Advertisment

Value-added Networks

author-image
DQI Bureau
New Update

Although Virtual Private Networks (VPN) have been around in

Indian enterprises for some years now, the multi-protocol label switching based

VPN (MPLS-VPN) is the flavor of the industry.

Advertisment

As more and more enterprises deploy IT solutions to manage

their businesses, connectivity and value-added services have become critical.

Today enterprises are deploying and relying on VPN for running business

applications-as against being used as back-up media-non mission critical

applications like email etc. Moreover, customers are investing in Intranet VPN

solutions which are hardware based or are modules on the networking gear so that

their existing infrastructure is not overloaded doing the VPN functionality

which is now getting added to the network.

IPSec

IPSec protocol, a suite of

IETF open standards, provides the framework for CPE-based Layer 3 VPNs. To

protect data as it travels across a public or a closed IP network, IPSec

supports a combination of the following network security functions:

  • Data confidentiality:

    Encrypts packets before transmission

  • Data integrity:

    Authenticates packets to help ensure that the data has not been

    altered during transmission

  • Data origin

    authentication:
    Authenticates the source of received packets, in

    conjunction with data integrity service

  • Antireplay:

    Detects aged or duplicate packets, rejecting them to avoid replay

    attacks

The IPSec standard also

defines several new packet formats, such as encapsulating security payload

(ESP), for confidentiality. ESP supports any type of symmetric encryption,

including standard 56-bit Data Encryption Standard (DES), the more secure

Triple DES (3DES), and the emerging Advanced Encryption Standard (AES).

IPSec parameters are communicated and negotiated between network devices

in accordance with the Internet Key Exchange (IKE) protocol.

There are two types of VPN:

Advertisment
  • Site to Site: Brach office connecting to corporate

    office.

  • Client to Site: Remote user from home/hotel connecting to

    corporate office.

Many Indian enterprises use site to site, some use the client

to site, the numbers are however increasing.

According to Jagdish Mahapatra, principal consultant Cisco

Systems, India & SAARC, various flavors of VPN are expected to be available

for commercial deployment in the coming months. SSL VPN is one of these

technologies — and it is believed that it will take up a fair share of the

market. However, technologies such as MPLS-based VPNs — which deliver truly

secure, peer-to-peer networking — are seen as those striking the chord with

the customers.

Advertisment

Be it manufacturing, pharmaceutical, banking or PSUs, MPLS

clearly seems to be the way ahead for all.

The revenues from Internet Protocol (IP) virtual private

network (VPN) services are likely to cross Rs 1,100 crore by 2008 from Rs 230

crore in 2003, according to IDC India. The Indian IP VPN industry is expected to

grow at a compounded annual growth rate (CAGR) of 38 per cent over the next 5

years. According to an IDC study, some of the major accelerators in the industry

are the small and medium enterprises (SMEs) that have started adopting IP-based

VPN services.

VPN Network from a Business Standpoint



"From a business perspective, Virtual Private Network would allow for a

dedicated and secured network connectivity access for our parent organisation,

National Stock Exchange of India Limited," says C. Kajwadkar, vice

president, NSE.IT Limited. These include trading members and other market

intermediaries for online trading, clearing and settlement. Ashish Dandekar,

senior manager, NSE.IT said "for internal users and business executives on

the move, VPN would allow secured access to critical corporate network resources

like e-mail & intranet."

Advertisment

Industry verticals that are more in tun with technology

advancements in VPN are the ITS and BFSI verticals followed by manufacturing.

ICICI Bank, NSE.IT, Pfizer and many more are actively evaluating MPLS VPN

networks.

S.Anantha Sayana, general manager, L&T CIO's Office,

Larsen & Toubro Infotech Limited says, "Low cost connectivity solutions

with medium risks, is one key value that VPN brings to the business." He

added that VPNs are now moving in the direction of better QoS and predictable

performance.

Technology Direction and Security



Technological advancement and efficient use of resources is driving Service

providers to deploy newer technologies such as Multi Protocol Label switching (MPLS)

based VPN. Erstwhile technologies such as Frame Relay did not support IP

Multicast Video and Network Security. Traditional leased lines are being

migrated to broadband on MPLS technology primarily due to cost effective MPLS

links.

Advertisment

Ajay Kumar, country manager - India, of Aventail Corporation,

that offers VPN solutions, says that they use SSL as the technology to offer

"client to site" and "site to client" VPN.

There are various kinds of VPN solutions (MPLS, IPSec, and

SSL) on offer, depending on the needs of the enterprises.

MPLS-based VPNs are usually offered by the service provider

as managed service, and originates and terminates in the service provider's

MPLS-enabled IP network. IPSec and SSL VPNs, in contrast, are typically managed

by the enterprise, and originate and terminate at the CPE. Mahapatra says,

"IPSec- and SSL-based VPNs are also available as managed services from

certain service providers internationally."

Advertisment
Outsourcing

VPN Services

Outsourcing VPN service

management provides benefits such as:

  • Free resources to

    focus on strategic IT initiatives:
    By working with a service

    provider for managed IP VPN services, IT managers can delegate the

    routine tasks.

  • Reduce costs:

    Gartner Dataquest reports that large enterprises in the US that

    out-task network management to service providers cut their network

    costs by as much as 25 percent, whereas small US businesses can

    experience up to 15 percent cost reductions.

  • Manage costs:

    Companies that out-task network management not only reduce their

    costs, they also make recurring costs more predictable by shifting

    from a variable to a fixed-cost model. Businesses that out-task know

    their monthly costs in advance, as compared to businesses that need to

    find the budget for unexpected expenses related to network upgrades,

    outages, equipment malfunction, and technical training.

  • Gain expertise and

    support not available in house:
    IT managers can obtain networking

    skills not always available internally within the enterprise. The

    value of this benefit increases as companies deploy more networked

    applications and add more users and as network management becomes more

    complex. Service providers have the resources to offer 24-hour

    round-the-clock monitoring, management, and support-capabilities

MPLS



MPLS blends the intelligence of routing with the performance of switching,

providing significant benefits to service providers with existing native IP

architectures, existing native IP plus ATM architectures, or a mixture of other

Layer 2 technologies.

MPLS-based Layer 3 VPNs conform to a peer-to-peer model that

uses Border Gateway Protocol (BGP) to distribute VPN-related information.

Advertisment

BGP distributes route information across the provider's

backbone network so that the provider participates in and manages customer

routing information. A primary advantage of MPLS is that it provides the

scalability to support both small and very large-scale VPN deployments: up to

tens of thousands of VPNs on the same network core. In addition to scalability,

its benefits include end-to-end QoS, rapid fault correction of link and node

failure, bandwidth protection, and a foundation for deploying additional

value-added services.

Why CIOs Feel MPLS is a Good Choice

  • Security needs are met by traffic separation similar to that

    of Frame Relay or ATM.

  • Traffic patterns are suited for a partial or full mesh

    topology.

  • The enterprise plans to converge its data, video, and

    voice traffic onto a single network, and therefore must ensure that

    delay-sensitive traffic, such as voice, video, or mission-critical data,

    receives the necessary QoS.

  • Implementation is very large or growing.

  • Enterprise wants to deploy multicast applications.

  • The enterprise wants to deploy additional value-added

    applications, such as multimedia conferencing, e-collaboration, or

    business-process applications such as order fulfillment, enterprise resource

    planning (ERP), or customer relationship management (CRM).

  • The enterprise wants to outsource its WAN.

On the Flip Side



S. Anantha Sayna points out that they have implemented both the IP based and

MPLS based VPNs. He says, "In the case of IP based VPNs, the challenge is

still to assure throughput. MPLS VPN implementation was a greenfield

implementation so we had to contest issues like throughput, latency, security as

well as Voice quality for voice channels."

Dandekar says that since the VPN traffic uses the public

backbone including Internet, it is prone to vulnerabilities and security

threats. It is therefore essential to use tunneling technology along with

encryption to ensure security of data transmission & reception. Internet

Engineering Task Force (IETF) has specified use of minimum 128 bit encryption to

ensure data security.

Minu Sirsalewala

Advertisment