Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=8700128
VPNs have saved businesses a lot of money compared with the cost of conventional private networks. Now a new breed of VPN based on the Internet Protocol is generating even greater savings. IP VPNs are also giving companies more bandwidth, more flexible network designs, and the ability to more easily connect remote and international offices. They also provide the network infrastructure for combining voice and data networks, a much-hyped trend that's been slow to catch on.
U.S. companies are expected to spend $2.3 billion on IP VPN services this year, according to market research firm IDC. Nearly two-thirds of that will be paid to hundreds of small carriers, outsourcers, local Internet providers, or specialty VPN providers. The rest goes to major carriers, with AT&T and WorldCom earning the largest chunk.
That number may grow. U.S. businesses this year will spend $6.8 billion on equipment for internally managed VPNs, IDC says. Consequently, major U.S. and global carriers are moving aggressively to convince businesses to hand over their VPNs by offering fully managed IP VPN services.
"More and more enterprises are going to move to IP-based services," Forrester Research analyst Jim Slaby says. Cost-savings can be sizable, though the trade-off may be quality, he says.
One big fan of IP VPNs is B. Lee Jones, CIO for Stratex Networks Inc., a maker of equipment for wireless broadband networks that was formerly known as Digital Microwave Corp. Stratex has 200,000 of its systems in operation in 95 countries. In July, Jones moved Stratex from a hybrid frame relay/IP network to an IP VPN service from Infonet Services Corp., which tripled or quadrupled bandwidth to 12 of the company's international offices and cut the network budget in half. "It has been wonderful," he says. "It was virtually a seamless transition. People saw that their network response was a lot better, and my CFO was happy."
Jones had three reasons for shifting to an IP VPN: better security, more bandwidth, and lower costs for connecting Stratex's 26 offices and eight data centers that span five continents. He also wanted to make the network less complex. Previously, Stratex used a mix of frame relay and IP, along with dedicated private lines, DSL, and dial-up access. "It really helps having one platform and having Infonet manage everything," he says. "It's a little intangible from a cost-savings perspective, but the difference is substantial. You only have one guy to point the finger at. Fortunately, we don't have to do that very often."
There are other benefits. Stratex uses the IP VPN for international videoconferences. "We have enough bandwidth where we can do videoconferences with no incremental costs," Jones says. "It's like we're all sitting in the same room, which goes a long way to helping the team. It's saved quite a few plane tickets."
The savings that IP VPNs offer can be substantial. To build a frame relay network that links 10 offices requires 44 permanent virtual circuits connecting each location to the others. An IP VPN needs only 10 lines to connect each office to a carrier's network. Routing software establishes and tears down virtual circuits between each office as needed. Specific savings for each company depend on a variety of factors, including the number of locations on the network and the port speed.
That makes designing and buying a VPN complicated. Shifting to IP adds another layer of complexity. Carriers offer several types of IP VPNs: Some run over a separate network running multiprotocol label switching; others run over the public Internet; and a third version can be created as an overlay network on an existing frame relay or ATM network. There are advantages and disadvantages to each, which is why many businesses wind up using a combination of the offerings.
Businesses can choose who owns and manages the IP VPN. They can buy the IP VPN equipment and manage the network themselves; they can buy the equipment and have a carrier manage the network; or they can let the carrier own the gear and manage the network. Companies can save up to 30% using carrier-based VPNs compared with those in which the equipment is located on the customer site but managed by the carrier, Sprint says.
The stagnant economy has prevented companies from switching network services as readily as they did in previous years. But a variety of factors are causing more businesses to shift some of their traffic to IP VPNs. One big driver is IP telephony. For years, companies have wanted to add voice traffic to the fixed costs of a data network, letting them trim costs and integrate voice and data traffic. But the quality wasn't good enough until recently. Consider global carrier Equant: In January 2002, it carried 200,000 minutes of voice and video over its 135-country network. Last January, it carried 2 million minutes, says Gopi Gopinath, senior VP of data and IP products. Equant has 750 IP VPN customers. Earlier this month, automotive air-conditioning and engine cooling company Behr GmbH & Co. signed on with Equant's IP VPN service to handle voice, fax, and data traffic among 14 locations on four continents.
"Voice is the first major new application to run on IP VPNs," Gopinath says. "In the future, there will be more applications, such as Webcasting and training."
Another factor driving the shift is getting high-speed connectivity to offices in remote locations. "As companies are becoming more distributed, we're seeing the remote solution becoming more effective," says Ronnie Bailey, WorldCom's senior director of VPN and data services. "It's too expensive to have frame relay to your remote office or home office. IP VPNs offer a tremendous potential for cost savings."
VPNs are arguably the best option for building extranets. Businesses can operate their own IP VPNs and provide partners with access over the public Internet to selected applications. VPNs also make it easier to merge companies and their networks. "If you've got several other companies you're acquiring and want one clean network, IP VPNs make a very quick and convenient transition," Gopinath says. "It's much easier than frame relay, where you'd need a staff of people who keep track of the changes and reprogram the routers every time a new site is added."
Choosing the right type of IP VPN can be challenging because each has its own set of benefits and disadvantages. Several carriers, including AT&T, Cable & Wireless, Equant, Infonet, and WorldCom, operate multiprotocol label-switching networks, which are appealing to businesses for several reasons. For one, they can prioritize traffic into multiple classes of service and ensure that the high-priority traffic gets the bandwidth it needs. Carriers typically offer three to five different classes of service that coincide with applications that businesses run. For instance, Equant offers five classes of service: One for voice, another for video, and three for data traffic ranging from low-priority E-mail and Web browsing to high-priority critical data transfers and real-time collaboration.
The multiprotocol label-switching networks typically are private, meaning that the only traffic that runs over them is from subscribers of the service, rather than public Internet traffic. Security is built into the routers, so companies don't have to worry about installing IPSec or Secure Sockets Layer encryption on their clients or apps.
The trouble with these private networks is that they don't have the broad geographical reach that conventional remote-access VPNs do. That's why companies often opt to use Internet-based VPNs in countries where access to a private multiprotocol label-switching network isn't available.
With Internet VPNs, IPSec software or equipment creates a secure tunnel that carries traffic over the Internet, connecting remote users to their corporate network. The offering works anywhere Internet access is available. Some providers, including AT&T and Infonet, also offer SSL encryption to expand access to browsers and devices that aren't IPSec-compliant.
One problem with Internet-based VPNs is that carriers can't guarantee performance. With a multiprotocol label-switching network or private IP VPN, they can offer service-level agreements because they own and operate the network. But when traffic travels over the Net, it can pass through several ISP networks and performance can vary. "The Internet flavor of IP VPNs is an excellent option, but the problem is that it's not a private network," says David Lowe, director of Cable & Wireless' IP networking solutions. "There's no ability on the public Internet to separate classes of services. Your business-critical financial data is treated the same as some E-mail packet."
AT&T, Sprint, and other carriers provide another option known as IP-enabled frame relay. Customers continue to use the same frame relay routers at their sites, but at the access edge of the carriers' networks, frame relay traffic is turned into IP traffic by using an IP tag. The benefit: It preserves a customer's investment in frame relay equipment.
These services are key in helping customers migrate to a pure IP network. "IP hasn't moved as fast as we thought," says Peter Parish, director of product marketing for Sprint Business. "Enterprises have huge installed bases of gear and scripts, and they have tight budgets. It's hard for them to make this jump." That's why Sprint developed SprintLink, a service that uses frame relay or ATM on the edge of the network and IP in the core, which lets customers "start to migrate some locations to IP piecemeal," Parish says.
Carriers plan to enhance their IP VPN services with performance reports, expanded global access, new security features, and more access options, including DSL and cable modems. For example, AT&T has Web-based reports that give customers details on IPsec VPN accessibility and sustainability. The carrier is developing similar reports for its multiprotocol label-switching service, an offering already available from Infonet. Meanwhile, Equant is testing wireless VPN access, including the increasingly popular Wireless Fidelity technology.
Still, a move to IP VPNs will take time because many IT managers are comfortable with their frame relay, ATM, or private-line data networks and don't want to change, says WorldCom's Bailey. Also, changing service requires training and, in some cases, capital expenditure.
Most vendors say business-technology executives will learn the ins and outs of IP VPNs by shifting a few locations at a time or by using it for new applications. "Customers in today's marketplace aren't looking to spend additional money on the latest technology just for the sake of it," says Tom Roache, Verizon's director of advanced networking services. By providing several different IP VPN services and interconnections between them, "customers can use IP VPNs as they have the financial means to do so."
Illustration by Jeffrey Pelo