91.527 - Human Computer Interaction - Fall 2010

Class project By

Khang Nguyen

Virtual Private Network Design for Remote Access

Cambridge - SFO Airport Test Site

• VPN Concept• VPN Benefit• SSL SonicWall VPN-200• Case Study – SFO Airport Site• Using VNC (Virtual Network Control)• Conclusion

Virtual Private Network Access for SFO Airport Lidar System

3

• Institutions, companies often want private networks for security. – Costly! Separate routers, T1 links, DNS

infrastructure.

• With a VPN, institution’s inter-office traffic is sent over public Internet instead. – But inter-office traffic is encrypted before

entering public Internet

Virtual Private Networks (VPNs)

4

SanSanFranciscoFrancisco New YorkNew York

DallasDallas

ChicagoChicago

Fully Meshed Leased Line or Frame Relay Network

Fully Meshed Leased Line or Frame Relay Network

SanSanFranciscoFrancisco New YorkNew York

DallasDallas

ChicagoChicago

Internet

Fully meshed VPN networkFully meshed VPN network

LAN-to-LAN: Leased Line and VPN

IPheader

IPsecheader

Securepayload

IPhe

ader

IPse

che

ader

Sec

ure

payl

oad

IP

header

IPsec

header

Secure

payload

IPhe

ader

payl

oad

IPheader

payload

headquartersbranch office

salespersonin hotel

PublicInternet

laptop w/ IPsec

Router w/IPv4 and IPsec

Router w/IPv4 and IPsec

Virtual Private Network (VPN)

6

VPN BenefitsVPN Benefits

• Save Money (Reduce NW Costs by 30-60%)– Reduce private leased line charges

• Increase Business Speed and Flexibility– Internet can be accessed everywhere through many

technologies– Internet capacity is available on demand

• Save Money (Reduce NW Costs by 30-60%)– Reduce private leased line charges

• Increase Business Speed and Flexibility– Internet can be accessed everywhere through many

technologies– Internet capacity is available on demand

VPN TechnologyVPN Technology

7

VPN TechnologyVPN Technology• Basic VPN Concepts

– Tunneling– Encryption– Authentication

• Associated VPN Concepts– Routing– Firewalling– Load Balancing

• Basic VPN Concepts– Tunneling– Encryption– Authentication

• Associated VPN Concepts– Routing– Firewalling– Load Balancing

8

Sonicwall SSL-VPN 200

9

VPN Components• Sonicwall VPN-200 appliance

– Dedicated Hardware Platform– Secure Sockets Layer

• VPN NetExtender for Windows

– Not require any manual client installation.– Transparent to end user– IPSec VPN– Works with existing client and server applications

Router Setupwith static IP address

Router Port forwarding

SonicWall VPN-200 Setup

SSL-VPN NetExtender

Equipments & ISP• Linksys router Cable/DSL 4-Ports BEFSR41 $125• Sonicwall VPN 200 $500• NightHawk Power Recycle $500• 4 Ports Web Remote power $175• 8 Ports Switch $50• ISP Wireless with static IP Covad Communication

provide the service 10/10M at the cost $900 per month

Cambridge-SFO Testing Site

Internet

Router

Cambridge, MA

Benefits:• Extend the network

to remote users

WinExtraction PC

Lidar SystemNAS

VPN Client NetExtender

ISP

Sonic VPN - 200Sonic VPN - 200

ADS-B PC

SFO Lidar Testing Site

Linksys Router192.168.1.1

SonicW VPN-200192.168.1.52

Power Recycle Night Hawk

314-253-09783188-3

4 Outlets Web Remote Power Control

192.168.1.2

ISP Covad 209.172.117.162

On/OffPower110 V

8 ports Switch10/100

Lidar System 192.168.1.25

10/100

10/100

10/10Wireless11A-5.6GHz

10/100

On/Off

Win Extraction PC192.168.1.3

Weather Sensor PC192.168.1.47

On/Off On/Off

10/100

FTP Server fromCambridge

Virtual LAN

Granting VPN Access

Requesting VPN Access

On/Off

VPN Access at SFO Lidar Network

17

Case Study – SFO Lidar System

• SFO Lidar Systems: Using VNC (virtual Network Control) application to access to

– A Lidar System at San Francisco Airport

• SOLUTION• It creates and maintains a virtual link. • It encrypts and decrypts data to reduce snooping by others • It guarantees the authenticity of the sender and receiver

WindTracer Lidar at SFO AirportWireless ISP

Environmental Equipment Shelter: Interior Subsystems-Lidar

Gigabit Ethernet Switch

Analog Front End

Step-Down Transformer

Scanner Driver

SMCC

Power DistributionUnits, MTD

Serial Server

RASP-VME

Monitor/Keyboard

UPS

Filter

GPS Base Unit

RAID/HDD

Autoswitch

Gateway PC

Movable LRU (Scanner Driver)

Movable LRU (SMCC)

Movable LRU (Monitor/Keyboard)

Movable LRU (Gateway PC)

Tall Equipment RackHouses majority of electronics

Local GUI operation

Tall Equipment RackHouses majority of electronics

Local GUI operation

Movable LRUs can be slid outwithout disconnecting cables

from rear panel.

SSL-VPN NetExtenderConnection to SFO

21

Case Study – SFO Lidar System

• SFO Lidar Systems: Using VNC (virtual Network Control) application to access to

– A Lidar System at San Francisco Airport

22

Connecting to SFO Lidar System

Lidar Display

24

Conclusion• Save Money (Reduce NW Costs by 30-60%)• Increase Business Speed and Flexibility• Improve Security• Use Existing Applications, Infrastructure and

User Environments• Build a secured, easy to use, scalable and

standard base Business Network• Increase your Business competitiveness thru

SonicWall VPN

25

Thank You

khang.nguyen@dot.gov