[Sussex] VPN attitudes

Paul Graydon paul at paulgraydon.co.uk
Mon Aug 28 19:58:55 UTC 2006


Andy Smith wrote:
> On Sun, Aug 27, 2006 at 03:48:39PM +0100, Nic James Ferrier wrote:
>   
>> Andy Smith <andy at lug.org.uk> writes:
>>     
>>>> Could you build an important enterprise tool (like an email system)
>>>> based on a VPN?
>>>>         
>>> Most enterprises already make use of VPNs.  I don't know whether
>>> your question means "could you, Andy Smith, set up this particular
>>> service?" or if it means "could enterprises in general put their
>>> essential services out on the Internet and connect to them via VPN?"
>>>       
>> I meant "what is the attitude of your company to using an important
>> enterprise tool (like an email system) with access over a VPN?"
>>
>> In other words, could you, practicably, sign up your company to an
>> email service (say) over a VPN and they (your cpmpany) wouldn't barf.
>>     
>
> No, as our office email system is something we want to manage
> in-house.  Your question appears to be more about outsourcing and
> not about VPNs.  We use VPNs to our remote sites and to some
> customers and suppliers.  Whether to outsource is about the service,
> the supplier, the SLA, etc etc and not the VPN technology used.
>
> Cheers,
> Andy
I work for a major UK business focussed ISP as part of their NOC team.  
We offer out to customers the usual ISP packages, and also hosting 
options, either shared hosting, or a customer can choose to have their 
own servers by going down the managed or co location route.  We have 
extensive business down the latter two routes, rack space in the large 
data centres always appears to be in demand for various reasons, like 
availability, latency and simplicity.  A good number of those hosted 
servers have VPNs set-up on them, and it seems its usually dealt with 
through the firewall.  Its quite common for us to do a remote hands 
operation on a colo, or investigate an issue on a managed server and see 
that its running Exchange, Exim or the like, and when logging in to the 
firewall seeing that customers are running a VPN'd e-mail system.
There are advantages and disadvantages to the various solutions we 
provide, as with anything.. Managed / Co-Lo still allows a customer to 
manage their mail server 'in house' (through RDP/SSH), whilst retaining 
the advantages of our infrastructure and hosting environment.   
Personally I think a number of our customers are wasting money with 
their decision to have certain servers hosted in our data centres, 
albeit I'm not privy to their financial records or sensitive data on 
their servers, and can only judge from what I've seen when 
troubleshooting, it strikes me that for the mail server to be down for a 
short period of time is not going to seriously disadvantage their 
business model if all its being used for is minor business queries, 
they'd be better off with something like an "SMTP store and forward" 
type of solution in place.
Personally I wouldn't go for an ISP run VPN e-mail solution except 
through managed or colo where I was able to manage the server and the 
software myself..  To be honest, unless I really felt uncertain about 
setting up and managing a VPN system I'd favour colo over managed for 
that end of things, just for ease and speed of administration.

Paul





More information about the Sussex mailing list