Firewall Wizards mailing list archives
Re: Extranet vs. VPN (was: Non-IPsec VPN products)
From: marcvh () aventail com
Date: Fri, 24 Aug 2001 11:00:51 -0700
Crispin Cowan sed:
So what's the difference between "extranet" and "VPN"? I always thought of "extranet" as "VPN to my remote locations" which is only barely distinguishable (at a technical/product level) from "VPN to my corporate partners." The distinction appears to be what you use your VPN for, but the product remains the same. So what is the difference (in your terms) between an extranet and a VPN?
I agree that there's considerable overlap in the capabilities of VPNs and Extranets, as well as the tools that can be used to build both. I've seen them defined as "your intranet extended beyond the boundaries of your company" but I tend to prefer examples to definitions. Let's see. Suppose I'm a company and I have a corporate database which is accessed by my employees sitting in our headquarters using an application. Suppose I want some employees from a branch office to be able to use that same application to access the database, so I set up an encrypted tunnel connecting their LAN to the headquarters LAN. That's clearly a VPN. Suppose I also want remote employees (telecommuters, say) to be able to use this application via their existing ISPs, so I set up some sort of network-based dial-in. That's remote access, and I'd call it a type of VPN service. Suppose I want to let employees access this database without needing to use the application, so I build a web server which front-ends some of the database. That's one type of intranet service. Suppose I decide I want to open that web server up, so that not just employees but customers, suppliers, resellers, etc. can access part of the database. That's one type of extranet service. Some practical differences between VPNs and Extranets are in the area of requirements... In a VPN, you often can exert a lot of control over the environment of your users. If you want, you can tell them they must use Win2K, they must use a specific version of Outlook Express, they must not use a router that does NAT, they must disable their ability to use other network resources while connected to you, etc. In an extranet such restrictions may not be practical. In a VPN, users generally expect high transparancy; they want their VPN'd use of the network to work exactly the same way things work when they are sitting at their desk on the LAN. In an extranet, the users likely don't have these expectations (because they don't have a desk on your LAN.) Anyway, don't know how much this helps; I'm sure other people see the same thing a little differently. -- Marc VanHeyningen marcvh () aventail com Internet Security Architect Aventail http://www.aventail.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Non-IPsec VPN products Ng Pheng Siong (Aug 20)
- Re: Non-IPsec VPN products Patrick Darden (Aug 20)
- Re: Non-IPsec VPN products Tina Bird (Aug 22)
- Re: Non-IPsec VPN products Carson Gaspar (Aug 22)
- <Possible follow-ups>
- RE: Non-IPsec VPN products Crispin Harris (Aug 22)
- Non-IPsec VPN products marcvh (Aug 22)
- Re: Non-IPsec VPN products Joseph S D Yao (Aug 23)
- Extranet vs. VPN (was: Non-IPsec VPN products) Crispin Cowan (Aug 24)
- Re: Extranet vs. VPN (was: Non-IPsec VPN products) marcvh (Aug 26)
- Re: Non-IPsec VPN products Patrick Darden (Aug 20)