If you don't choose to use DirectAccess but opt for Microsoft's older VPN technologies, Windows Server 2008 R2 has a helpful new feature: VPN Reconnect. Just as the name suggests, it will try to connect VPN sessions automatically if they're interrupted by a break in Internet connectivity. This function can be handy for users with spotty Wi-Fi connectivity, since they won't need to manually reconnect with the VPN after they reestablish a network connection.
Another way to add a VPN to your small network is to install VPN server software yourself. The best known of these is OpenVPN, which is open-source. It's available in versions for almost all popular desktop operating systems, including Linux, Mac OS X, and Windows.
If setting up native OpenVPN sounds a little too technical for you or your staff, you can run it as a VMware or Windows Virtual Hard Disk OpenVPN virtual appliance. With this arrangement, you'll have a basic VPN up and running in minutes.
But OpenVPN is far from the only VPN software out there. Other programs worth considering are NeoRouter and Tinc. If you want more than just VPN services and do-it-all network-services software packages, I highly recommend the open-source Vyatta, Core 6.1. Vyatta includes OpenVPN.
If you plan on having more than a dozen or so users on the VPN at one time, though, you'll want to use an inexpensive VPN hardware appliance such as the Juniper Networks SA700 SSL VPN Appliance, the SonicWall Secure Remote Access Series, or the Vyatta 514.
No matter which VPN you use, you'll need to set your firewall to allow VPN traffic. On many routers and firewalls, this task can be as simple as setting VPN passthrough to allow VPN traffic. Typically, your choices will be PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer Two Tunneling Protocol), or SSL (Secure Sockets Layer). Allow only those VPN protocols that you'll be using--after all, when in doubt with firewalls, it's safer to forbid than to permit.
Check your VPN’s documentation to see which ports you’ll need to open. As for SSL VPNs, they typically use port 443, the usual port for SSL-protected Web servers, so that port should already be open.
Naturally, no matter what VPN you're running and regardless of your network setup, a VPN in a small business is likely to limit its users’ speeds. For example, in my own home office, my Charter cable Internet connection gives me a 25-megabits-per-second downlink and a 3-mbps uplink. This means that no matter how fast my remote network connection is when I connect to my OpenVPN server, my maximum throughput will be limited to 3 mbps.
Sign up for Computerworld eNewsletters.