Networks Without Borders

In ancient Greece soldiers used fire signals during the night and smoke during the day to send messages from remote locations. 

For this purpose, Greeks built manned communication towers on mountaintops called as “Fryktories”. These were put to the best use in the great Trojan War, way back in 1200 BC.

Many centuries have passed since the Trojan War and with the passage of time, mankind’s zest for communication has manifested itself in many forms–the grandest of all inventions without doubt being the Internet. Along with the Internet, which has found a place for itself in history, are also various applications that have found their niché as change enablers. To that end, the latest buzz to hit the IT landscape is the virtual private network (VPN), which is touted as the most preferred way of connecting dispersed locations and mobile workforces.

A VPN can be defined as a networking concept that enables companies to connect branch offices and mobile users/workforces by using the IP backbone. While there is no standard definition for VPN, it can be described as a technology that replaces wide area networks (WAN) riding on private lines. Traditionally, a private WAN banks on dedicated bandwidth leased from telephone companies for connecting to remote locations. Apart from the huge connectivity costs, private LANs also incur high hardware costs. In the case of a VPN, it uses the public network–that is the Internet.

Though VPNs started making their presence felt in the mid-90s, it is only in recent times that the full extent of their benefits has become apparent. The pointer to that end is that more and more enterprises are going the VPN way, and in the bargain they are cutting costs, increasing operational efficiencies and putting in place a infrastructure that enables them to transact business and communicate with workforces 24x7. As a result, VPNs are posed for better times ahead. An IDC report pegs the current VPN market in India at around Rs 250 crore, and it is expected to grow to about Rs 850 crore by the end of 2006.

Some of the leading players that offer VPN services in India are Sify, HCL Comnet, Comsat Max, Videsh Sanchar Nigam Limited, Bharat Sanchar Nigam Limited and Dishnet

DSL.

All these factors make VPN the new universal standard in remote access and with security issues by and large addressed, the term has become more defined–all VPNs are now commonly referred to as

IP-VPN.

The VPN rise



The evolution of VPNs has given true merit to WAN. Prior to the emergence of VPN, a WAN did not cover all locations spread across a geography because of the exorbitant costs involved. Also, the complexities involved in setting up a WAN infrastructure restricted its large-scale adoption by enterprises. Besides the expense and complications involved, a WAN riding on a private line–though highly secure–is difficult to scale. This is because their design is rigid and connectivity on a pay-per-use basis is not possible as a private network is in operation round the clock, each day of the week. In the end, enterprises had to pay for unused non-transaction hours also. Thus, enterprises that were running WAN prioritized their network access and opted for connecting with major locations only. Hence, mobile employees, customers and partners were denied remote access.

These are major drawbacks in a business environment. It, in fact, put many enterprises in a dilemma as they could not continue deploying a private network owing to the high cost and, at the same time, opt out of a leased private line as that meant compromising on quality.

This is where a VPN fits in perfectly–it has the benefit of a shared public network and yet offers good security and connectivity that comes at half the price of a private network. And, the above reasons are why its popularity has risen in the last couple of years. Some of the top enterprises in India that have deployed VPN systems are Whirlpool India, Hero Honda Motors, National Panasonic, Pfizer, Amtrex, Max New York Life, Royal Sun, Eicher, Amtrex Hitachi, Voltas, HTA, Cox & Kings, Citibank, HR Johnson, Shaw Wallace and Nerolac, among others.

Why VPN?



Over the years, the focal point of any networking forum has been: why should an enterprise go for VPN? Today, the answer is simple. Other than the obvious positives of low cost and ease-of-use, its ability to connect to far-flung locations is the major driver for its adoption as the proportion of traveling workforces has gone up. 

If one were to list the deliverables of a VPN, an enterprise will get seamless integration, branch office and remote user connectivity, lesser implementation times and round-the-clock customer interaction through extranets. Comments Arup Chakraborty, director, networking services, HCL Comnet: “With increasing computerization in the Indian industry, there was always a need for a connectivity solution that was reliable and quick to implement. Till a few years back, organizations had no other option but to set up their own private networks which involved huge costs and months of implementation time. VPN, on the other hand, offers a cost-effective, reliable and quick to deploy solution.” A VPN deployment hence has a strong business point.

Take Cox & Kings, one of the world’s largest tours and travel agency, as an example. It recently rolled out a VPN implementation in India. Since the company’s offices are spread across the world, the need to communicate with its agents and franchisees assumed paramount importance. Says Amol Raut, financial controller at Cox & Kings: “We deployed VPN primarily to integrate our geographically spread out front-office staff, our franchisees and travel agents with our back-end applications. The VPN deployment has also enabled online, real-time access to our reservation, billing and accounting servers.

And, in terms of RoI, I would say the benefits that a VPN brings are the real deliverables. Like, for instance, post-VPN, we have better control over our clients and faster decision-making capabilities, which has enhanced our gamut of operations.”

For Cox & Kings, it is purely a necessity and hence VPN became a key communication infrastructure. This clearly demonstrates how critical VPN has become for business in the last two years. If your enterprise footprints are more spread across, then a VPN deployment becomes a strategic business initiative. Take the case of Aramex, the country’s leading logistics company that has a hub and spoke type of network. The VPN is used between its main hubs across the country.

According to Roy Louis, country manager, IT, Aramex: “With the VPN in place, we are able to monitor, measure and manage our business proactively. Being in the logistics business, this gives us a definite edge, as commuting staff has round-the-clock access to our information database for details like shipment tracking, accounting and other applications.”

All IT implementations are called change and business enablers. They are rightly called so because over a period of time, the technology implemented acts a catalyst for business benefits. Today, enterprises need multiple technologies and solutions to move forward in the value chain. And integrating different technologies for optimal performance is the ultimate goal of any CIO. This is what Amtrex Hitachi has achieved. According to the company’s IT head, V Suri: “By deploying our ERP on a VPN, one of the key benefits we have gained is that we know exactly how our products are moving in the market and, moreover, managing our online stock has become very easy. Overall, the VPN implementation streamlined our production processes and enabled us to serve our customers better.”

Deploying a secure VPN



It is true that from preconceived security notions, today VPNs have come a long way. “The misapprehensions regarding security when transmitting data over VPNs are fast disappearing. Concepts like IP Security (IP Sec) and Data Encryption Standards (DES) have made the transmission of data over a VPN totally secure,” says Rahul Swarup, president, enterprise solutions,

Sify.

With the comfort level on using VPN on the rise, one is seeing a reversal of the earlier trend. When VPNs appeared on the IT horizon in the mid-90s, many dismissed the thought of running data on a shared public network. But today many CIOs who had put in place a VPN assert that security is the key factor while going in for a VPN deployment. The likelihood of enterprise data being poached by unauthorized users is quite a practical threat.

If you are a CIO of an enterprise and planning to roll out a VPN initiative, you need to factor in key security techniques such as encryption, encapsulation, tunneling and authentication. All of these enable multiple layers of security. Encryption and encapsulation bring network integrity by scrambling and unscrambling the data transmitted over the network. Hence, they offer a safe passage and access of data between various locations. What makes encryption and encapsulation more secure is the application of network tunneling techniques like IP Sec and Layer 2 Tunneling Protocol (L2TP). The VPN tunnel receives the encrypted data from the outgoing VPN gateway and routes it to the recipient. Authentication, meanwhile, enables only legal users to log into the network. Since VPN rides on an IP network, it offers greatest scope for various security protocols to be implemented. Moreover, a good VPN deployment must provide for multiple levels of authentication and should enable conditional access. For instance, as per the user hierarchy, the data has to be accessed and shared. 

Given the security implications, the CIO should look at the capabilities of the VPN service provider to offer these security features and adopt proven encryption technologies like DES and Triple DES, which encrypt data multiple times. Putting in place these encryption standards will create a dynamic and secure VPN that is very difficult to trespass. As there are multiple security technologies at play in a VPN deployment, it is advisable for the enterprise to chose the vendor offering managed VPN services. Reflecting on this, Rustom Irani, CTO, Sify, says: “Enterprises need a VPN that is secure, reliable and one that offers good quality of service (QoS) and manageability of mission-critical solutions. Given the complexities involved, it is advisable that enterprises entrust VPN deployment to a managed service provider.”

The RoI factor



Having finalized on a secure VPN architecture and selected the right vendor, an enterprise can see considerable cost benefits in less than 18 months of running the VPN network. The majority of the cost savings accrue because a VPN uses the Internet.

Says Chakraborty: “VPNs offer cost-effective remote access and WAN solutions. As compared to a private line, it involves a lower initial capital investment and considerably reduced monthly operational costs.”

The biggest RoI, however, is the network empowerment a VPN brings with it. In the last two years with the adoption of VPNs on the rise, one is seeing some defined cost benefits. For instance, a Granter survey on VPNs states that almost 90% of the companies surveyed in the US reported cost savings from switching to a VPN solution. The companies surveyed reported 54% RoI on their VPN deployment over a period of 18 months. In terms of total cost of ownership (TCO), an enterprise will derive substantial savings out of VPN connectivity equipment like routers that are cheaper, and major cost savings can be derived from the elimination of long distance calls.

A study conducted by Sify in India compared the TCO for private line network with that of a VPN. The study revealed cost savings of up to 45% out of VPN deployments for WAN. 

Moving forward



Like any evolving technology, VPNs get better by the day. The latest trend to hit the VPN zone is multi-protocol label switching (MPLS). Companies like Sify have already started offering MPLS-based VPN. While VPN based on standards like IP Sec and L2TP creates secured circuits over the Internet, MPLS creates network circuits in the service provider’s network. Also, MPLS does not rely on encryption and encapsulation for security, rather it uses multiple packets to create a secured network.

In a traditional IP Sec VPN, the client-end is called the customer premise equipment (CPE), which is accessed by all site and remote users. In the case of a VPN-based on MPLS, the client-end is called customer edge (CE) router. This connects with the service provider’s network, which is called providers edge (PE). The biggest advantage of an MPLS VPN is its ability to classify and prioritize data into high, medium and low. And here the VPN uses a protocol called resource reservation setup protocol (RSVP), which allocates application-wise bandwidth. Hence, in a MPLS VPN, both security and QoS are taken to new levels. Despite MPLS, at the moment the market is predominantly for IP Sec VPNs. Hence, enterprises should take an informed decision and chose the right VPN, based on the number of locations, users and kind of applications it runs. With MPLS still an emerging frontier, a clear roadmap is yet to emerge.

As enterprise connectivity becomes a critical IT infrastructure backbone, VPNs assume great significance for any organization looking for low cost internetworking. As Sify’s Swarup puts it: “Today enterprises are using VPNs to carry out mission-critical applications like ERP and CRM, among others. This clearly demonstrates that VPNs have come of age.

Moreover, established players are offering defined QoS. In a nutshell, VPNs have emerged from a networking concept into an enterprise-class networking solution.”

SHRIKANTH G in Chennai

The Nuts and Bolts

Vendors have their varying styles of VPN deployment. For instance, Comsat Max rolls out a VPN deployment through the following steps:

Need analysis and design: The customer application profile is studied including the number of users, the response time required, the hours of usage, criticality of location etc. Based on the study, a network diagram is presented to the user organization for approval.

Installation: Once the customer approval is obtained, Comsat Max undertakes the supply of the various hardware (routers, modems, etc), then it liaisons with various basic service providers

(BSP) for connectivity of the customer’s office to the Comsat Max point of presence (POP), procures the required connectivity (dedicated line, ISDN dial-up, etc) from the BSP on behalf of the customer, and finally, it installs the network.Energize and acceptance: The network is then energized and customer applications are tested for response and user comfort. The back-up plans are tested and with customer acceptance, the network handed over. These processes usually take about six to 12 weeks.

Monitoring and management: Once the network is activated, the same is monitored on a 24x7 basis with auto escalations and quick resolutions.

Review and change management: The network is reviewed once a quarter and suitable modifications, if required, are carried out with the client’s consent.

Riding on VPN Power

Name of the enterprise: Whirlpool of India

Nature of business: A multinational company operating in India for the past six years. Whirlpool is one of the leading brands in home appliances worldwide. Its operations are spread over 40 locations with over 4,000 dealers and service centers in India.

Drivers for VPN deployment: The company was looking for a WAN solution to connect over 40 locations in India. The primary objective was to enable robust, reliable and secure data transfer among the locations in order to derive the maximum benefits from its SAP implementation. In addition, the company has plans to implement messaging and a call center to facilitate speedy intra-office communications. The available options are to either to expand its existing but small VSAT network, or to set up a private network using point-to-point terrestrial links. Both called for considerable upfront investment. Hence, it took the plunge for a setting up a

VPN.

RoI and other benefits: The company chose a VPN solution from Sify over a satellite-based VSAT network and point-to-point networks. This resulted in 30% cost savings. The VPN deployment also offered high levels of reliability and uptimes for SAP, messaging and call center applications, with uninterrupted service. The VPN deployment has given a high degree of flexibility and scalability to Whirlpool’s operations in India. For instance, it is planning to expand its VPN network to accommodate applications like voice over IP, videoconferencing and a HR information system. The VPN network infrastructure at Whirlpool has expanded the company’s reach to its network, dealers and service centers across the country.