www.aspnews.com/strategies/technologies/article.php/456281
By ASPnews.com Staff September 9, 2000 A new generation of IP service platforms is enabling ASPs to provision and manage virtual private networks (VPNs) with greater flexibility and potentially much lower cost than traditional methods. These "network-based VPNs" use Ipsec-compliant tunnels that originate and terminate on IP service platforms, located inside the provider's network. By contrast, most of today's traditional managed VPN services employ tunnels that start and end on customer premises equipment (CPE). The key difference is a new kind of central office/POP/superPOP platform that allows "soft provisioning" of virtual routers, network address translations, firewall rules, traffic shaping parameters - and virtual private networks. "Nortel, CoSine, and Spring Tide are the big three [equipment providers] in this market," said Kevin Mitchell, an Infonetics Service Provider Networks analyst. "Cisco may be looking to enter this market, but today, Redback and Cisco are both really in the broadband aggregation market, not the IP services market. But this space will only get more crowded." IP service platforms are aimed squarely at carriers and high-volume service providers such as ASPs. The lure? By eliminating customer premises equipment, you can lower cost at nearly every stage. Reduced investment in capital equipment. Fewer truck rolls to the customer site. Rapid service provisioning and simplified maintenance. A faster, more robust, more scalable engine. And the opportunity to create and sell incremental IP services that leverage a common, flexible service delivery platform. Security demand Broadslate Networks (www.broadslate.net), a startup broadband service provider that launched late last year, is offering network-based VPNs based on equipment from recent Lucent acquisition Spring Tide Networks (www.springtidenet.com). Serving small-to-medium sized business customers in the US south-east, it provides Internet access and a variety of vertical services - web/email, VPN, firewall - over broadband. "We expect to partner with ASPs that can provide backoffice application services over our broadband pipes," said senior VP Bud Zirkle. "One concern that business customers have when putting backoffice applications at an ASP is security. Spring Tide enables us to deliver ASP-type services robustly, with the needed security and availability. "I'm a firm believer that the demand for security - VPNs in particular - is going to be a huge piece of the ASP puzzle," he added. "One thing that could really undermine the ASP market is lack of customer confidence about the security of data across the broadband pipe. Addressing this concern is essential." And why network-based VPNs? According to Zirkle, "When you consider that less than half of the businesses in this country even have Internet access today, you can see that broadband will be rolling out into environments where the sophistication to deal with security just isn't there. In these cases, you absolutely need a network-based solution." Cost is another consideration. Network provider Savvis (www.savvis.net) rolled out its network-based managed service offering in May, based on Nortel Networks devices. "From a price perspective, based on our cost structure with the network-based VPN solution, we are able to save customers 30-50% over traditional private Frame Relay networks, and 20-30% over CPE-based VPN solutions," said Brad Hokamp, executive VP of product management and marketing. "Our savings are significant as far as capital is concerned - we cut our capital equipment costs five times by providing IP services in the network instead of CPE." Pan-European VPNs London-based intelligent IP provider Aduronet (www.aduronet.com) has built its network architecture around CoSine's IPSX 9000 technology. The startup works closely with partner ISPs to make sure they can deliver QoS end-to-end, said Paul Wynne, senior VP of operations and architecture. "If you've got a VPN tunnel that starts in a partner network in the UK and ends in another partner network in Spain, each partner is depending on the other to deliver QoS end-to-end," said Wynne. AduroNet partners deliver tail circuits and routers, and engineer their own backbone for QoS (quality of service). AduroNet manages VPN provisioning from its network operations centre, using CoSine's service management software. "In a traditional frame relay VPN with 15 locations, you needed to provision 15x15 virtual connections. In our case, the network provides fully-meshed connectivity inside the network cloud; we only need to provision one tunnel from the IPSX 9000 to the customer. This lets our partners deploy smaller, lighter, less complex routers at the customer premises," said Wynne. AduroNet plans to introduce its VPN service by the end of the year. "This service will provide office-to-office connectivity for small-to-medium size businesses," he explained. "Traditionally, European ISPs are bounded by their country - for example, a UK provider can offer VPN service, but only connecting locations within the UK. We can help ISPs offer VPN services Europe-wide." AduroNet also plans to provide content services at the center of its network. "We've engineered our network to be one hop away from two data centers (London and Frankfurt)," said Wynne. "We'll locate some very big, mean servers there that can be used by ASPs to host applications with one-hop access. Each data center will shadow the other, so that, if for some reason you cannot reach one center, you can still reach shadowed content at the other." VPN customers will be able to access centrally-located application services, including very large, hit-intensive services and large applications like databases and office applications. "We intend to host these types of services for ASPs like eTrade," said Wynne. "The whole idea of network-based VPN is that you've got control of IP services on a wholesale basis," said Wynne. "Expensive equipment sits in the center of the network, and customers connect to that for access to the Internet and to other VPN locations. The CoSine box allows us to create new routers on the fly - virtual routers in software, not hardware. With CoSine, we can add IP services like firewall and virus scanning to the VPN." Furthermore, Wynne says that private ATM and Frame Relay networks require racks and racks of big routers to support a few hundred customers. "The CoSine box takes up half a rack and supports thousands of customer connections," said Wynne. "This gives us massive economy of scale. The kind of economy of scale we need in the wholesale business."
Profile by Lisa Phifer, This profile is excerpted from an original article published on ISP-Planet that provides further details of the technology - see An Early Look At Network-Based VPN Deployment .
|