VPNs Branch Out To Play New Roles
[I like the reference to VPN as a virtual LAN. Is this a backdoor way for ASND to enter LAN?? Comments would be appreciated. djane]
By SALVATORE SALAMONE, Friday, May 8, 1998, 5:30 p.m. ET.
techweb.cmp.com
Las Vegas -- Think outside the box.
That's what many IT managers are doing when
it comes to applications of virtual private
networking technology.
VPN pilot tests and those handling live traffic
are giving IT managers confidence that VPNs
do indeed provide adequate security and
acceptable levels of performance. With this
confidence, they are now looking at ways to
apply VPN technology to other network
applications.
At the NetWorld+Interop trade show here,
the first iterations of these new VPN
applications started to emerge.
Companies have typically looked to VPNs for
three main applications: outsourcing remote
access, connecting sites over the Internet and
linking outside users on an extranet.
But several other applications are now coming
into focus. They include using VPN
functionality within an intranet, securing a
variety of communications, and carrying
different types of traffic, including voice calls
and SNA data.
Infonetics Research Inc. has just completed a
study of user plans for VPN products and
services. One of the key findings: About half
the respondents who are using VPNs plan to
use them to segment groups on a corporate
intranet, similar to what many vendors and
users refer to as virtual LANs, according to
Michael Howard, Infonetics' CEO.
Essentially, this offers levels of segmentation
on an intranet that are otherwise only
achievable using routers or Layer 3 switches.
And, some industry experts said, the VPN
approach may be much easier to manage and
administer than these alternatives.[Nice potential for ASND]
Another application discussed at the show
was the use of VPN technology to secure
Web hosting information. For example,
Concentric Network Corp. introduced
ConcentricHost, a managed Web-hosting
service. The company offers the service by
itself but also combines managed hosting with
its VPN services. This combination would
allow a company to use Concentric's
backbone as the heart of its intranet while
knowing that the hosted data would only be
available to employees, for example. And, on
top of that, the data would only be available to
employees who are entitled to see it.
There also were discussions of using VPN
technology to secure other forms of
communications. "You can do secure
videoconferencing using NetMeeting, for
example," said David Dawson, president and
CEO of V-One Corp.
"VPNs can be used to secure IP voice and
fax, too," said Robert Wilson, president and
CEO of Assured Digital Inc., a VPN vendor.
Indeed, Infonetics found that people wanting
to buy a multifunction VPN box--one that
might include firewall, authentication and
routing functions, for example--wanted VPN
connections to handle other types of
applications.
Thirty-three percent of respondents to the
Infonetics survey are interested in using VPNs
for voice over IP, Howard said.
These nontraditional VPN applications take
advantage of IT managers' increasing comfort
level with VPN security to offer alternative
ways to meet the communications needs of
organizations.
"We've been evaluating VPN technology to
connect sites, and security is the first issue
everyone raises," said Robin Hall, a network
administrator at the law firm of Reed, Hapner
and Selwin. "I've been able to convince
people here that encryption technologies like
triple-DES are adequate for safeguarding the
files and data that we expect to run over a
VPN."
Her company also is evaluating voice-over-IP
equipment so that lawyers in different sites
could talk over an IP network, thereby saving
toll charges. "The security that comes with a
VPN seems like it lends itself to other
applications like voice over IP."
And in a related development at N+I, IBM
discussed ways to handle time-sensitive SNA
traffic using VPNs. Some IT managers are
uncomfortable with the idea of using VPNs to
carry SNA traffic because of perceptions that
VPNs do not offer the performance needed to
handle such data.
IBM is trying to address this issue in a number
of ways. On one hand, it announced that it is
adding IPsec support to increase the IP
security features of its Nways internetworking
hardware equipment line that includes the
3746 Multiaccess Enclosure and 2210 and
2216 routers.
To address performance issues, the heart of
the IBM effort is providing a way to tag VPN
data carrying SNA traffic and then making
sure that the internetworking hardware is
intelligent enough to assign a high priority to
this traffic.
For More N+I stories |
