An OS–based VPN is convenient because remote servers may be referred to by their assigned Internet Protocol (IP) addresses rather than use network address translation (NAT). This avoids problems inherent in connecting to servers behind a many-to-one NAT configuration. There are several ways to install a VPN using computers running commercial OSs. Configuration of a VPN connection from a client computer can be accomplished using a variety of OSs, including Windows, Linux, and UNIX.

A VPN is a hardware and software solution for remote workers, providing users with a data-encrypted gateway through a firewall and into a corporate network. VPNs were once practical only for large businesses. Today, however, most businesses—large and small—can afford the technology. VPNs are becoming increasingly popular in the small to midsized business market. VPNs are ideal for companies with telecommuters, satellite offices, or employees who travel and need to connect to the corporate network via the Internet. If used properly, VPNs block hackers from attempting to access your network to steal sensitive data.

As a data-encrypted tunnel over the Internet, a VPN can offer a robust and secure Internet connection for the organization. It can also be an inexpensive alternative to a dedicated leased line. How do you know if your organization needs a VPN? Here are some key factors you should consider before deciding to use a VPN:

• Does the organization send or receive sensitive data? For most businesses, the answer is probably yes. Most companies have customer information and records, financial records, and proprietary information within internal networks that merit protection.
• Does your organization employ telecommuters, traveling employees, or other remote workers? If so, a VPN can provide two main advantages: It can offer secure network access to employees away from the office, traveling or working off-site, and it can extend the corporate network to them, enabling them to remain productive outside your office.
• Does your company already use Secure Sockets Layer (SSL)/Transport Layer Security (TLS)–encrypted Internet pages? Some companies using Microsoft Exchange servers for email, for example, may already have the encryption protection necessary for remote workers—at least for accessing their email (via Outlook on the web). In this case, the VPN is a built-in feature of the OS. Businesses without sensitive information can use OS–based VPNs and web-based alternatives to a VPN for authentication and encryption, although these may be less secure.
• Does your organization have more than a few employees? A hardware VPN may be more difficult to manage for a company with fewer than five employees. Software- or cloud-based alternatives might work better for such an environment if such expertise is not available in-house.

Suppose you have considered these issues and concluded that your organization does need a VPN. In this case, here are six further important factors to consider:

1. Consider the difference between a VPN based on customer premise equipment (CPE) and one based on an OS. A CPE solution represents the majority of VPNs on the market and is commonly referred to as a VPN appliance. This solution is easy to set up, manage, and maintain. Windows Server 2019 Network Access is an example of an operating system–based VPN. If you have a server running Windows Server 2019, you can install the Network Policy and Access Services (NPAS) role and configure the server as a VPN server. This requires some expertise with Windows Server 2019 and can be a little more challenging than a CPE solution. However, the OS-based VPN can be cheaper and easier to manage than a CPE.
2. Should you install the VPN yourself or use a managed service? Any competent IT staff can probably install leading commercial products from vendors such as Cisco or SonicWall. Although the do-it-yourself (DIY) approach provides more control over setup and usage, installing a VPN incorrectly can inadvertently open a security hole in your organization’s network. In addition, the administration and management of a VPN in-house can sometimes be complicated. Telecommunications companies including Qwest, Verizon, and BellSouth, as well as several Internet service providers, offer managed security solutions that can save you time and money.
3. Do you have a firewall? A VPN cannot replace a firewall. Some administrators tend to use a VPN instead of a firewall, which is not a smart choice. The purposes of a VPN are to create an encrypted tunnel or gateway through your network’s firewall and to keep out hackers. The VPN encrypts the pieces of data, but the firewall still protects the internal network from outside threats. A VPN without a firewall is not secure.
4. Do you have an OS-based VPN? Regardless of the strategy you end up using, make sure you have an IPSec (Internet Protocol Security)–compliant OS. IPSec is a VPN-supporting technology included in Windows XP through Windows 10 and Windows Server 2008 R2 through Windows Server 2019. Used with compatible VPNs, IPSec guarantees the authenticity, integrity, and confidentiality of network traffic. Interoperability with a VPN may be an issue with Macs or some variants of UNIX or Linux. If you decide to buy a VPN, make sure it is compatible with the organization’s OS.
5. Do you have a wireless local area network (WLAN)? The VPN should operate securely with it. A VPN can enhance the capabilities of a WLAN, but improperly layering a VPN on a wireless network can result in security holes. One method places the WLAN outside the firewall, hosting the VPN behind the firewall to ensure security. Otherwise, wireless network traffic can access systems behind the firewall, canceling the benefits of the VPN. Many organizations use layered firewalls so that the wireless network is protected from the outside while restricting access to the inside. In essence, the WLAN operates in what is called a demilitarized zone (DMZ).
6. Can your organization tolerate a potential decrease in network performance? A VPN may cause a performance lag for internal users accessing the Internet. This happens when 10 to 15 percent of the Internet bandwidth serves as security overhead. VPNs are great for setting up a secure connection, but they can take a measurable toll on connection speed. The tradeoff is that VPNs are worthwhile investments for providing a secure connection for remote and traveling workers.