An increasing number of organisations are using VPNs to connect branch offices, telecommuting workers, business partners, and other users to the corporate network. A superior alternative to long-distance dial-in, leased-line, or Frame Relay connections, VPNs can be used to securely carry information at a fraction of the cost.
These cost savings are the catalyst driving IT managers and administrators to develop end-to-end secure VPN solutions for their organisations. Specifically, these professionals are asking the question, "VPN appliance or VPN server, which solution provides the greatest cost benefit?" Here is a look at those options and a third: managed service providers.

There are two different flavours of VPN appliances: stand-alone VPN appliances and integrated VPN appliances such as VPN-enabled firewalls and routers. With the integrated VPN appliance, we find our first and possibly most important cost benefit. Currently, deployed hardware firewalls such as the Cisco PIX, Nokia Checkpoint Firewall, and Watchguard Firebox include optional VPN capabilities out of the box.

Virtually all routers, including Cisco's access and modular routers, also include VPN support. The cost associated with this solution is often included in the firewall or router. Getting VPN services going in this scenario often means making just a few configuration changes in the firewall or router itself. Since a discussion on VPNs falls within a comprehensive network security policy, the ability to have an integrated VPN appliance can save thousands in simplified security policy administration, particularly in environments where multiple firewalls, routers, and VPN gateways are required.

Stand-alone VPN appliances, some referred to as VPN concentrators, primarily find a place in organisations where simultaneous VPN connections need to number in the thousands. They provide high availability, high performance, and scalability that is unmatched by any integrated appliance or VPN server. The increase in reliability, capacity, and throughput is not without its costs, however. Expect to pay several times more for an enterprise level VPN concentrator with these capabilities.

So far, we have heard how integrated VPN appliances offer impressive cost benefits. From this, it would seem the question of whether to choose a VPN appliance or build a VPN server would be a rather simple one to answer. To determine if this scenario is true, let's take a closer look at the option of building and using a VPN server(s) for secure Internet communications.
Microsoft, Novell, UNIX, AS400, and Linux are all capable of providing VPN services (granted, some better than others). Chances are one of these common operating systems is being used within the organisation. This can be a tremendous cost benefit to organisations that do not have an existing firewall or router with VPN capabilities.

The integration of VPN services into the operating system means that IT professionals who work with these operating systems are already familiar with how to navigate these systems and do not have to worry about learning a new product. Since most VPN appliances do not integrate well with existing networks, using servers for VPN services often means greater integration with the network, particularly in the area of authentication. Microsoft-centric organisations can take advantage of the seamless integration Windows 2000 and possibly ISA Server has to offer when creating VPNs in conjunction with Active Directory, certificates, and smart cards.

Client computers or sites that run current Microsoft operating systems will not encounter proprietary VPN issues or require an install of separate VPN client software. Here's where the cost benefits of using a VPN server stop. The issues of security, reliability, and cost stand out when evaluating a server-based VPN solution. There should be no surprise that a hardware-based VPN solution brings a greater degree of reliability and security than one built around a server operating system such as Microsoft. The same is true in the case of firewalls and routers.
The cost associated with maintaining security patches and basic server administration add up on a monthly basis. Additionally, the cost of building a VPN server solution can run in excess of $2,500 once the costs of hardware and software are added (although Linux does offer some exceptions).

Traditionally, VPN solutions could be categorised in one of only two areas: VPN appliances or VPN servers. The introduction of managed service providers has created a third possible solution.
Well-known vendors such as WorldCom, Quest, and AT&T are now offering regional, nation-wide, and even international managed VPN services. This service allows companies to have an enterprise-wide VPN solution without a heavy investment in infrastructure or personnel.

Most managed VPN providers will monitor your organisation's VPN connections 24/7 to ensure they are available at the times when your remote users may need it most. Pricing varies but generally starts around $200 per month, per location and often includes managed firewall services and service level agreements as well.

VPNs are permitting organisations to establish secure, end-to-end, private network connections over the Internet while reducing communication costs. Implementing and maintaining VPNs requires choosing the right solution and an in-depth understanding of public network security issues. Whether you are looking at a VPN appliance, server, or managed service provider, performing proper cost/benefit analyses can be the most important step in a successful VPN solution.

Whilst the Managed Option is a smooth option it takes money. Most companies today are using existing staff to handle these operations for them. The outsorcing cost is an additional overhead that an average administrator's workload should be able to accommodate.
The managing of such appliances cost less than the management of an entire Server.