Virtual Private Network, or VPN as it is commonly referred to, is being used by businesses for their remote employees and far flung office locations.
It is very common for most companies, large and small, to have an “Intranet”. An intranet is a secure network within the business for use by employees to share ideas and work together.
They are also used by company leaders to inform employees of company-wide issues, as well as contacting and sharing ideas with individual employees. In a nutshell, VPN uses encryption and tunneling to connect users securely to the corporate network (remote access), connect branch offices (intranet) and finally to include partners, suppliers and customers securely to the corporate network, thereby creating what could be called an extranet. VPN is based on tunneling. I like to think of it as a wormhole, others describe it as a packet within a packet, comparing it to a package within a delivery vehicle.
While the packet is on the public internet it is encrypted by use of the outer packet. When the packet reaches its destination, the private network, VPN creates a secure “handshake” with the outer packet for identification purposes. Once the packet has been verified the outer packet will reveal the inner packet to the company’s intranet. The description of VPN above is meant as a basic understanding of the technology. Let’s go a bit further. You have just moved from an urban environment to a rural one.
In the city and suburbs you had DSL or Cable service from your Telco or cable company, and your VPN worked just fine and you didn’t give it a second thought. Now that you are in rural America you have discovered the only broadband solution for you is satellite internet. The question now becomes “can I use VPN with satellite internet?” There is no clear cut answer to this question. Understand two things: VPN and satellite technologies were simply not designed to work together and satellite high speed internet providers such as WildBlue Corporation, do not support VPN. WildBlue high speed satellite internet provider and others recommend against the use of VPN with your satellite service. VPNs require high speed bandwidth with low latency to function at its best.
Satellite internet services inherently have high latency built in. This is due to having to send the packet from your computer to the satellite, from the satellite to a terrestrial Network Operations Center, back to the satellite and finally back to you. Another issue is upstream speed. Satellite high speed internet generally has low upstream speed, unlike its high downstream speed. At times upload speeds for satellite are comparable to dial-up internet services. Other issues come into play when attempting to run VPN services over a satellite high speed internet service. There are at least two security protocols being used. One of these is SSL (Secure Socket Layer) and the other is IPSec (IPSecurity). SSL is the simpler, but not necessarily the better of the two. With SSL you have a public and a private key to encrypt and decipher.
The sender uses a public key (digital) to encrypt information and the receiver uses the private key to decipher it. Basically it is a “handshake” that authenticates the server and the client. The other method used for security is IPSec. It has been implemented to support secure exchanges of packets at the IP layer. IPSec is widely used by VPN’s IPSec supports two encryption modes, Transport and Tunnel. Transport mode encrypts only the payload of cache packets, but does nothing to the header. The more secure Tunnel mode encrypts both the header and the payload. When the packet is received, an IPSec Compliant device decrypts each packet.
For IPSec to work, the sending and receiving devices must share a public key. Bottom Line: If you need per-user, per application access control you will most likely go with SSL. If you need to give trusted user groups access to entire private servers and subnets, IPSec is the way to go. Most VPN’s are IPSec, which tends to slow your access via satellite by 50-75%. THAT is a very big hit, but mostly unavoidable due to the technologies involved.
Satellite broadband internet providers like WildBlue, also understand that the Network Administrator can have a huge effect on the efficiency of VPNs. Obviously this is something that the satellite internet provider has no control over. SSL-based VPNs use a standard browser, rather than having to install client software. However, IPSec does install client software, which enhances the VPN experience but the tweaking of which can cause a myriad of problems for satellite broadband internet connections and their providers.
So…here we are, back at the beginning. If you use VPN for uploading and downloading files it will work better than if you use VPN for live server data editing. This is due to the multiple variables of VPN type, what is being done with the VPN, and how the IT department tweaks the VPN. All of these variables control how VPN will perform over WildBlue and is also why we are not able to support VPN. WildBlue high speed satellite internet service can and will allow you to use VPN, but be aware of all of the variables mentioned that can and will affect the performance of VPN over satellite broadband internet service. We have customers that are very happy with VPN over WildBlue, and at the same time we have some customers that have reported poor performance. We are providing this information so that you can make the best choice for your particular situation.