Recently, many network devices such as firewall, IP router with the VPN function have been popularized, and now we can construct VPN in the Internet, set up the devices using the network policy in VPN provisioning systems. There are many administrators per device as a characteristic of VPN in Internet, and current provisioning systems are not suitable for those people in the respect that we can't divide permissions so many for each configuration data for the VPN. In this paper, defining the "wide-area VPN" as "VPN in the Internet", we propose one method as a solution of administrator's inconvenience mentioned above. That is to say, each administrator can have separated permission in the wide-area VPN provisioning systems. And we describe effects of the proposed method with examples.
View full abstract