Here's the full text from Information Week.
Wide Area Networks -- VPNs:Virtually Unstoppable -- Companies of all sizes are turning to virtual private networks to link with partners and remote sites while cutting telecom costs
By Beth Davis, Mary E. Thyfault, and Gregory Dalton
Virtual private networks are the next big wave in data communications. Organizations of all sizes are embracing VPNs to build secure links with business partners and franchisees, extend communications to far-flung offices, and slash telecom costs for growing legions of mobile and remote workers.
These software- or hardware-defined networks are not only changing the way companies look at wide area networking, they're also changing the way they look at their businesses and industries. The goals are lofty:Boost sales, expedite product development and delivery, and create stronger relationships, as well as cut costs.
VPNs make all this possible because they're based on standard, ubiquitous, and easily accessible IP networks-the public Internet as well as private IP systems run by carriers or user companies themselves. They are "virtually private" in that data is transported over secure tunnels that resemble, at least in function, conventional private lines.
Many think VPNs could become an even more fundamental tool than leased lines and frame relay. "VPNs are another new way for corporations to communicate, internally and externally," says Michael Howard, president of Infonetics Research Inc. "Just like the fax, voice mail, and E-mail, now we have VPNs."
In a preliminary report issued last week, Infonetics projects that the market for VPN products, systems integration, and network services will rocket nearly 60-fold between 1997 and 2001, to $11.9 billion. The VPN services segment alone is expected to grow from $145 million to $8.85 billion.
AT&T, which last week lent its credibility to the market by announcing a VPN service that promises 99.7% availability and cost savings of up to $60,000 a month for a typical 1,000-user network, is even giddier with its projections. The carrier envisions a VPN services market of between $10 billion and $20 billion by 2001. MCI, Sprint, UUNet, Concentric Network, and other national service providers are equally aggressive, courting customers with their own managed VPN offerings. Meanwhile, software vendors such as Microsoft and Novell and system vendors including Aventail, Radguard, TimeStep, and VPNet want to help customers set up their own virtual private networks.
Several industries are quietly evaluating VPN technology to tie their suppliers, customers, and business associates into networked communities. The American Iron and Steel Institute is designing a VPN to link steel manufacturers, steel processing companies, and customers such as appliance and automakers. At the heart of the network will be a supply-chain-management system that lets participants swap information about all processes involved in ordering, shipping, and receiving goods.
"A lot of the outside processors, for example, have antiquated PC systems," says Howard Ludwig, manager of systems development at Inland Steel Industries Inc., a $4.6 billion manufacturer in Chicago that's helping to drive the effort. "So we have issues with the accuracy of information and the timeliness of information in terms of transmission. The Internet provides the communications glue, and the system itself will provide more accurate and timely data."
AFC Enterprises, a $1.5 billion food-services chain, will begin outfitting some 450 franchisees with VPN hardware systems from vendor VPNet over the next few weeks. The project is part of a 10-year, $100 million information systems program begun in 1994 and aimed at improving every aspect of company and restaurant operations, including inventory management, staffing, payroll, training, and financial reporting and analysis.
Instead of mailing documents and operating manuals, AFC will make this information accessible via cheap, VPN-secured Internet connections. AFC will also make available collaborative process-management tools and an interactive planning guide to help franchisees develop their business plans. Franchisees will also report weekly sales numbers over the VPN.
"We can help our franchisees run their businesses more efficiently and productively so they can make more money and then have opportunities to open more restaurants," says Bill Clapes, director of franchise systems at AFC, in Atlanta. "Also, we will be able to attract new people into our system by providing a level of support that they can't find with any other franchiser."
Cost-Cutter
The Automotive Network Exchange, a VPN-based extranet project led by the Big Three car makers, is among the biggest multicompany VPN projects. As many as 30 companies are participating in the ANX trial. The commercial network, due up in the second quarter of 1998, could ultimately involve 40,000 parts suppliers, dealerships, and financial service companies, letting participants share everything from CAD files and groupware applications to E-mail and electronic data interchange in a standard format. The industry expects to cut costs by about $1 billion a year, or roughly $70 per car made.
Microsoft sees VPNs fitting into its global IT infrastructure in several ways. It's setting up four VPN links for sales, support, developer, and other personnel. Microsoft expects the VPNs will shave an estimated 10% off its annual $100 million communications budget. "Communications is our life blood," says Microsoft VP and CIO John Connors. "The only restriction on our insatiable appetite for bandwidth is our budget for bandwidth."
Late next year, Microsoft plans to set up a separate VPN for its partners, including the largest of the 6,000 independent software vendors with which it exchanges data. The network will let those partners easily adjust bandwidth on links to Microsoft in accordance with the stages of their joint product development.
Outdoor apparel and equipment maker Deckers Outdoor is another global company that's taking advantage of the Internet's ubiquity and accessibility. The Santa Barbara, Calif., manufacturer is linking sites in Canada, Mexico, Europe, China, and Macau with its corporate headquarters over public Internet connections secured with VPN technology from Fortress Technologies Inc.
Deckers wanted to skirt high leased-line prices charged by foreign carriers, as well as the complexities of dealing with multiple providers. "If it's a small office, it's hard to justify paying $500 to $1,500 a month in telecommunications costs," says Steve Miley, director of IS at Deckers. He estimates the company will save more than $10,000 a month on just one three-way international link by choosing a VPN rather than leased lines.
At internetworking vendor Bay Networks Inc., 100 users, including sales personnel and senior managers, now access the corporate network over a VPN. Bay is extending its VPN, which is run by service provider Concentric, to some subcontractors and other suppliers, as well as to its entire U.S. operation of some 2,500 employees. Expected savings compared with dial-up and 800-number charges:30% to 50%
An internal benefit of the VPN is that companies Bay has acquired, such as Rapid City Communications, can be easily integrated into the corporate network. "They already had an Internet connection," says Kevin Cantoni, director of network systems at Bay. "Using a VPN, we were able to turn up the connection very quickly."
At international power-supply company AES Corp., VPN technology from TimeStep Corp. has let management keep intact something it holds dear:a culture that "puts value on the individual and that pushes decision-making out to where decisions have an effect-on the people," says AES systems analyst Chris Shelton.
Without a central IS department supporting the company's far-flung operations, AES needed a simple solution:a box that sits between a site's LAN and its Internet connection and sets up a VPN back to headquarters. For now, AES is running only E-mail over its VPN links. But the door is open for other applications.
Companies that want to get started with a VPN have a number of options. They can buy carrier-provided VPN services that include varying degrees of management, or they can build VPNs using hardware and software from a host of vendors.
In the case of services from a carrier, a secure tunnel is typically set up between a network access point at the service provider's site and a terminating device at the corporate site. Remote users, for instance, connect to the carrier's local "point of presence," where the data is encapsulated and sent on to the corporate network.
The Cardomon Group, a legal-support firm, is testing AT&T's VPN service, due out commercially next year, to provide lawyers and others with remote access to legal transcripts and other documents previously available only on diskette. "It gives even the smallest law firms wide area connectivity," says C. Douglas Mondo, president of Cardomon. "Most important, it alleviates all of our concerns about security."
Companies can also build end-to-end VPNs themselves with clients and servers that support secure tunneling over the Internet or private IP networks. VPN-based servers or gateways also let companies build secure tunnels between two LANs.
But VPN solutions aren't always plug-and-play. Industrywide VPN integration efforts are particularly complex. ANX, for example, had hoped to roll out its VPN-based extranet by the first quarter of 1998 but has pushed that schedule back by several months. "These things are not easy," says Robert Moskowitz, technology support specialist at Chrysler Corp. "The tools are there. It's now about how you glue these things together."
Furthermore, it takes time to provision circuits, and liability issues must be ironed out. Database synchronization is also required of the participants in any industry project.
One consideration for all companies looking to set up VPNs:IP-based networks still aren't as reliable as leased lines or even public frame relay and X.25 services. Also, nailing down service-level agreements with carriers takes some doing. ANX has become something of a benchmark. All Internet service providers participating in that project must meet rigorous performance criteria. Latency across the network, for example, is set at 120 milliseconds, compared with 150 milliseconds for a typical ISP.
"These criteria are trading-partner-centric rather than ISP-centric," says Bryan Whittle, director of advanced internetworking at Bellcore, which is developing and monitoring the ANX performance standards. "They are founded on the business-process requirements of the users."
Another issue:Several VPN specifications compete with one another, so interoperability isn't a given. Microsoft's Connors says the carriers are "very guarded" about long-term volume pricing because they're still unsure about demand and what it will cost to provide high-quality VPN services.
One thing is certain:VPNs must work as well as private data networks-because in the end, the goal of VPNs is to drive new business, not derail it. |
