VPN over VSAT

virtual private network (VPN) is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network.

VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.

VPNs may serve any network functionality that is found on any network, such as sharing of data and access to network resources, printers, databases, websites, etc. A VPN user typically experiences the central network in a manner that is identical to being connected directly to the central network. VPN technology via the public Internet has replaced the need to requisition and maintain expensive dedicated leased-line telecommunication circuits once typical in wide-area network installations.

A number of critical enterprise software applications such as Citrix, SAP and Oracle work fine over cable LAN systems. There have been problems however when such networks have needed to be inter-work over long distances with remote connections using VPN via satellite, such as in business VSAT applications.

Satellite transmission involves a one-way delay of about quarter of a second.  This in itself is not the problem however; it is the way this delay interacts with TCP/IP protocol.  Long messages are broken into many small packets of data, each packet being sent and acknowledged, thus involving very many individual packet transactions; all for the simple transfer of a single large file.

Traditionally the satellite gateway hub sites and the smaller customer VSAT terminals have incorporated acceleration hardware or software that has grouped up packets into larger chunks and enabled them to be sent more efficiently.  The software has also applies lossless compression to the customer data and text files etc.   This approach does not work if the customer has applied encryption to their data packets as reformatting of the packets and compression is likely to make the encryption system fail.

The figure on the upper right illustrates a solution to the problem, developed by a company called End II End.  The idea is to do the efficient compression of the data right at the customers office.  The VPN tunnel technology automatically tests and learns the characteristics of the transmission path and optimises the packet content and length accordingly. This achieves two customer objectives simultaneously:  The data is now efficiently sent over both terrestrial and satellite links and the data remains private throughout its path en-route.  For me, an advantage of this VPN over satellite solution in that it makes the satellite hub and VSAT less complex, removing any involvement with the content being transmitted. Simple systems that everyone can understand work better in my experience.