What Is a VPN?

If we break down the term virtual private network into its individual components, we could say that a network allows connectivity between two devices. Those two devices could be computers on the same local-area network or could be connected over a wide-area network. In either case, a network is providing the basic connectivity between the two. The word virtual in VPN refers to a logical connection between the two devices. For example, one user may be connected to the Internet in Raleigh, North Carolina, and another user may be connected to the Internet in New York, and we could build a logical network, or virtual network, between the two devices using the Internet as our transport mechanism. The letter P in VPN refers to private. The virtual network we could create between our two users in Raleigh and New York would be private between those two parties. So, there are the basics for VPN, a virtual private network.

Unfortunately, if we did have a VPN established between two devices over the Internet, what would prevent an individual who had access to the packets from eavesdropping on the conversation? The answer is not much, by default. So, in addition to most VPNs, we add the ingredients of confidentiality and data integrity so that anyone who is eavesdropping cannot make sense of the data because it is encrypted, and they do not have the keys required to decrypt or unlock the data to see what the data actually is. The confidentiality provided by the encryption could also represent the P in VPNs. We also use integrity checking to make sure that our VPN is correctly seeing the packets as they were sent from the other side of the VPN and that they are not being altered or manipulated maliciously along the path.

Using the example of the user in New York and Raleigh, why would we ever want to use a VPN between the two? We do have other options for connectivity. We could purchase each user a dedicated WAN connection from New York to Raleigh. Each user could connect to his local side and communicate with each other over the dedicated link. One of the obvious problems with this is cost. It is much cheaper to connect the user to the Internet through a local service provider than to purchase a dedicated circuit that goes to only one other destination.

Another benefit of using a VPN is scalability. If 10 or 20 more new users need to connect to the corporate headquarters, we can provide users access to the Internet via their local service providers (digital subscriber line [DSL], cable modem, and so on). Leveraging the single Internet connection from the headquarters site, we could then simply build logical VPNs using the Internet for the connectivity.