Virtual Private Networks: The Delivery
Vehicle For ASP Solutions BY SCOTT R. CASSELL
Enterprises have long expressed reluctance to outsource their own IT
efforts, believing that they alone could create competitive advantages
over rivals by managing their own IT initiatives. Many now recognize,
however, that to be successful they must focus on their core competencies
and consider outsourcing peripheral functions. For those companies that
embrace this outsource model, Application Service Providers (ASPs) offer a
strong value proposition for hosting enterprise applications.
Accompanying this migration to outsourcing applications are numerous
market dynamics that are transforming the way businesses operate. Most
significantly, enterprises require a dependable access methodology that
ensures their end users, regardless of location, can securely reach hosted applications.
Consequently, an increasingly critical component of ASP
solutions extends beyond the walls of the data center.
Virtual Private Networks (VPNs) are emerging as the delivery vehicles
of choice for this type of connectivity. Not all VPNs are the same, so
ASPs must use strict criteria when they evaluate VPN service providers,
such as solution architecture, availability, performance and security,
service activation, and VPN management capabilities.
Embrace Next-Generation Technology
The underlying architecture of a VPN is paramount. The service provider
you choose should utilize next-generation, network-based VPN technology.
Unlike classic Customer Premise Equipment (CPE) implementations,
network-based solutions place VPN infrastructure within the service
provider's network. The network becomes the VPN. Customers simply need to
connect, and the service provider will apply the routing and security to
enable effective communication. No special CPE is required.
This technology provides a number of benefits to ASPs and their
customers alike. First, it offers a natural any-to-any networking
environment. It also produces significant scalability advantages over
other solutions. Next, a network VPN carrier-class architecture introduces
far superior redundancy than less mature CPE implementations. Finally, it
enables network-based termination of remote access sessions. This results
in reduced latency and better bandwidth utilization when embracing a
distributed computing scheme.
Demand Access Diversity
ASPs should identify a service provider that offers flexible VPN access
options to enterprises. These VPNs should aggregate a variety of access
methodologies, including traditional private line, ATM, and frame relay.
Further, they should seamlessly integrate public Internet and private
network remote access alternatives, including dial-up, DSL, cable, and
ISDN. In addition to types of connectivity, ASPs should examine
prospective service providers' coverage areas. They should then partner
with a company that will be able to respond to the robust demands of a
differentiated client base. It is highly unlikely that a regional ISP will
have this capability. Rather, ASPs should partner with a respected
Application Infrastructure Provider (AIP). An AIP is a hosting provider
that offers a full set of infrastructure services for ASPs. This
organization should have a large-scale domestic network backbone as well
as broad international reach. If a global network is not available, the
service provider should have a number of access options that enable global
private network access.
Performance And Security Are Essential
ASPs are required to ensure the performance and security of the
applications they deliver. Most network providers will offer some type of
service guarantee, but few have a network designed to consistently deliver
results. ASPs should look to an AIP with excessive bandwidth and an
underlying switching fabric that is built to perform. This capacity should
then be augmented with customer-controlled traffic shaping and policing
functionality so users can prioritize their traffic as necessary.
Additionally, they should be equipped with numerous security options to
protect sensitive information. These should include authentication and
encryption standards delivered via Internet Protocol Security (IPSec),
firewall packet inspection with network-based Denial of Service (DoS)
protection, intrusion detection services, and comprehensive vulnerability
assessments.
Effortless Service Activation Is Key
Neither enterprises nor ASPs can afford to suffer the financial or
competitive impact incurred from delays associated with inefficient
service delivery. The key to thwarting these delays is identifying a
service provider equipped to bring value to the deployment equation. ASPs
can ascertain which service providers are up to this challenge by
examining their abilities in a few key areas.
Once again, the underlying architecture is paramount. Service providers
that embrace next-generation, network-based VPN technology are going to
have a monumental advantage over their competitors. In traditional frame
relay environments, service providers must worry about constructing
required Permanent Virtual Circuits (PVCs) to connect various sites within
their customers' networks. In contrast, the inherently fully meshed
architecture of network VPN solutions doesn't require PVCs. Instead of
building fixed connections, service providers merely populate route tables
and facilitate immediate service activation of any-to-any connectivity.
Classic CPE-based VPN solutions present similar implementation hurdles.
Instead of building PVCs, enterprises -- or their applicable service
providers -- must design and build complex security associations between
VPN equipment located on each site. With carrier-class VPN infrastructure
built into the network, network VPN solutions overcome this obstacle.
Another trait ASPs should look for in a service provider partner is
expert order engineering. Leading-edge technology will not be sufficient
if a Wide Area Network (WAN) has not been designed properly. While sales
reps typically have the best intentions, a service provider that
employs trained engineers in network design and security to architect
customer solutions should be engaged. As well as providing quality
assurance, leading-edge order engineering leads to substantive customer
satisfaction.
Once orders have been submitted, service providers must have the proper
back-office systems in place to fulfill requests. These "flow
through" provisioning tools ensure that conceived solutions are built
accurately and in a timely fashion -- but that is just the beginning.
Service providers that have truly mastered the art of service delivery
offer tools that empower customers beyond initial implementation
throughout the service lifecycle.
These tools offer ASPs and/or individual enterprises electronic access
to a robust product catalog. Instead of lengthy interaction with service
provider representatives, customers simply browse through service options;
identify financial implications via a pricing module; and initiate desired
moves, adds, and changes to respective networks. For added ease of use,
numerous templates should be stored that can be activated quickly, making
it possible for customers to complete design work on the fly.
Management Control
In the realm of managed services, trust extends beyond mere concerns about
a service provider's capacity to adequately deliver its service. Customers
often fear they are relinquishing control, which makes them feel
powerless. But as management guru Tom Peters stresses, "Powerlessness
is a state of mind." Basic human nature includes a hunger for
information, a way of gaining a perception of control. Therefore, service
providers must use management tools, along with customer-centric reporting
and billing approaches, to turn the trust issue into a positive
decision criterion instead of a negative one.
Service providers that can translate their networking technologies into
tools that place customers in control will thrive. While assuming the
day-to-day management burden of operating customer WANs, service providers
have the capacity to keep control in the hands of those they serve.
Through Web-based VPN management tools, service providers should enable
customers to perform tasks such as monitoring performance, examining
firewall rule sets, and modifying traffic shaping and policing policies.
Summary
A significant number of enterprises are pursuing outsourcing strategies to
focus their attention on what they do best. The ASP that is properly
equipped to meet their demands will reap the rewards. This will only be
achieved through partnering with a VPN service provider that reliably
delivers the associated networking solutions customers require.
Scott R. Cassell is a senior product manager, Qwest VPN at Qwest Communications
International Inc. Qwest is a global
provider of secure broadband Internet-based data, voice, and image
communications for businesses and consumers. |