1 June 2002
VPNs to the rescue
Web-based virtual private networks secure data, save costs.
Business is looking brighter for makers of network bridges, routers, and gateways, fueled by increased demand for communications security, more work-from-home employees, and emerging Web services networks.
A survey commissioned by networking giant Cisco shows the percentage of manufacturing firms deploying virtual private networks (VPNs) is neck and neck with commercial businesses.
3Com Corp., another major VPN supplier, defines a VPN as "a group of two or more computer systems typically connected to a private network, with limited public network access, which communicates securely over a public network." VPNs use advanced encryption and tunneling technologies to provide secure, end to end, private network connections over third-party networks such as the Internet or extranets.
Most corporations are transitioning to Internet-based VPNs because they provide security yet cost much less than privately owned electronic data interchange (EDI) networks, according to 3Com. In the past, businesses typically interconnected their LANs using more expensive services from telecommunications providers-for example, public switched telephone network, integrated services digital network, X.25 and other packet-switched services.
VPNs cost less because they share third-party, high-bandwidth Internet channels. However, when two or more large business partners, such as commercial banks, need to regularly exchange high volumes of confidential data, they still often prefer EDIs.
Traveling and work-at-home employees use VPNs to access company data. VPNs serve customers and business partners in the same way.
The growing interest in VPNs and Web services is spurring "a lot of upgrade opportunities for [makers of] bridges, routers, gateways, and switches," said Bob Parker, research fellow for AMR Research in Boston.
OSI STANDARD CONTROLS ALL
Nearly 25 years ago, the International Organization for Standardization recommended developing a universal standard to define how to exchange information among different networks and across geographical boundaries. Over time, the open systems interconnect (OSI) model evolved and today is the dominant international standard all vendors follow.
While greatly eliminating user confusion and incompatibility issues, the OSI model has discouraged vendors from developing networking technologies that can't be incorporated into the standard. When a new idea comes along, such as VPN, a standards-making task force quickly swoops in to ensure no VPN provider strays too far from the pack.
"Cisco, Enterasys, Lucent, 3Com, and others constantly innovate with features," said Parker. "It's a tough market to be in, however, because when someone like Cisco adds a new product feature, [Cisco's competitors] have it three months later because they have to communicate with it."
As a result, a vendor's reputation for reliability and performance is the market driver in the network connection and interconnection space (bridges, routers, gateways, hubs, switches, etc.), Parker said. Major players are limited to a few large suppliers, and "their success is dependent on their distribution network," he observed.
COST LESS THAN EDI NETS
A VPN study commissioned by Cisco and conducted last fall by Gartner subsidiary Griggs-Anderson Inc. covered 112 manufacturing companies and 110 commercial businesses. Most manufacturers produced industrial and commercial goods (46%), followed by food processors and packaging firms (12%), consumer goods (11%), and automotive (9%). Aerospace/defense (5%), pharmaceuticals (4%), software (4%), R&D (4%), computer products (3%) and electronics (3%) made up the rest.
The study showed 95% of manufacturers' VPNs used by work-from-home employees, 80% also use VPNs for traveling employees, 65% for site-to-site data-swapping and 43% for transactions and collaborating with partners and customers.
Manufacturers list cost savings (54%) and security (21%) as main reasons they installed VPNs. E-mail (94%), a company intranet (86%), and the Internet (68%) are the most commonly accessed applications. Most respondents said they internally manage their VPN, with only about 10% completely outsourcing it.
Asked "What has been the greatest challenge or negative aspect related to the use of a VPN at your company?" responses were generally positive. Security challenges were the greatest concern, but only 17% of respondents cited it; right behind but also scoring low was configuring users' home PCs (15%), training users (15%), supporting users' hardware and software (12%), and installation and maintenance time (12%).
About 21% of all respondents said they were unsure about estimated annual savings resulting from VPNs. However, 20% estimated per-annum savings of $100,000 or more, 17% said $30,000 to $100,000, and the remainder estimated savings would be under $30,000.
On average, respondents spent about $250,000 on their total VPN installation.
A 2001 information technology (IT) budget allocation study conducted by AMR Research showed manufacturing industries overall spent 16% of their total IT budget on networking, second only to hardware (25%). AMR did not break out VPNs, however. Applications (18%), other software (11%), services (14%), and staffing/training (16%) made up the rest of the IT budget. The percentage spent on networking was remarkably consistent-within a range of 11% to 18% of IT budgets-when AMR broke out spending by chemical, pharmaceutical, oil and gas, consumer products goods, aerospace and defense, high tech, automotive, semiconductor, and complex segments.
Emerging Web services technologies, based on extensible markup language (XML) and companion protocol standards, will also spur VPNs, said Parker. Web services involve coding business or technical information in XML, then distributing it over any TCP/IP network to other interested organizations, individuals, or machines.
Two issues, security and latency, suggest Web services is a good application for VPNs.
On security, "Do I know I'm communicating with a trusted supplier?" the analyst asked rhetorically. "VPNs are built on IPsec [Internet protocol security] standards," easing concerns, he noted.
Latency issues occur, for example, when a manufacturer such as General Motors (GM) electronically asks Dun & Bradstreet (D&B) about a potentially new supplier's credit rating. If done in synchronous mode, time-outs can occur, and the transaction isn't completed. To avoid losing GM as a client, D&B will look at "quality of service" (QOS) technology that gives GM's electronic inquiries priority.
"Both IPsec and QOS will be big" software niches, the AMR researcher predicted. IC
Behind the byline
Jim Strothman is Associate Editor for InTech.
|Three types of data VPNs|
While data communications vendors offer a large number of virtual private network (VPN) products, all fall into three basic categories: hardware-based, firewall-based, and stand-alone VPN applications.
Hardware-based VPN systems are typically secure and easy-to-use encryption routers, often practically plug and play. They provide the highest network throughput of all VPN systems, 3Com said, because they don't waste processor overhead running an operating system (OS) or other applications. However, they are not as flexible as software-based systems.
3Com said the best hardware-based VPN packages offer software-only clients for remote installation and incorporate some of the access control features more traditionally managed by firewalls or other perimeter security devices.
Firewall-based VPNs use the firewall's security mechanisms, restricting access to the internal network and network address translation. Most commercial firewalls "harden" the host OS kernel by stripping out dangerous or unnecessary services, providing additional VPN server security. However, VPN throughput performance can be a problem, especially if the firewall is already loaded.
Stand-alone, software-based VPNs work in situations where different organizations control an end point of the VPN, as happens with business partnerships or customer support situations or when you find different firewalls and routers within the same organizations. While stand-alone VPNs offer the most flexibility in managing traffic, software systems are generally harder to manage than encrypting routers. They require familiarity with the host OS, the application, and security mechanisms.
Return to Previous Page