortunately, the Secure Firewall lets Fantom managers define rules, based on each user’s account, that dictate what network resources each person can access over the VPN.
Like many of today’s VPN shops, Fantom is starting small. Only about five to eight people currently tap into the LAN this way. But the company has some big ideas, and hopes that this technology will eventually serve as the basis of an extranet that will give salespeople on the road, as well as business partners, customers and suppliers, secure and defined access to Fantom network resources.
Not all technologies truly change peoples’ lives, but VPNs can and do. “VPN technology has allowed for a more blended lifestyle so you can spend time at home with the family but still be in touch with the corporate LAN within minutes compared to dial-up.”
Ultimately, this approach could be liberating for employees and for the corporation, which can hang onto workers. “[VPNs] allow businesses to more effectively manage and employ telecommuters. I can easily see not having to leave home when the bandwidth totally allows us to do any kind of work,” Prue says.
VPNs are new, which may be why they are not perfect. The Secure client has proven to be easy to use, if occasionally flaky. And the company is currently experiencing about 75% uptime with the system, which is actually good compared to its old remote access services approach, and acceptable for the type of casual use the system is currently experiencing. But this is not yet a system that Fantom would trust for mission-critical use.
In the near term, Fantom can look forward to more dial-up. “Based on routing all the dial-up traffic over to VPN use, we should start seeing cost reductions in the neighborhood of $750 to $1,050 monthly on the 800 circuit utilization,” Prue says.
So what else might be on the agenda? One thing Prue is eyeing is offering access to SAP client software over the VPN.
“I definitely feel that VPN/extranet technologies will steer us toward more direct business-to-business communications and will eliminate some of the value-added networks that are currently used,” Prue says.
Prue has advice for those interested in following in his tracks. “Carefully assess your needs. Will a hardware solution better suit what you are trying to accomplish or will a software-only solution suffice?” Prue says.
Overall, end users are happy, and IS is generally pleased. “There have been a few bumps in the road as to getting the system tuned and operating correctly, but that’s to be expected with any new technology.”