BY SCOTT R. CASSELL

Enterprises have long expressed reluctance to outsource their own IT efforts, believing that they alone could create competitive advantages over rivals by managing their own IT initiatives. Many now recognize, however, that to be successful they must focus on their core competencies and consider outsourcing peripheral functions. For those companies that embrace this outsource model, Application Service Providers (ASPs) offer a strong value proposition for hosting enterprise applications.

Accompanying this migration to outsourcing applications are numerous market dynamics that are transforming the way businesses operate. Most significantly, enterprises require a dependable access methodology that ensures their end users, regardless of location, can securely reach hosted applications. Consequently, an increasingly critical component of ASP solutions extends beyond the walls of the data center.

Virtual Private Networks (VPNs) are emerging as the delivery vehicles of choice for this type of connectivity. Not all VPNs are the same, so ASPs must use strict criteria when they evaluate VPN service providers, such as solution architecture, availability, performance and security, service activation, and VPN management capabilities.

Embrace Next-Generation Technology
The underlying architecture of a VPN is paramount. The service provider you choose should utilize next-generation, network-based VPN technology. Unlike classic Customer Premise Equipment (CPE) implementations, network-based solutions place VPN infrastructure within the service provider's network. The network becomes the VPN. Customers simply need to connect, and the service provider will apply the routing and security to enable effective communication. No special CPE is required.

This technology provides a number of benefits to ASPs and their customers alike. First, it offers a natural any-to-any networking environment. It also produces significant scalability advantages over other solutions. Next, a network VPN carrier-class architecture introduces far superior redundancy than less mature CPE implementations. Finally, it enables network-based termination of remote access sessions. This results in reduced latency and better bandwidth utilization when embracing a distributed computing scheme.

Demand Access Diversity
ASPs should identify a service provider that offers flexible VPN access options to enterprises. These VPNs should aggregate a variety of access methodologies, including traditional private line, ATM, and frame relay. Further, they should seamlessly integrate public Internet and private network remote access alternatives, including dial-up, DSL, cable, and ISDN. In addition to types of connectivity, ASPs should examine prospective service providers' coverage areas. They should then partner with a company that will be able to respond to the robust demands of a differentiated client base. It is highly unlikely that a regional ISP will have this capability. Rather, ASPs should partner with a respected Application Infrastructure Provider (AIP). An AIP is a hosting provider that offers a full set of infrastructure services for ASPs. This organization should have a large-scale domestic network backbone as well as broad international reach. If a global network is not available, the service provider should have a number of access options that enable global private network access.

Performance And Security Are Essential
ASPs are required to ensure the performance and security of the applications they deliver. Most network providers will offer some type of service guarantee, but few have a network designed to consistently deliver results. ASPs should look to an AIP with excessive bandwidth and an underlying switching fabric that is built to perform. This capacity should then be augmented with customer-controlled traffic shaping and policing functionality so users can prioritize their traffic as necessary. Additionally, they should be equipped with numerous security options to protect sensitive information. These should include authentication and encryption standards delivered via Internet Protocol Security (IPSec), firewall packet inspection with network-based Denial of Service (DoS) protection, intrusion detection services, and comprehensive vulnerability assessments.

Effortless Service Activation Is Key
Neither enterprises nor ASPs can afford to suffer the financial or competitive impact incurred from delays associated with inefficient service delivery. The key to thwarting these delays is identifying a service provider equipped to bring value to the deployment equation. ASPs can ascertain which service providers are up to this challenge by examining their abilities in a few key areas.

Once again, the underlying architecture is paramount. Service providers that embrace next-generation, network-based VPN technology are going to have a monumental advantage over their competitors. In traditional frame relay environments, service providers must worry about constructing required Permanent Virtual Circuits (PVCs) to connect various sites within their customers' networks. In contrast, the inherently fully meshed architecture of network VPN solutions doesn't require PVCs. Instead of building fixed connections, service providers merely populate route tables and facilitate immediate service activation of any-to-any connectivity.

Classic CPE-based VPN solutions present similar implementation hurdles. Instead of building PVCs, enterprises -- or their applicable service providers -- must design and build complex security associations between VPN equipment located on each site. With carrier-class VPN infrastructure built into the network, network VPN solutions overcome this obstacle.

Another trait ASPs should look for in a service provider partner is expert order engineering. Leading-edge technology will not be sufficient if a Wide Area Network (WAN) has not been designed properly. While sales reps typically have the best intentions, a service provider that employs trained engineers in network design and security to architect customer solutions should be engaged. As well as providing quality assurance, leading-edge order engineering leads to substantive customer satisfaction.

Once orders have been submitted, service providers must have the proper back-office systems in place to fulfill requests. These "flow through" provisioning tools ensure that conceived solutions are built accurately and in a timely fashion -- but that is just the beginning. Service providers that have truly mastered the art of service delivery offer tools that empower customers beyond initial implementation throughout the service lifecycle.

These tools offer ASPs and/or individual enterprises electronic access to a robust product catalog. Instead of lengthy interaction with service provider representatives, customers simply browse through service options; identify financial implications via a pricing module; and initiate desired moves, adds, and changes to respective networks. For added ease of use, numerous templates should be stored that can be activated quickly, making it possible for customers to complete design work on the fly.

Management Control
In the realm of managed services, trust extends beyond mere concerns about a service provider's capacity to adequately deliver its service. Customers often fear they are relinquishing control, which makes them feel powerless. But as management guru Tom Peters stresses, "Powerlessness is a state of mind." Basic human nature includes a hunger for information, a way of gaining a perception of control. Therefore, service providers must use management tools, along with customer-centric reporting and billing approaches, to turn the trust issue into a positive decision criterion instead of a negative one.

Service providers that can translate their networking technologies into tools that place customers in control will thrive. While assuming the day-to-day management burden of operating customer WANs, service providers have the capacity to keep control in the hands of those they serve. Through Web-based VPN management tools, service providers should enable customers to perform tasks such as monitoring performance, examining firewall rule sets, and modifying traffic shaping and policing policies.

Summary
A significant number of enterprises are pursuing outsourcing strategies to focus their attention on what they do best. The ASP that is properly equipped to meet their demands will reap the rewards. This will only be achieved through partnering with a VPN service provider that reliably delivers the associated networking solutions customers require.

Scott R. Cassell is a senior product manager, Qwest VPN at Qwest Communications International Inc. Qwest is a global provider of secure broadband Internet-based data, voice, and image communications for businesses and consumers.