March 2003
Making Business Realities Work For You
Part III: Eliminating The Barriers Between Networks
BY TONY RYBCZYNSKI
Business Reality: The map of business geography is more virtual than
real.
When it comes to using network services, why should we be restricted by
physical location? Or network segments? Shouldn�t we be able to use all the
resources provided by the network, wherever we are, unfettered by
architectural delineations?
Imagine the productivity gains if employees could use their laptops,
desktop PCs, or PDAs as data devices, telephones, and video-conferencing
terminals -- anywhere and anytime. Imagine easy, secure information flow
among customers, partners, suppliers, and employees. Imagine offering a
communication experience that is consistent whether users are in the office
or away... on the local-area network or wide-area network... on wireless or
wireline connections... using voice or data communications.
This model of enterprise connectivity is rapidly becoming a competitive
imperative. With distributed project teams, team members might be across the
hall, across town, or across the ocean. Any local business can become a
global presence, and any global corporation can provide highly localized
service.
Now that customers, suppliers, partners, and employees are globally
mobile, enterprises require secure connectivity to the right resources for
anywhere-anytime access. Enterprise communications must mirror enterprise
functional requirements, and those requirements are rapidly changing. This
reality calls for a network infrastructure that makes physical boundaries --
and network boundaries -- irrelevant or invisible.
The new enterprise model calls for convergence -- not just convergence of
voice and data but also eliminating the barriers that constrain services to
certain delivery devices, access media, locations, or protocols.
Technology Response #1: Eliminate the boundaries between private and
public networks.
The Internet is already making this part of the communications vision a
reality. The Internet is an important channel between enterprises and their
customers, and a cost-effective way to bring employees, partners, and remote
sites into the enterprise network -- for ongoing or on-demand
communications. It supports data, voice, and video streaming. It reaches
just about everywhere; it�s open, and it blurs the lines where private
networks end and public networks start.
Forward-thinking enterprises have been quick to adopt virtual private
networks (VPNs), which use the Internet to extend secure connectivity to
remote offices, branches, telecommuters, and mobile workers. VPNs use
�tunnels� -- secure channels created with encryption -- to securely send
data between networks or nodes, even across the public Internet, at far less
cost than dial-up and frame relay services. The advantages are obvious:
� Why pay an average of $1,500 per user per year for modem banks to give
remote access to dial-in users? With remote access VPNs, CIOs can slash
$1,000 off that per-user price tag while giving users a broader range of the
latest access technologies, such as cable modems, digital subscriber line,
next generation public wireless services, and wireless LANs.
� Businesses enjoy secure connectivity with business partners far beyond
the reach of their private network, using extranet VPNs. Imagine the level
of efficiency and customer service you can achieve by linking the entire
supply chain -- manufacturing, distribution, resellers, retailers, and
consumers -- without the expense of dedicated, leased lines.
� Why not use the Internet or public data networks to connect business
sites, such as branch offices? With intranet VPNs, authorized users gain the
performance of a private network without the capital and operating costs or
the limitations of private networks or leased lines.
� But should enterprises trust confidential and critical internal
communications to the �Wild West� Internet? Within certain caveats and
configurations, the answer is a resounding yes.
All three types of VPNs can use the IPSec security protocol to authenticate
users and encrypt voice and data traffic to prevent eavesdropping. IPSec
refers to a suite of IETF security protocols that protect Internet
communications through encryption, authentication, confidentiality, data
integrity, anti-replay protection, and protection against traffic flow
analysis.
IPSec operates at the network layer, is application-agnostic, and uses
client software on the user�s PC to provide user-side access. An IPSec-based
VPN can be built and managed privately by the enterprise, or procured as a
managed service from a network service provider. Either way, IPSec-based
VPNs give the enterprise end-to-end control over their secure network
environment.
Another VPN security alternative is Secure Socket Layer (SSL), which has
been long used to for secure consumer transactions in the Internet.
Originally developed by Netscape Communications Corporation, SSL is built
into most browsers and Web servers to provide data encryption, server
authentication, message integrity, and optional client authentication. It is
now being also used for remote access and extranet VPNs.
Because no client software is required, users can access Web-enabled
applications from anywhere. This avoids the problem of loading client
software on PCs that don�t belong to the company, and makes SSL a
complementary solution to IPSec VPNs for certain extranet applications.
However, Web browsers are a favorite target of hackers, so SSL VPNs are
inherently less secure. The risk is low when using office PCs and laptops
equipped with personal firewalls and intrusion detection systems. However,
the risk is much greater when using public access devices, such as PCs in
kiosks, airports, and libraries.
Another consideration is that SSL-based VPNs operate at the session layer
and require a front-end for each application. For instance, if an enterprise
wants to use an SSL VPN to access a legacy supply chain management
application, then the application must have either an HTML/SSL front end or
an external, application-specific gateway. Every application will require
its own front end, which in many cases has to be custom-developed. However,
by putting a Web front-end on a networked application, secure access to the
application can be made through SSL from any Web-enabled device, anywhere,
without requiring client software.
In short, with the right VPN security protocols in place, enterprises can
confidently exploit the Internet to eliminate the boundaries between private
and public networks.
Technology Response #2: Eliminate the boundaries between devices and
applications.
When you�re at your desk, you can have a range of communications options at
your disposal -- voice and data, wireless and wireline, on your desk, in
your briefcase, in your hand, clipped to your belt. But traditionally, the
networks behind those devices and services have been worlds apart -- all of
them communicating with you but not communicating with each other.
The typical enterprise employee relies on multiple devices -- desktop
phones and PCs, laptops, handheld computers, PDAs, pagers, and cell phones
-- with multiple mailboxes and multiple addresses. That�s fine and well when
you�re sitting at your desk, but your communications effectiveness drops
dramatically as soon as you step away from your desk. You�ll have to manage
multiple discrete services from a distance (if you can access them at all),
check multiple voice and e-mail message services, and endure convoluted
access procedures and limited bandwidth.
Here�s where �presence management� comes in. Presence management empowers
the Web to not just extend the reach of networks, but to blur the lines
between network media, services, and applications. This breakthrough
innovation is made possible by SIP (Session Initiation Protocol), a family
of peer signaling protocols that enables a new array of services based on
name rather than physical location. Personalized communications capabilities
can follow users wherever they go, and put them in control over preferred
access device, communication richness, and accessibility.
For example, SIP can support �click to call� buttons on Web pages. The
user�s device can be a Web browser, PC or PDA application, IP-phone, or all
of the above. Phone calls can terminate on phone numbers, e-mail addresses,
or URLs. A person can make a multimedia call as simply as a voice call.
Unified messaging systems combine voice, fax, and e-mail into one common
mailbox that can be accessed from local or remote locations. Across all
those Web-based media and address types, SIP extends information about the
device being used and the willingness of the participant to have his/her
presence known.
SIP doesn�t dictate the characteristics of the media being carried, nor
does it require its own addressing scheme. That means it can be flexibly,
quickly, and cost-effectively integrated into a Web-based communications
environment.
Where will you go when the barriers come down?
Together, secure VPN and presence management technologies address the
needs of an increasingly distributed workforce, as offices become more a
conceptual rather than physical place. The office might be a customer
drop-in center one day, an airplane seat or hotel business center the next,
and a home office the next day.
The new enterprise communications model reflects that reality. Seamless
flow of network services fosters collaboration among cross-functional and
internal-external teams. �Follow-me� services enable employees to remain
fully productive wherever they are located. Multimedia collaboration and
audio and visual streaming over IP networks deliver powerful applications
across the distributed enterprise.
Want to share a virtual tour of an architectural model with remote
executives? Or show a real-time video of the latest product designs to
remote team members? Or provide live training demos for distributed
employees? Multimedia collaboration makes all these applications as easy as
placing a voice call.
The new network engages employees with compelling new services, such as:
� Fully featured telephony and data applications in users� briefcases or
home offices;
� High-value multimedia applications and end-user productivity tools;
� Enhanced collaboration across distributed virtual teams;
� Control of accessibility over phones, pagers, PDAs, PCs, and more; and
� Connectivity by name or function rather than address.
Web-based, SIP-empowered, multimedia capabilities and VPNs remove the
barriers of distance and location to deliver new ways to drive
communications -- and in turn, new ways to conduct business. The supporting
technology is here; all you have to do is take advantage.
Tony Rybczynski is director of strategic enterprise technologies for
Nortel Networks with 30 years experience in networking. For more
information, visit the company�s Web site at
www.nortelnetworks.com.
[ Return
To The March 2003 Table Of Contents ]
|