So on Monday, I covered the difference between Intranets (there are many thousands) and the Internet (of which there is only one – no Highlander jokes). And, if you read that topic, you’d know I ended it with a parting note about VPN, and how it can connect one from outside to inside.
“Wait, JR. Does that mean you’re about to show me how I can in two places at once…digitally speaking?”
Yes. That’s exactly what I’m going to talk to you about today.
NOTE: Today’s discussion uses the word “company” a lot, even though intranets and VPN connectivity is not solely the purview of businesses. This topic can apply to any private network, be it a charity, or even your home network (which is almost always a type of intranet, whether you meant to or not). The use of the term “company” is to represent all these circumstances for today’s discussion.
VPN – Virtual Private Network
So last Monday’s post alluded to a certain type of privacy – network privacy. People on the outside could not connect, or even SEE the intranet on the inside of a company. So that means an intranet is a network that private for that company or organization. It’s not meant to be accessible to anybody who types in a URL into a web browser.
But what if you can’t be at work? Perhaps you’re snowed in. Perhaps you’re on a working holiday. Perhaps you’re on a business trip to some conference and you have your laptop. Whatever the reason, you need to connect to your company’s intranet while not actually being at your company. How might one connect when you can’t even get to the network you need?
The answer: VPN, or Virtual Private Network
VPN is used to create a virtual (as opposed to actual) private connection. In other words, it simulates actually being connected to your company’s network, even though you aren’t.
Does this mean you’re suddenly transported, a la Star Trek, to your company? No, of course, not. We’re not at that level of technology, yet (dammit). But your computer thinks that you have.
So, you’re now at your home, or your hotel, or poolside at some swanky beach resort….AND you’re connected to your company’s network back in the 7th Circle of Hell (or Cloud 9, if you have a kick-ass job). Thus, you are virtually in two places at once. Neat, huh?
JR, How does this work?
Well, there are several methods with which this is accomplished. I won’t go into all of the overly technical details on it, but the basic concept comes down to one word: tunneling.
What all these methods do is create a sort of tunnel, created by encryption. It’s a two-end tunnel – one end at your laptop, the other end at your company. The “walls” of the tunnel are built and fortified with very strong encryption.
So, Why Couldn't I Just Create A VPN to Anything?
Because, even though it’s virtual, a tunnel still needs to be built – just like any physical structure. And like any structure, one needs tools to build it properly. Otherwise, it will all just fall down – if it ever gets upright in the first place. And, as any carpenter will tell you, there are almost always multiple versions of a tool, with some working better than others, and some are specialized for a specific job.
So we need tools to build our tunnel, and there are many to pick from; from the built-in functionality of Windows (which requires a specific configuration of Windows Server on the company side), to Palo Alto’s Net Connect to Cisco’s VPN Client software (both of which also require complementing server configurations).
We also need encryption keys, usually four: two to encrypt and two to decrypt. Once everything is set up, each side (your laptop and the company’s server) each has a pair. One key encrypts the traffic, and the other decrypts it for use. These keys are created and handled by the software I was mentioning in the previous paragraph. The whole package, then, is the tool bag that creates the tunnel.
So that’s why I can’t see my company’s intranet from home? Because I don’t have the right tool bag?
In essence, yes. Without the right tools, the correct tunnel cannot be built, and you’re out of luck for now. If you’re interested in getting the right tools, see your company’s network administrator or helpdesk – they will know how to set it up for you (though, be warned that you may be restricted to using company laptops only, or have to be granted specific access to use it).So that’s all I need? A laptop, and the software my company’s IT gave to me?
Uh…not quite. There is one more tool that’s the required: The Internet.“Wait, what? Didn’t you say that my Intranet and the Internet were two different things?” Yes, but to create a tunnel, you have to have something in which to create it. There is still a signal that needs to be carried; encrypted or not. The Internet carries that signal from your swanky beach resort pool to your company’s server.
Why do I mention this? Only because MANY a helpdesk analyst has been called by somebody who’s home internet is down, but won’t understand why they can’t get access to their intranet from home.
The Internet carries ALL computer signals (and most TV and phone signals) beyond your house; and TO your house. So if there’s no signals coming from or going to your house, then even encrypted/tunneled signals aren’t going, either.
So who do I thank for all this complexity?
Thank your network engineer at your company. Most of you will never meet or even talk to him or her. It’s their job to make sure it works, and it’s there job to make setting all this up on your end as painless as possible.NOTE: I am not a network engineer. Those guys are paid VERY well, and for good reason. I just know enough of the “basic” concepts to pass it along to end users, like most of you reading this blog. Trust me when I say that network engineers earn every penny they make, to make your job easier (and in some cases, to make it possible).
Questions, comments or feedback? Comment below or email me at jackrockblc+blog@gmail.com
No comments:
Post a Comment