5. VPN Firewall Switch or other hardware (Netgear investigated)
A. Final Assessment
Not suitable for most Amazing Chart users due to performance issues using MSAccess over the WAN.
B. General Description
For a general overview of Virtual Private Network (VPN), please see:
http://www.practicallynetworked.com/support/VPN_help.htmSeveral vendors offer hardware based VPN solutions. This allows a remote client to connect back to the office as if they are still in the office. A high end gigabit switch offering from Netgear for a small office would be:
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS336G.aspxThe PDF data sheet can be found here:
http://www.netgear.com/upload/product/fvs336g/enus_ds_fvs336g_10jan08.pdfThis model is $264.29 from Newegg.com (now out of stock) or $296.99 from buy.com (in stock).
A slightly lower end offering, with lower processor speed and memory would be:
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS124G.aspxThe PDF data sheet can be found here:
http://www.netgear.com/upload/product/fvs124g/enus_ds_fvs124g_06dec06.pdfThis model is $144.99 from newegg.com (now out of stock) or $157.99 from buy.com (in stock)
C. Cost
Additional licenses are required for the VPN software. A single license is included with FVS336G model. For a 5 user license VPN05L at buy.com, it is listed at $142.99. If you wanted a single license VPN01L, then buy.com lists this at $48.99. Certificates for each user could be $20 each if purchased from Verisign.
D. Speed – PENDING
impact on client computer? Impact on remote computer?
Measured login time till in amazing charts?
Measured time to compact and maintain databases once successful login?
Time to open patient past encounter?
E. Ease of setup – RATING: Not for faint of heart.
A non-IT person would have difficulty setting up VPN in their office. Just knowing what to buy, configure and deploy takes a lot of research. Read this for a primer:
http://www.networkworld.com/community/node/23362Creating and importing a certificate from a granting certificate authority is required.
http://www.remoteidentification.com/en/digital_certificate.htmVerisign is the leading certificate authority (and also the most expensive).
http://www.verisign.com/authentication/individual-authentication/digital-id/index.htmlHowever, there are options for free certificates as is explained here:
http://blogs.techrepublic.com.com/networking/?p=298and
http://www.startssl.com/F. Security –
The security of VPN all depends on the configuration. Properly configured they are extremely secure. Top area to avoid is using a pre-shared key. Rather, you should rely on a certificate authority
http://www.networkworld.com/community/node/22580Point to Point Tunnelling Protocol (PPTP) VPN such as used by Microsoft is considered not as robust as IPsec and SSL VPN and is not recommended. However, even the higher level IPsec are vulnerable with improper configuration. VPN hacking/cracking 'how-to' guides and tools are readily available on the Internet:
www.ernw.de/download/pskattack.pdfhttp://ikecrack.sourceforge.net/The availability of these 'how to' guides and tools means, of course, that even the relatively unskilled hacker/cracker can compromise a poorly designed IPsec VPN.
G. Key Features –
Once authenticated, you work as if you were in the office, double clicking on the same icons and the same procedures. However, as Amazing Charts is an MSAccess database, AC does not work well with VPN as performances is seriously degraded. This poor performance is due to moving the database records across a wide area network (the internet). MSAccess works well on local area networks but not wide area networks. For more information on why MSAccess does not perform well on a WAN, please see this link:
http://members.shaw.ca/AlbertKallal/Wan/Wans.htmlWith VPN, you can certainly move files and perform backup and other maintenance.
H. Scalability –
The scalability depends on how much money you spend on the VPN firewall hardware itself. Prices go up from $100 to thousands for Cisco. Large corporations rely on VPN for their remote access requirements. VPN is the preferred method as it doesn’t open ports from the internet
