Opinion: VPN or Web Service?

[Robin Mark Tucker]

I'm wondering what arguments you people might have for/against implementing
an internet based system via. either Virtual Private Network (ie. the client
thinks it's local) or via. a Web Service. It seems that the VPN requires
greater system administration and can be a pita to setup, but that the Web
Service needs more coding. Does anyone have an opinion on this? What does
the future hold? Assume we don't allow average Joe on the internet to use
our service, it's just a corporate-wide thing.

Thanks,


Robin

 

[Charlie Brown]

Robin,
I have several Web Services that I use across an existing VPN. I have
found that due to latency across the VPN at certain times, I get a
better response in the software if the server does some of the
processing for me and sends the results via a dataset. The VPN
provides me with a secure connection for Webservice without additional
coding. A webservice is very easy to setup and quite simple to use,
especially if your used to breaking your apps into multiple tiers.

 

[Robin Mark Tucker]

Thanks Charlie. So I have the option then, of providing a web service, but
locking it behind a VPN. I can get the benefit of both worlds this way.

 

[Gerald Hernandez]

Robin,

While it may not be readily obvious, I think these are really seperate
issues.
There are many pro's and con's to both, however they aren't necessarily the
same thing.
Sure one or the other or both might serve your needs best.

IMHO a VPN would be used for security. Yes, it certainly requires more
administration, but that is the price to pay for security.
There are a great number of things you could also do with a web service. But
since you say that you don't want to make it public, then you would want to
implement other safeguards. This may or may not be more work than
implementing a VPN. Now if you did want it exposed publicly, then you
certainly cannot give the average Joe access to your network via VPN.

In short, a VPN can give specific users access to your network. If you only
want your Web Service available inside your corporate network, then a VPN
makes sense.

For security and flexibility, I might choose the "both" approach:
Authorized Corporate User -> VPN / Firewall / etc. -> Web Service.

Of course, that requires the most administration.

Just my thoughts.

Gerald

 

[Robin Mark Tucker]

Okay, I see now. I'm actually going to continue with the Web Service
design, because it gives maximum flexibility for the future. If we want to
make it public, as you say, we can, if we want to lock it down, we can do
that with a VPN among other things - either way, the web service is a good
way of implementing it. I suppose I'm fishing for good arguments either
way, to use in the next meeting I have on this matter, so I can at least
express the arguments for and against. But I suppose it isn't so black and
white .

 

[Cor Ligthert [MVP]]

Robin

In addition to the others

VPN is a Virtual *Private* Network

WebService is in fact a Public or Protected solution

Just my thought,

Cor