September 1, 2000
Very ‘Popular Networks’: Redefining VPNs
By James R. Dukart
ervice providers and software companies are finding one of the hottest areas in today’s corporate telecom world is the provisioning of so-called virtual private networks (VPNs). So-called, that is, because today’s VPNs are not exactly what they were a few short years ago. Until recently, the term VPN generally meant a closed, private, point-to-point network within the confines of a single company or organization, often using leased lines or frame relay to move traffic from a headquarters to a branch office or branch offices.Today’s VPN more likely is an IP VPN: A veritable mesh of interconnected tunnels carrying encrypted traffic multipoint to multipoint, often mixing in traffic from trusted partners and customers.In other words, private networks are riding the public rails–the Internet–in what amounts to private voice and data cars. Hot, Hot, HotIf the “P” in today’s VPN doesn’t always correlate directly to “private,” it certainly appears to signify “popular.” VPNs particularly are hot in the small-business and large enterprise sectors, creating opportunities for service providers of all sizes.In a July 1999 report, International Data Corp.
(www.idc.com) predicted a compound annual growth rate of 81 percent for IP VPNs during the next five years, with total IP VPN services becoming a $10 billion market by 2003. According to
IDC, 73 percent of Fortune 1000 companies are moving away from strictly private networks in favor of secure IP transmission.More than 25 percent of worldwide computer sites will be connected to some type of VPN by 2001, IDC says.These figures will garner popularity with service providers, too–particularly since IDC reports that 51 percent of respondents say they plan to outsource VPN services within the next several years.Early this year, Infonetics Research Inc.
(www.infonetics.com) reported that more than 50 percent of organizations plan to deploy VPNs by 2002. The three general categories of
VPN–remote access, site-to-site networks and extranet–are poised for strong growth. Infonetics stressed that extranet VPNs in particular–those that provide some access to suppliers, partners or customers–appear to be a key part of corporate networks strategy. At the same time, however, Infonetics reported the key barriers to implementing VPNs are customer concerns regarding security and product/services interoperability. Stepping Up to the PlateService provider say they can’t wait to step up to the challenge.“There is a trend toward enterprises users giving out more and more of the infrastructure market to the carriers,” explains Tony Gale, director of market development for Maynard, Mass.-based Spring Tide Networks Inc.
(www.springtidenet.com). “To banks and financial institutions, we can offer end-to-end security. We can enable companies to have mobile workforces, incorporating all their workers into the company intranet without them having to manage a bank of modems or subscribers. We can add extranet services, provide a community of interest between a company and some of its partners.”
Graph: The VPN Opportunity Gale says in some ways VPNs or data networks simply mirror what already has happened with voice networks.“Companies used to build their own private voice networks,” Gale notes. “But that gave rise to PBXs and Centrex, and now we have the same idea; instead of a bunch of private data lines, companies can go to carriers for IP management directly. The carriers then can offer additional value-added services like web hosting and SLAs.”Gale adds, the spread of VPNs fuels the growth of network-based VPN services. That is because larger, more variegated VPNs demand disparate access methods and must accommodate multiple access devices.An example would be a shipping and delivery company that has branch offices connected via DSL, home-based workers coming in through cable modems or dial-up access and a fleet of trucks equipped with on-board or handheld wireless devices so that drivers can access the VPN.“Using an IP VPN, this can all be based inside the network,” Gale says. “If you used frame relay for the branch offices, you would have to buy a bank of modems for the home workers and set up some 800 lines, and you would also have to do your own security for employees coming in over the Internet. With our solution, we can build the firewalls and security directly into the network.”“You have to be access agnostic,” adds Wayne Bell, vice president of product marketing for Louisville, Colo.-based VPN provider @Link
NetworksInc. (www.atlinknetworks.com). Bell says enterprises are “really jumping on the VPN bandwagon today,” even though he admits that most VPNs being built and requested are not “the true dictionary definition of a
VPN." That can work to the carrier’s advantage, Bell says. He explains, VPNs are stretched in ways they traditionally have not been, and more enterprise customers are turning to service providers for
expertise in deploying and managing secure networks.“More and more we are starting to see the small and medium-sized enterprise say, ‘I don’t have the knowledge or skills to manage this,'” Bell says. “You are seeing the customers ask for managed services and managed VPNs. They don’t care what it’s called, they care that they have a secure connection. Another trend that is driving this is a ton of remote telecommuting applications. We provide IPSec [IP security]-compatible devices and a VPN switch and help them get rid of their network management headaches.”Take Two and Call
in the MorningAmy Hollister, senior product manager for Bermuda-based carrier Global Crossing Ltd.
(www.globalcrossing.com), says VPNs not only solve network management headaches, but also make overall network cost a less bitter pill to swallow.“Particularly if a customer has a lot of remote locations, VPNs make a lot of sense,” Hollister says. “The sheer cost structure of doing a bunch of private lines between a lot of locations makes VPNs an attractive alternative.”
Graph: End-to-End Security for VPNs Hollister says cost considerations are compelling for large companies, those with 3,000 or 5,000 locations around the country. For smaller businesses, the bigger draw is a carrier’s ability to integrate
multiple transport layers, rapidly deploy new services and provide adequate network security.“We are seeing that a lot of our smaller customers want to have it all managed for them,” Hollister says. “If you have the IT resources, you can do it. It’s not rocket science, but do you really want to devote your time to running your own networks? People are also now starting to realize that the Internet is a public network, and inherent in that is a ton of security risks, and they would rather have someone else focus on that.”A Global Crossing customer, a national restaurant chain, has found the IP VPN solution perfectly suited to its tastes by linking up all its locations via DSL, Hollister says.“They use it to do daily backups, to download new menus and to enable every remote location to have access to the corporate LAN,” Hollister notes. “They used to do a lot of faxing but that was pretty cumbersome and expensive, so now they have a direct connection to streamline their business.”Adding new items to a restaurant menu may be one use of a
VPN, but adding new services to the VPN is itself another advantage to IP VPNs over leased lines or true
private networks.Guy Chenard, vice president of marketing and business development for Chelmsford, Mass.-based Integral Access Inc.
(www.integralaccess.com) says customers are interested in adding new services quickly and inexpensively.“The beauty of IP VPNs is that they are very dynamic,” Chenard says. “The routing tables can be updated dynamically, and with the proliferation of new services from applications service providers and Internet services providers, I think that is to be key. The fact that they are IP-based makes them much more flexible than dedicated trunks when customers want to add new voice services, ERP [enterprise resource planning] services and extranet services.”Obsessed by SecurityDonna Woznicky Murphy, vice president of security solutions marketing for VPN vendor Genuity Inc.
(www.genuity.com), based in Burlington, Mass., says the primary concern of most enterprise clients outsourcing a VPN is network security.“Security is nothing you want to mess up,” Murphy says. “We have security-obsessed people here, who focus pretty much on that alone.” She adds, security becomes a particular concern with extranet VPNs, and Genuity offers customers an authenticated web server so that the customers can see what is happening within their networks.“We monitor the gateways, so they can see exactly what we see,” Murphy says. “They can add users and delete users and so we have shared control in that sense, but we do the digital certificates and are 100 percent responsible for security.” Genuity also offers “proactive SLAs” on all its VPNs, crediting customer accounts whenever network problems are encountered. Murphy lists financial services firms, the hospitality industry and manufacturing as among the hottest markets for IP VPNs today.Shared control is at the heart of
offerings by San Francisco-based Securant Technologies Inc. (www.securant.com), a software company that works with Integral Access to provide application-level and
web-page level security for VPNs.Hai Ngo, vice president of global Internet security at
Securant, has rolled out VPNs for the likes of Morgan Stanley Dean Witter & Co.
(www.msdw.com) and PaineWebber Inc. (www.painewebber.com). He says that in addition to providing airtight security from the outside in, VPN providers and managers need to keep a watchful eye on inside-the-network security.“Seventy percent of misuse of networks is from inside,” Ngo warns. “The needs for providing access at the application and data level are growing.”Securant provides it through software applications that let customers set their own policies for VPN access. Ngo says the security stakes are raised even higher with extranet VPNs, where it can be important to separate data or traffic even between or among a group of partners or suppliers.“You have to think about privacy between firms,” Ngo says. “One of your partners cannot see a customer list from another partner. You have to be very protective of this data.”Ngo also says Securant lets VPN administrators set up virtual business units (VBUs) that coexist side by side on a network while blocking lateral access between VBUs.Tipping the ScaleMaaz Sheikh, enterprise VPN product manager for San Jose, Calif.-based ISP Concentric Network Corp.
(www.concentric.com), says IP VPNs also are popular for scalability.He cites Hitachi Metals America Ltd.
(www.hitachi.com), a 2,500-employee supplier to the U.S. automotive industry that installed a 15-site concentric VPN in 1999 to deal with growing data traffic demands. In less than a year, the VPN has doubled Hitachi Metals’ available bandwidth, improved performance and saved the company more than 10 percent per month on its network costs, even while adding several new sites to the network, Sheikh says.Roy Milano, manager of MIS for Hitachi Metals, says the low latency network requires Hitachi to simply install one T1 line in each location. Future plans for the VPN include web and message hosting, an extranet for customers, videoconferencing and remote access for traveling employees.“We now have the ability to increase bandwidth for special services like video and voice over IP with 24-hour notice,” Milano says. Sheikh adds, “We are hosting three different firewalls for Hitachi in our data center. We have created routes for them and for all the vendors or buyers. All the traffic going out from their sites is going through our firewalls, and no matter how much their employees are using the Internet, the core network does not get bogged down. As their needs grow, the bandwidth can be scaled up. We have created a scalable infrastructure, and we have also kept the Internet traffic separate from the VPN traffic.”That type of forward thinking, Sheikh believes, is what enterprises should be looking for when they select a VPN vendor or service provider.“The one key thing is that VPNs allow you to set up the infrastructure and foundation for your needs five or 10 years down the road,” Sheikh says. “If someone is going to choose a vendor or a product, look into not only the quality of the hardware and software, but also look at your five- to 10-year needs.”James R. Dukart is a freelance writer based in Minnesota. He can be reached at
Read more about:Agents
About the Author(s)
You May Also Like