In any of the ISP VPN offerings or in any of the VPN architectures, key safety is an important issue. Just as any backup/restore procedure should be maintained, so must the VPN keys be part of a routine procedure. This is not the generation and management of keys, but where to get them if duplicates are needed. In all VPN architectures, the keys that are generated and managed must be stored in a safe, secure place, not only for security purposes but also for recovery of those keys. These include the public keys, device keys, and any certificates that are published The encryption keys for the tunnel must also be able to be reproduced in case the VPN device fails and a replacement is needed. The old keys and certificates are still available on the server. This is important because the original keys are needed for revocation.
Was this article helpful?