Although Virtual Private Networks (VPN) have been around in
Indian enterprises for some years now, the multi-protocol label switching based
VPN (MPLS-VPN) is the flavor of the industry.
As more and more enterprises deploy IT solutions to manage
their businesses, connectivity and value-added services have become critical.
Today enterprises are deploying and relying on VPN for running business
applications-as against being used as back-up media-non mission critical
applications like email etc. Moreover, customers are investing in Intranet VPN
solutions which are hardware based or are modules on the networking gear so that
their existing infrastructure is not overloaded doing the VPN functionality
which is now getting added to the network.
IPSec |
IPSec protocol, a suite of
The IPSec standard also |
There are two types of VPN:
-
Site to Site: Brach office connecting to corporate
office. -
Client to Site: Remote user from home/hotel connecting to
corporate office.
Many Indian enterprises use site to site, some use the client
to site, the numbers are however increasing.
According to Jagdish Mahapatra, principal consultant Cisco
Systems, India & SAARC, various flavors of VPN are expected to be available
for commercial deployment in the coming months. SSL VPN is one of these
technologies — and it is believed that it will take up a fair share of the
market. However, technologies such as MPLS-based VPNs — which deliver truly
secure, peer-to-peer networking — are seen as those striking the chord with
the customers.
Be it manufacturing, pharmaceutical, banking or PSUs, MPLS
clearly seems to be the way ahead for all.
The revenues from Internet Protocol (IP) virtual private
network (VPN) services are likely to cross Rs 1,100 crore by 2008 from Rs 230
crore in 2003, according to IDC India. The Indian IP VPN industry is expected to
grow at a compounded annual growth rate (CAGR) of 38 per cent over the next 5
years. According to an IDC study, some of the major accelerators in the industry
are the small and medium enterprises (SMEs) that have started adopting IP-based
VPN services.
VPN Network from a Business Standpoint
"From a business perspective, Virtual Private Network would allow for a
dedicated and secured network connectivity access for our parent organisation,
National Stock Exchange of India Limited," says C. Kajwadkar, vice
president, NSE.IT Limited. These include trading members and other market
intermediaries for online trading, clearing and settlement. Ashish Dandekar,
senior manager, NSE.IT said "for internal users and business executives on
the move, VPN would allow secured access to critical corporate network resources
like e-mail & intranet."
Industry verticals that are more in tun with technology
advancements in VPN are the ITS and BFSI verticals followed by manufacturing.
ICICI Bank, NSE.IT, Pfizer and many more are actively evaluating MPLS VPN
networks.
S.Anantha Sayana, general manager, L&T CIO's Office,
Larsen & Toubro Infotech Limited says, "Low cost connectivity solutions
with medium risks, is one key value that VPN brings to the business." He
added that VPNs are now moving in the direction of better QoS and predictable
performance.
Technology Direction and Security
Technological advancement and efficient use of resources is driving Service
providers to deploy newer technologies such as Multi Protocol Label switching (MPLS)
based VPN. Erstwhile technologies such as Frame Relay did not support IP
Multicast Video and Network Security. Traditional leased lines are being
migrated to broadband on MPLS technology primarily due to cost effective MPLS
links.
Ajay Kumar, country manager - India, of Aventail Corporation,
that offers VPN solutions, says that they use SSL as the technology to offer
"client to site" and "site to client" VPN.
There are various kinds of VPN solutions (MPLS, IPSec, and
SSL) on offer, depending on the needs of the enterprises.
MPLS-based VPNs are usually offered by the service provider
as managed service, and originates and terminates in the service provider's
MPLS-enabled IP network. IPSec and SSL VPNs, in contrast, are typically managed
by the enterprise, and originate and terminate at the CPE. Mahapatra says,
"IPSec- and SSL-based VPNs are also available as managed services from
certain service providers internationally."
Outsourcing VPN Services |
Outsourcing VPN service
|
MPLS
MPLS blends the intelligence of routing with the performance of switching,
providing significant benefits to service providers with existing native IP
architectures, existing native IP plus ATM architectures, or a mixture of other
Layer 2 technologies.
MPLS-based Layer 3 VPNs conform to a peer-to-peer model that
uses Border Gateway Protocol (BGP) to distribute VPN-related information.
BGP distributes route information across the provider's
backbone network so that the provider participates in and manages customer
routing information. A primary advantage of MPLS is that it provides the
scalability to support both small and very large-scale VPN deployments: up to
tens of thousands of VPNs on the same network core. In addition to scalability,
its benefits include end-to-end QoS, rapid fault correction of link and node
failure, bandwidth protection, and a foundation for deploying additional
value-added services.
Why CIOs Feel MPLS is a Good Choice
-
Security needs are met by traffic separation similar to that
of Frame Relay or ATM. -
Traffic patterns are suited for a partial or full mesh
topology. -
The enterprise plans to converge its data, video, and
voice traffic onto a single network, and therefore must ensure that
delay-sensitive traffic, such as voice, video, or mission-critical data,
receives the necessary QoS. -
Implementation is very large or growing.
-
Enterprise wants to deploy multicast applications.
-
The enterprise wants to deploy additional value-added
applications, such as multimedia conferencing, e-collaboration, or
business-process applications such as order fulfillment, enterprise resource
planning (ERP), or customer relationship management (CRM). -
The enterprise wants to outsource its WAN.
On the Flip Side
S. Anantha Sayna points out that they have implemented both the IP based and
MPLS based VPNs. He says, "In the case of IP based VPNs, the challenge is
still to assure throughput. MPLS VPN implementation was a greenfield
implementation so we had to contest issues like throughput, latency, security as
well as Voice quality for voice channels."
Dandekar says that since the VPN traffic uses the public
backbone including Internet, it is prone to vulnerabilities and security
threats. It is therefore essential to use tunneling technology along with
encryption to ensure security of data transmission & reception. Internet
Engineering Task Force (IETF) has specified use of minimum 128 bit encryption to
ensure data security.