|
Managers to force VPN specs
By Joe Paone
etwork managers fed up with unmet promises of Virtual Private Networking
interoperability are taking action to push the process along.
The corporate desire to use the Internet for WAN connectivity and
extranets is intensifying. However, at NetWorld+Interop in Atlanta
earlier this month dozens of vendors hawked VPN products but few
demonstrated interoperability under the IETF's (Internet Engineering
Task Force's) IPsec (IP security) VPN standard.
The lack of progress makes managers the driving force behind standards:
those eager to move forward with their VPN plans are either putting the
heat on vendors or working their own way around the interoperability
problem.
In perhaps the most impressive example of the former approach, the Big
Three automakers--Chrysler Corp., Ford Motor Co., and General Motors
Corp.--threw down the gauntlet in front of vendors and service providers
who are eager to sell VPN products and services but who are sluggish on
key criteria such as interoperability, security, and service quality.
The Big Three's mandate is, simply: Live up to our requirements or you
will not play ball in what is generally acknowledged to be the largest
publicly known VPN-extranet project to date.
"The Big Three automakers are driving these standards to be completed
faster than is typical historically," said Kurt Bauer, vice president at
Ascend Communications Inc., a networking products vendor in Alameda,
Calif. "They want IPsec interoperability."
Banding together under the aegis of the Automotive Industry Action Group
(AIAG), the auto industry expects vendors and service providers to meet
strict criteria as they form a common Internet-based communications
network, the Automotive Network eXchange (ANX).
The ANX is intended to provide a common, standards-based, less-expensive
infrastructure for trade between the involved companies. It is slated to
replace the slew of incompatible links the companies have in
place--links that differ in topology and system requirements. Some
companies actually have multiple links with each other based on which
application they are using.
"We're looking to eliminate waste and redundancy in the supply chain,"
said Karl Schohl, ANX business manager at the AIAG in Southfield, Mich.
He explained that beyond a common network, the auto makers are also
working to cooperate on other specialized interests, such as CAD/CAM
systems and product-quality standards.
With the ANX, all of the companies can use the same network, regardless
of application, and use any ANX-approved product or service they wish.
The network will hopefully result in lower costs of doing business and,
ultimately, slightly less expensive cars.
The ANX is aggressively testing both equipment and service providers. It
has held four equipment-interoperability workshops this year involving
more than 25 vendors, and only six vendors have proven fully
interoperable under IPsec. So they are starting their pilot program this
month, said sources, with only those vendors.
"The line in the sand has been drawn with these vendors," said AIAG's
Schohl. The AIAG is through with holding interoperability workshops, he
added; it's up to the vendors to schedule further interoperability
tests.
One of the fully interoperable vendors, TimeStep Corp., hosted the last
workshop.
"Lack of interoperability has not had a huge effect on selling to a
single company that wants to connect its offices over the Internet, or
do remote access," said Tony Rosati, vice president of business
development and marketing at TimeStep in Kanata, Ontario. "But it has
affected large-scale deployment. Secure extranets between multiple
companies are not possible without interoperability."
Rosati and others suggested that many vendors who claim to be
"IPsec-compliant" in fact use IPsec encryption, but do not adequately
support newer features of the standard such as key management, which is
vital for authentication and handshaking purposes.
The AIAG is also expecting a lot from service providers, commissioning
telecommunications R & D icon Bell Communications Research to certify
carriers offering VPN services based on a list of eight criteria:
network services, interoperability, performance, reliability, business
continuity and disaster recovery, security, customer care, and trouble
handling.
Bellcore will recertify providers on an ongoing basis and will have the
power to place delinquent providers on probation.
Other vertical industries such as health care are watching the ANX
carefully. Obviously, involvement with the ANX is a feather in the cap
that will validate vendors and providers to those industries.
"Service providers are falling all over themselves to avoid losing this
business," said Jim Hurley, director of operating environments at
Aberdeen Group Inc., a research and consulting company in Boston.
While ambitious VPNs will require these levels of service, most industry
watchers and managers feel the requirements need not be as tight for
smaller business and smaller extranets that can be built with more
informal cooperation.
"It's an issue for vertical industries like the automotive industry,"
said David Passmore, president of Decisys Inc., a consultancy in
Sterling, Va. "But [all of the ANX's criteria] are not essential in all
market segments."
Passmore sees two emerging VPN models that are less comprehensive than
the ANX model: one in which companies buy their own gear and use a
generic Internet service, and the other in which companies contract with
a common service provider that installs and manages all of the equipment
necessary at their points of presence (POPs) or at the company sites.
Companies also differ in terms of priorities: security, cost,
reliability, performance, or interoperability. Depending on what is most
important to a company, and whether they are using VPNs for
branch-office connectivity, remote access, or extranets, one approach
may be more suitable than the other.
It is clear that some companies cannot afford to wait and see how the
ANX shakes out.
Aberdeen's Hurley recently consulted a company that wanted to set up an
extranet with a couple of partners. "This company was not going to wait
for Ford, Chrysler, and GM," he said. "They said, 'That's nice, but we
need to do whatever we have to do now to make this come to fruition.'"
Steve Lopez, director of networking at the National Board of Medical
Examiners in Philadelphia, is looking to set up a VPN with two other
organizations and he isn't too concerned with the ANX either, nor is he
eagerly anticipating specialized VPN service from providers.
"We're willing to take performance hits," said Lopez. "I'd rather buy
Internet service as a commodity and hook up my own equipment. I don't
buy the service-provider argument."
Still, vendors and service providers have more work to do to hone VPN
products and services in order to appeal to the broadest range of
production environments.
"Lots of companies are just coming around to frame relay," said
Passmore. "We're talking two or three years away here before VPN takes
off." |
