Apr 20 2011
Mobility

Designing Mobile VPNs

Consider these steps to gain ease of use and sustainability without re-authentication.
by

Monte Hogan is a network security officer for the Oregon State Police. He has more than 15 years of IT and security experience.

To a certain extent, virtual private networks have always been fairly straightforward. Packets are encapsulated, placed in a particular VPN protocol, then transmitted and finally de-encapsulated on the receiving end.

The client is almost always stationary; therefore, the network it is connected to does not change. Once a VPN tunnel is established, it requires continuous maintenance of a single network connection. If altered, the tunnel will collapse -- thus the need for a mobile VPN.

Mobile VPNs differ from the traditional VPNs that most administrators are used to working with. That's because mobile VPNs are designed around virtual IP addresses, which allow users to stay connected to established remote application sessions even while roaming among different wired and wireless networks. 

This provides numerous benefits that traditional VPNs can't provide when the network connection changes. The most important are that users don't have to re-authenticate when roaming the network, nor do they experience a loss of authentication that crashes applications.

There are several other advantages to having a mobile VPN, but all rely on the design and sustainability of the back-end gateway systems that support mobile users. Consider the following suggestions when designing and implementing a mobile VPN network to deliver the high quality of service that users expect:

  • Boost the back-end processing power.
    The gateway design for a mobile VPN must take into account the number of clients that will be accessing it. Estimate the number of users and the number of concurrent connections supported to ensure that the required level of simultaneous authentications and connections can be handled properly. If you build a lightweight gateway, quality of service will suffer.
  • Build in redundancy.
    The need for reliability cannot be overemphasized. Dependability for law enforcement officers in the field is critical, and you must design the network with this in mind. Include multiple redundant gateways at separate locations that can take over if one or the other fails.
  • Choose the right coverage.
    It's critical to select the right wireless carrier. When choosing a service provider, decide what area mobile VPN users will be traversing: citywide, countywide or statewide.

Selecting the right wireless vendor is extremely important. The quality of coverage can vary from provider to provider, especially for statewide access. Here are some key questions to ask service providers:

  • What types of connectivity does the carrier currently offer: 3G? 4G? Long Term Evolution?
  • What service does the carrier plan to offer in the future?
  • Does the carrier offer any package options, such as 3G/Wi-Fi?

Coverage has a huge impact on the end-user experience. Many problems that users encounter are caused by not being able to connect to the Internet simply because they're located in a poor coverage area.

Finally, keep in mind that technology is always evolving. Consider hardware that has upgradeable features to accommodate future wireless technology.

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now