March 2003

Making Business Realities Work For You

Part III: Eliminating The Barriers Between Networks

BY TONY RYBCZYNSKI

Business Reality: The map of business geography is more virtual than real.

When it comes to using network services, why should we be restricted by physical location? Or network segments? Shouldn�t we be able to use all the resources provided by the network, wherever we are, unfettered by architectural delineations?

Imagine the productivity gains if employees could use their laptops, desktop PCs, or PDAs as data devices, telephones, and video-conferencing terminals -- anywhere and anytime. Imagine easy, secure information flow among customers, partners, suppliers, and employees. Imagine offering a communication experience that is consistent whether users are in the office or away... on the local-area network or wide-area network... on wireless or wireline connections... using voice or data communications.

This model of enterprise connectivity is rapidly becoming a competitive imperative. With distributed project teams, team members might be across the hall, across town, or across the ocean. Any local business can become a global presence, and any global corporation can provide highly localized service.

Now that customers, suppliers, partners, and employees are globally mobile, enterprises require secure connectivity to the right resources for anywhere-anytime access. Enterprise communications must mirror enterprise functional requirements, and those requirements are rapidly changing. This reality calls for a network infrastructure that makes physical boundaries -- and network boundaries -- irrelevant or invisible.

The new enterprise model calls for convergence -- not just convergence of voice and data but also eliminating the barriers that constrain services to certain delivery devices, access media, locations, or protocols.

Technology Response #1: Eliminate the boundaries between private and public networks.

The Internet is already making this part of the communications vision a reality. The Internet is an important channel between enterprises and their customers, and a cost-effective way to bring employees, partners, and remote sites into the enterprise network -- for ongoing or on-demand communications. It supports data, voice, and video streaming. It reaches just about everywhere; it�s open, and it blurs the lines where private networks end and public networks start.

Forward-thinking enterprises have been quick to adopt virtual private networks (VPNs), which use the Internet to extend secure connectivity to remote offices, branches, telecommuters, and mobile workers. VPNs use �tunnels� -- secure channels created with encryption -- to securely send data between networks or nodes, even across the public Internet, at far less cost than dial-up and frame relay services. The advantages are obvious:

� Why pay an average of $1,500 per user per year for modem banks to give remote access to dial-in users? With remote access VPNs, CIOs can slash $1,000 off that per-user price tag while giving users a broader range of the latest access technologies, such as cable modems, digital subscriber line, next generation public wireless services, and wireless LANs.

� Businesses enjoy secure connectivity with business partners far beyond the reach of their private network, using extranet VPNs. Imagine the level of efficiency and customer service you can achieve by linking the entire supply chain -- manufacturing, distribution, resellers, retailers, and consumers -- without the expense of dedicated, leased lines.

� Why not use the Internet or public data networks to connect business sites, such as branch offices? With intranet VPNs, authorized users gain the performance of a private network without the capital and operating costs or the limitations of private networks or leased lines.

� But should enterprises trust confidential and critical internal communications to the �Wild West� Internet? Within certain caveats and configurations, the answer is a resounding yes.

All three types of VPNs can use the IPSec security protocol to authenticate users and encrypt voice and data traffic to prevent eavesdropping. IPSec refers to a suite of IETF security protocols that protect Internet communications through encryption, authentication, confidentiality, data integrity, anti-replay protection, and protection against traffic flow analysis.

IPSec operates at the network layer, is application-agnostic, and uses client software on the user�s PC to provide user-side access. An IPSec-based VPN can be built and managed privately by the enterprise, or procured as a managed service from a network service provider. Either way, IPSec-based VPNs give the enterprise end-to-end control over their secure network environment.

Another VPN security alternative is Secure Socket Layer (SSL), which has been long used to for secure consumer transactions in the Internet. Originally developed by Netscape Communications Corporation, SSL is built into most browsers and Web servers to provide data encryption, server authentication, message integrity, and optional client authentication. It is now being also used for remote access and extranet VPNs.

Because no client software is required, users can access Web-enabled applications from anywhere. This avoids the problem of loading client software on PCs that don�t belong to the company, and makes SSL a complementary solution to IPSec VPNs for certain extranet applications.

However, Web browsers are a favorite target of hackers, so SSL VPNs are inherently less secure. The risk is low when using office PCs and laptops equipped with personal firewalls and intrusion detection systems. However, the risk is much greater when using public access devices, such as PCs in kiosks, airports, and libraries.

Another consideration is that SSL-based VPNs operate at the session layer and require a front-end for each application. For instance, if an enterprise wants to use an SSL VPN to access a legacy supply chain management application, then the application must have either an HTML/SSL front end or an external, application-specific gateway. Every application will require its own front end, which in many cases has to be custom-developed. However, by putting a Web front-end on a networked application, secure access to the application can be made through SSL from any Web-enabled device, anywhere, without requiring client software.

In short, with the right VPN security protocols in place, enterprises can confidently exploit the Internet to eliminate the boundaries between private and public networks.


Technology Response #2: Eliminate the boundaries between devices and applications.

When you�re at your desk, you can have a range of communications options at your disposal -- voice and data, wireless and wireline, on your desk, in your briefcase, in your hand, clipped to your belt. But traditionally, the networks behind those devices and services have been worlds apart -- all of them communicating with you but not communicating with each other.

The typical enterprise employee relies on multiple devices -- desktop phones and PCs, laptops, handheld computers, PDAs, pagers, and cell phones -- with multiple mailboxes and multiple addresses. That�s fine and well when you�re sitting at your desk, but your communications effectiveness drops dramatically as soon as you step away from your desk. You�ll have to manage multiple discrete services from a distance (if you can access them at all), check multiple voice and e-mail message services, and endure convoluted access procedures and limited bandwidth.

Here�s where �presence management� comes in. Presence management empowers the Web to not just extend the reach of networks, but to blur the lines between network media, services, and applications. This breakthrough innovation is made possible by SIP (Session Initiation Protocol), a family of peer signaling protocols that enables a new array of services based on name rather than physical location. Personalized communications capabilities can follow users wherever they go, and put them in control over preferred access device, communication richness, and accessibility.

For example, SIP can support �click to call� buttons on Web pages. The user�s device can be a Web browser, PC or PDA application, IP-phone, or all of the above. Phone calls can terminate on phone numbers, e-mail addresses, or URLs. A person can make a multimedia call as simply as a voice call. Unified messaging systems combine voice, fax, and e-mail into one common mailbox that can be accessed from local or remote locations. Across all those Web-based media and address types, SIP extends information about the device being used and the willingness of the participant to have his/her presence known.

SIP doesn�t dictate the characteristics of the media being carried, nor does it require its own addressing scheme. That means it can be flexibly, quickly, and cost-effectively integrated into a Web-based communications environment.

Where will you go when the barriers come down?

Together, secure VPN and presence management technologies address the needs of an increasingly distributed workforce, as offices become more a conceptual rather than physical place. The office might be a customer drop-in center one day, an airplane seat or hotel business center the next, and a home office the next day.

The new enterprise communications model reflects that reality. Seamless flow of network services fosters collaboration among cross-functional and internal-external teams. �Follow-me� services enable employees to remain fully productive wherever they are located. Multimedia collaboration and audio and visual streaming over IP networks deliver powerful applications across the distributed enterprise.

Want to share a virtual tour of an architectural model with remote executives? Or show a real-time video of the latest product designs to remote team members? Or provide live training demos for distributed employees? Multimedia collaboration makes all these applications as easy as placing a voice call.

The new network engages employees with compelling new services, such as:

� Fully featured telephony and data applications in users� briefcases or home offices;

� High-value multimedia applications and end-user productivity tools;

� Enhanced collaboration across distributed virtual teams;

� Control of accessibility over phones, pagers, PDAs, PCs, and more; and

� Connectivity by name or function rather than address.

Web-based, SIP-empowered, multimedia capabilities and VPNs remove the barriers of distance and location to deliver new ways to drive communications -- and in turn, new ways to conduct business. The supporting technology is here; all you have to do is take advantage.

Tony Rybczynski is director of strategic enterprise technologies for Nortel Networks with 30 years experience in networking. For more information, visit the company�s Web site at www.nortelnetworks.com.

[ Return To The March 2003 Table Of Contents ]