Industrial VPNs or `Enterprise VPNs’ can be defined as a system-of-systems concept that enables the large-scale secure and managed interconnectivity of geographically broadcast devices within a private network.This is done by interconnecting standard IP links over Multiprotocol Label Switching (MPLS), to form Virtual Private Network (VPN) tunnels for transporting data packets across a random distance using public or shared infrastructures. Industrial VPNs tend to have different requirements in terms of scalability, security, and manageability attributes. It is not unusual for commercial VPN products to be used in industrial settings.This article will discuss the main differences between commercial and industrial VPN systems, their characteristics, and applications based on product evaluations from different sources. Telecom companies with an existing large installed base of enterprise customers.Compared to traditional methods, MPLS-based Virtual Private Networks offer some advantages:
MPLS VPN A MPLS VPN provides the capability of transporting data between sites over unalike infrastructure. This is achieved by interconnecting sites via some basic network independent of the underlying access technologies, enabling them to be connected together while co-existing with legacy access networks. MPLS transport tunnels can be used to carry Ethernet and TDM based services: Ethernet Virtual Circuits (EVCs) and Time Division Multiplexing (TDM) Virtual Circuits (VCCs); this is basically similar to using Ethernet and TDM as Service Layer protocols in an IP/MPLS network. Commercial VPN products are designed with performance, scalability, and service upgrade in mind while Industrial VPNs are more concerned about availability and security at any cost, often sacrificing performance for assurance that packets will not get lost or misrouted. The two main differences between these products are related to the way they manage key cryptography and the way they implement Multiprotocol Label Switching.
ProtectNet Secure Communications ProtectNet Secure Communications Platform is based on a single encryption mechanism that relies on RSA public-key cryptographic keys that do not depend on certificates. Both peers must possess symmetric-key cryptographic keys which can be used to encrypt messages exchanged during the session negotiation phase.This approach is inherently insecure due to its reliance on pre-shared secret keys not corresponding to any digital certificate; the only advantage is that it is easier to configure. PNSCP-controlled connections do not use MPLS labels, so this product cannot interoperate with traditional MPLS core networks without additional encapsulation procedures.
IPSecVPN technology uses a set of cryptographic algorithms for protecting IP packets over public or private networks such as the Internet and can be combined with various other security mechanisms through its generic IKE key management protocol. IPSec was originally developed by the Internet Engineering Task Force (IETF) as a standard network layer security feature for IPv4 and has been ported to IPv6 which lacks its built-in support for encryption protection using cryptography tools equivalent to those found in IPv4’s IPSec functionality; many companies have created their IPSec-based VPN products with proprietary implementations of authentication and encryption algorithms.
Commercial VPNs These commercial VPNs are considered outdated due to their use of insecure cryptographic technology, lack of scalability and integration which makes them unsuitable for large-scale industrial deployments; the cryptography architecture has not evolved much since the original IPSec specifications, which were published in 1998. Most used commercial VPNs are listed at vpntesting.com
Industrial VPNs Industrial VPNs are often based on customized cryptographic key management systems that provide high assurance through the deletion of proven insecure components such as digital certificates or Certificate Authorities (CAs), combined with manual configuration procedures that help secure device communications using stream code similar to those used by military radio stations to send messages over radio channels. The main drawback of these technologies is that integration between platforms becomes very complicated when devices rely on different cryptographic primitives. It is not easy to use AES-GCM in conjunction with AES-CBC or vice versa because both algorithms require separate hardware implementations which can increase cost and power consumption.
Use cases for Industrial VPNs include connecting geographically distant gateways residing in private networks using long-distance connections such as 4G LTE cellular communications combined with Public Key Infrastructure protocols used by carriers for authenticating subscribers so they can connect specific BNG boxes using credentials stored in certificate repositories managed by carrier’s security administrators.