[Sussex] VPN attitudes
Paul Graydon
paul at paulgraydon.co.uk
Mon Aug 28 19:58:55 UTC 2006
Andy Smith wrote:
> On Sun, Aug 27, 2006 at 03:48:39PM +0100, Nic James Ferrier wrote:
>
>> Andy Smith <andy at lug.org.uk> writes:
>>
>>>> Could you build an important enterprise tool (like an email system)
>>>> based on a VPN?
>>>>
>>> Most enterprises already make use of VPNs. I don't know whether
>>> your question means "could you, Andy Smith, set up this particular
>>> service?" or if it means "could enterprises in general put their
>>> essential services out on the Internet and connect to them via VPN?"
>>>
>> I meant "what is the attitude of your company to using an important
>> enterprise tool (like an email system) with access over a VPN?"
>>
>> In other words, could you, practicably, sign up your company to an
>> email service (say) over a VPN and they (your cpmpany) wouldn't barf.
>>
>
> No, as our office email system is something we want to manage
> in-house. Your question appears to be more about outsourcing and
> not about VPNs. We use VPNs to our remote sites and to some
> customers and suppliers. Whether to outsource is about the service,
> the supplier, the SLA, etc etc and not the VPN technology used.
>
> Cheers,
> Andy
I work for a major UK business focussed ISP as part of their NOC team.
We offer out to customers the usual ISP packages, and also hosting
options, either shared hosting, or a customer can choose to have their
own servers by going down the managed or co location route. We have
extensive business down the latter two routes, rack space in the large
data centres always appears to be in demand for various reasons, like
availability, latency and simplicity. A good number of those hosted
servers have VPNs set-up on them, and it seems its usually dealt with
through the firewall. Its quite common for us to do a remote hands
operation on a colo, or investigate an issue on a managed server and see
that its running Exchange, Exim or the like, and when logging in to the
firewall seeing that customers are running a VPN'd e-mail system.
There are advantages and disadvantages to the various solutions we
provide, as with anything.. Managed / Co-Lo still allows a customer to
manage their mail server 'in house' (through RDP/SSH), whilst retaining
the advantages of our infrastructure and hosting environment.
Personally I think a number of our customers are wasting money with
their decision to have certain servers hosted in our data centres,
albeit I'm not privy to their financial records or sensitive data on
their servers, and can only judge from what I've seen when
troubleshooting, it strikes me that for the mail server to be down for a
short period of time is not going to seriously disadvantage their
business model if all its being used for is minor business queries,
they'd be better off with something like an "SMTP store and forward"
type of solution in place.
Personally I wouldn't go for an ISP run VPN e-mail solution except
through managed or colo where I was able to manage the server and the
software myself.. To be honest, unless I really felt uncertain about
setting up and managing a VPN system I'd favour colo over managed for
that end of things, just for ease and speed of administration.
Paul
More information about the Sussex
mailing list