Global VPNs answer Internet access prayers.

Experience Internet benefits without the security risks, while executing a proactive converged networking strategy.

Today's network managers appear to be in a no-win situation Noun 1. no-win situation - a situation in which a favorable outcome is impossible; you are bound to lose whatever you do
situation - a complex or critical or unusual difficulty; "the dangerous situation developed suddenly"; "that's quite a situation"; "no human when it comes to reconciling a proactive, global Internet access See how to access the Internet. strategy with their organizations' need for high levels of enterprise network security. On the one hand, they recognize the benefits of using the Internet--including cost savings and an expanded "reach," the improved efficiency, new revenue streams and the competitive edge that result from connecting to business partners and customers, as well as the actual generation of new revenue through such applications as Web-based sales programs. On the other hand, they are the keepers of their corporations' security requirements and their jobs depend on how well they fulfill this obligation.

Global virtual private networks (VPNs) from global networking providers are an answer to the network manager's prayers. VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. technology lets network managers gain control of the chaotic Internet environment in which most enterprises operate today. They have branch offices, remote local area networks (LANs), customers and numerous other installations, all using the public Internet to reach the enterprise network. This wide-open access lacks security and varies greatly in performance.

The common alternative is to combine a wide-area connection to concentrate traffic bound for the public Internet in one location with a heavy-duty, well-maintained firewall. Adding all of this dedicated connectivity is an expensive alternative, yet another reason to evaluate IP VPNs, which are also less expensive than the frame relay A high-speed packet switching protocol used in wide area networks (WANs). Providing a granular service of up to DS3 speed (45 Mbps), it has become popular for LAN to LAN connections across remote distances, and services are offered by most major carriers. needed to concentrate traffic, while providing many of the performance characteristics that make frame relay an attractive solution.

The best source of global VPNs is value-added providers. They provide not only the IP-based global networking resources, but also the security and application performance so necessary today on enterprise networks linked to the public Internet. In particular, two solutions are being adopted by multinational enterprises: IP VPNs, or private Internets that include intranets/ extranets; and managed firewalls.

MORE EFFICIENT GLOBAL IP NETWORKING

A primary objective when meeting the growing demand for Internet access is to combine simplicity with security. The first step toward simplifying Internet access is to stop dealing with a different Internet service provider Internet service provider (ISP)

Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. (ISP (1) See in-system programmable.

(2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. ) in each country where access is needed. A global VPN IP networking provider acts as a sole-source ISP, giving enterprises a single point of accountability and one currency billing, which removes a lot of administrative headaches.

Still, the bottom line for VPNs is high-speed delivery and receipt of data, transactions and other communications over reliable connections with quality levels that match differing business needs. There is flexibility, as well, in the form of access options, including high-speed dedicated circuits (64 kbps to 45 Mbps), a full menu of dial-up options (integrated services digital network Integrated services digital network (ISDN)

A generic term referring to the integration of communications services transported over digital facilities such as wire pairs, coaxial cables, optical fibers, microwave radio, and satellites. or ISDN ISDN
in full Integrated Services Digital Network

Digital telecommunications network that operates over standard copper telephone wires or other media. , digital subscriber line See DSL.

(communications, protocol) Digital Subscriber Line - (DSL, or Digital Subscriber Loop, xDSL - see below) A family of digital telecommunications protocols designed to allow high speed data communication over the existing copper telephone lines between end-users and or DSL DSL
in full Digital Subscriber Line

Broadband digital communications connection that operates over standard copper telephone wires. It requires a DSL modem, which splits transmissions into two frequency bands: the lower frequencies for voice (ordinary , 56 kbps) and wireless data.

The timing is right as VPN-based networking is coming of age, including standardization. The Internet Engineering Task Force (c/o Corporation for National Research Initiatives (CNRI), Reston, VA, www.ietf.org) Founded in 1986, the IETF is a non-membership, open, voluntary standards organization dedicated to identifying problems and opportunities in IP data networks and proposing technical solutions to the describes them as the "emulation of a private wide area network (WAN) ... using IP facilities, including the public Internet or private IP backbones." In practical terms, VPNs with these capabilities translate into:

* any-to-any connectivity across a shared IP infrastructure;

* classes of service on a point-to-point basis that match the needs of specific applications for response time and throughput;

* security and quality comparable to a private network;

* high-speed Internet See broadband. access; and

* support for both dedicated and dial-up users.

The dream of many network managers is a secure Internet access strategy. The sleepless nights come from the implementation and maintenance of far too many firewalls. As the Internet environment grows, the cost and complexity increases as the number of firewalls multiplies. A typical firewall costs $3,300 per month, (about $1,500 for equipment and software and about $1,800 for service management and support). When a firewall is installed at each global Internet access point on the enterprise network, the firewall infrastructure rapidly becomes unmanageable and expensive.

Increasingly, VPN providers are becoming the preferred source for managed firewall services. The first benefit is lower costs through economies of scale, plus improved security, since these providers have dedicated staffs that do nothing but manage firewalls. The less-realized benefit is considerable cost savings from accessing regional firewall farms maintained by the provider that route traffic onto secure IP networks that are owned and managed by the provider. For example, using the public Internet to reach one or two of these server farms is possible in Asia, rather than maintaining separate firewalls at 15, 20 or more locations. The same style-of-access economies apply to Europe and North America North America, third largest continent (1990 est. pop. 365,000,000), c.9,400,000 sq mi (24,346,000 sq km), the northern of the two continents of the Western Hemisphere. .

The exact levels of security do matter. The gold standard is a single, enterprise-wide policy that integrates all aspects of network security, including access control, validation of authorized network users and protection of data privacy, as well as daily management of complex firewall configurations. The provider must have a dedicated security administration team that serves as an extension of internal staff and enables proactive, real-time monitoring of traffic and response to security threats and break-in attempts.

COMING SOON: MPLS (1) (MultiProtocol Lambda Switching) The earlier name for GMPLS. See GMPLS.

(2) (MultiProtocol Label Switching) A standard from the IETF for including routing information in the packets of an IP network.

A new generation of IP VPNs is virtually here. These new VPNs offer classes of service that permit voice and mission-critical data to be given a priority over less urgent traffic. In addition, multiprotocol label switching (networking) Multiprotocol Label Switching - (MPLS) A packet switching protocol developed by the IETF. Initially developed to improve switching speed, other benefits are now seen as being more important. (MPLS) is just starting to be implemented on these networks. MPLS operates over any Layer 2 network, such as ATM or frame relay, while combining high-speed switching with Layer 3 network routing. The result is that IP can take advantage of the quality-of-services capabilities of ATM or frame relay networks, with some services available now in some locations and full MPLS capabilities as soon as 2001 globally.

The arrival of classes of service over IP VPNs will bring new efficiencies to global networking. The top class of the network will be capable of transporting mission-critical traffic and real-time applications with low latency Low latency allows human-unnoticeable delays between an input being processed and the corresponding output providing real time characteristics. This can be especially important for internet connections utilizing services such as online gaming and VOIP - VOIP is not as important as and packet loss rates. The increasing reliance within multinationals on enterprise resource planning See ERP.

(application, business) Enterprise Resource Planning - (ERP) Any software system designed to support and automate the business processes of medium and large businesses. (ERP (Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. ) systems is driving the emergence of networks with these capacities, as is video and packetized voice The transmission of real time voice in a packet switching network. .

With this level of service, the IP traffic is transported exclusively over the provider's backbone network A backbone network provides a path for the exchange of information between different LANs or subnetworks.^[1] A backbone can tie together diverse networks in the same building, in different buildings in a campus environment, or over wide areas. and access to the backbone through and through; thoroughly; entirely.
- Lord Lytton.

See also: Backbone is achieved via IP security tunnels that ensure confidentiality, integrity and authenticity between routers. An independent certificate authority service authenticates offload key exchanges.

The second class of service is designed for mission-supporting applications, such as intranet, Web browsing and Web-based ERP functions. These networking functions operate effectively with medium latency and packet loss. Transport takes place over a combination of public- and private-managed IP networks, and security is provided at the router and access points, including a firewall at regional entry points on the private backbone.

IP networking, as we know it today, is the equivalent of the third class of service--except that traffic of this class is now limited to routine messaging, Internet browsing and other activities that are suitable for the best effort network that is the public Internet. Appropriate firewall protection provides security from intrusion.

WHAT TO EXPECT OF IP NETWORKING PROVIDERS

With IP networking technology changing so rapidly, the choice of a VPN provider is critical. One important criterion is geographic reach within the areas required, so as to no longer have to deal with multiple ISPs.

Once geographic needs are assessed, an enterprise should survey the technology platform and capital spending capital spending

Spending for long-term assets such as factories, equipment, machinery, and buildings that permits the production of more goods and services in future years. plans. In addition to a concrete program for implementing MPLS, there must be an aggressive plan for bandwidth expansion Bandwidth expansion is a technique for widening the bandwidth or the resonances in an LPC filter. This is done by moving all the poles towards the origin by a constant factor $\text{[math]}$ . . The applications now on IP VPNs, as well as those in the pipeline, are increasingly bandwidth-hungry. A global multigigabit backbone is essential. One that is owned, rather than leased, is preferred as well, to protect against price increases and/or unavailability as bandwidth shortages develop in the future.

Assessing a security-services vendor requires delving into a number of areas that quickly reveal the extent of the security provided, including network address translation, source address hiding, automated intrusion detection and URL URL
in full Uniform Resource Locator

Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. filtering. Network managers should inquire into encryption technology and authentication technology, as well. Finally, they should expect the provider to reveal its plans to keep security technology totally current and regularly maintained.

The ideal candidates for VPN-based IP networking are enterprises with integrated intranet/Internet traffic over highly meshed enterprise networks and a need for Internet-type, any-to-any pricing without incurring added frame relay CIR (Committed Information Rate) In a frame relay network, the average transmission rate in bits per second (typically Kbps) for a virtual circuit. It defines the maximum rate that the network can handle under normal conditions. costs. With VPNs over private IP networks, these enterprises receive a network that is easy to order and configure, since there is no CIR sizing and/or pricing involved.

Additional value is realized through Internet gateways to build extranets with business partners and complete internal security with 24X7 managed firewalls. Later on, the private IP backbone can be easily migrated to the Internet as new technologies in the areas of class of service, security and applications emerge that resolve existing performance and security issues that are now inherent in using a public IP network.

When network managers' dreams really come true is when VPNs allow them to execute a proactive, converged networking strategy that lets their end users experience the benefits of the Internet without the inherent security risks. On top of this, VPNs are totally scalable and future-proof, while delivering superior performance and reliability. With the right VPN solution, these professionals can help their organizations meld their private networks with the public Internet to accommodate specific business applications, including business-to-business e-commerce.

Laurin is director of IP business services for Infonet Services Corp., El Segundo, CA.

www.infonet.com

Circle 255 for more information from Infonet

COPYRIGHT 2000 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	Industry Trend or Event
Comment:	Global virtual private networks (VPNs) allow network managers to exert more control over business intelligence and communications than ever before.
Author:	Laurin, Doug
Publication:	Communications News
Geographic Code:	1USA
Date:	Sep 1, 2000
Words:	1580
Previous Article:	Give your clients exactly what they deserve.
Next Article:	Sometimes you can find the answers right in your own backyard.
Topics:	Computer telephony Services Encryption software Enterprise networks Management Industrial research Integrated voice/data Services Internet services Management Long distance telephone services Management information systems Network management systems Online services Management Research institutes Systems and data security software Systems management Virtual private networks Web sites Services Web sites (World Wide Web) Services

Related Articles
Tunneling the Internet.
VPN basics.
Ready to share the wealth?
It's a VPN thing.
Time to reconsider IP VPNs?
Virtual private networks: coming to a LAN near you?
Where's the voice in remote access?
PGP SECURITY LAUNCHES VPN SOFTWARE FOR INTEL VPN PRODUCTS.
More views on VPNs.
Enterprises embrace IP VPNs: new products and improved services spur growth. (Netcom Update).