Ron Nutter: The best client-side VPN choice

My company has mandated that all remote users connect to the corporate network using a VPN connection. My concern is how best to do it. For users working from home, do we use a software VPN client or put some type of remote VPN hardware at the user’s home? Cost is a concern, so is it viable to use another vendor’s hardware for the remote end of the VPN?

What kind of support will you be able to provide to the remote users? If you go with the software VPN client, be prepared for some issues such as additional software installs not done by you, causing conflicts with the VPN software. A way to address this is to require users working from home to use a company laptop where software can only be installed by IS (sometimes easier said than done). One thing to watch out for is multifunction printers that come with software to use additional features such as scanning, e-mailing, etc. I have run into a couple of these and found that installing just the printer driver and not the extra software let the VPN software continue to work.

Using a hardware-based VPN for the remote end offers additional advantages in that you can remotely administer the VPN box and avoid dealing with remote users’ computers. This also opens up the possibility of doing voice over IP so you can offer the remote user more functionality that was once restricted to their office. Going with a hardware-based VPN also lessens the likelihood that you will have to do much, if anything, to the remote user’s computer.

Going with a mixed-vendor VPN solution vs. one vendor’s VPN solution is something that should be considered carefully. Keep in mind that you will potentially have to put up with some finger-pointing between vendors when there is a problem. Although Vendor B’s equipment may be cheaper than Vendor A’s, you may spend more in support and lost time getting the two to work when there is a problem. Nortel Networks Ltd. is one VPN vendor that is getting the message from customers and producing lower-cost VPN products for remote users/offices, so staying with one vendor for an overall solution may not be as expensive as once thought.

Nutter is a Master Certified Novell Engineer and Microsoft Certified Systems Engineer in the Lexington, Ky. area. Contact him at