Home Up



A Definition of Virtual Private Networks

  By Roy D. Follendore III

Copyright (c) 1999 RDFollendoreIII


Microsoft Press Dictionary defines a Virtual Private Network as the following.

virtual private network

n. 1. A set of nodes on a public network such as the Internet that communicate among themselves using encryption technology so that their messages are as safe from being intercepted and understood by unauthorized users as if the nodes were connected by private lines. 2. A wide area network formed of permanent virtual circuits (PVCs) on another network, especially a network using technologies such as ATM or frame relay. See also ATM (definition 1), frame relay, PVC. Acronym: VPN.

The application of encryption to produce a private "channel" that can be treated like a network link is not much different from point to point encryption.  This may be the public definition of the VPN concept, and it will always remain but the most minimal definition.  There are many things that this definition does not say.  When I invented the concept of a Virtual Private Network for LAN's and the Internet, I had a much bigger concept in mind.  It would include not only the connectivity but also the controls for establishing the underlying connectivity through a distributed means. 

In my original vision there would be active participation on the part of the users, in a way that keeps the continuity of secure control.  A true VPN is a distributed logical network that securely operates independently of the existing network management controls.  Also, a true VPN may have one or more management control systems that are virtually centralized.  Most importantly, these controls are transparent so that all levels of users have no difficulty in gaining access to the information that they require.   

The underlying systems that are required for a true VPN may represent the potential of both the subset and a potential superset of the Internet.  It is the subset because the connectivity is typically less than the network (though it does not necessarily have to).  But what can be larger than the Internet?  How can it be both?  The answer is that the Internet does not represent the total potential of all of the machines and their LANs.  Intranets for example, are not necessarily available to the Internet because they often contain information that is sensitive or private.  Organizations often choose to deny access to their Intranets to the outside world because of this.




Copyright (c) 2001-2007 RDFollendoreIII All Rights Reserved