Managed VPN Services Gain Users, New Wrinkles

FRAMINGHAM (03/02/2000) - Managed virtual private network services may not be generating the industry buzz they once did, but businesses are indeed tapping into these services for inexpensive, secure dial-up and dedicated connectivity.

"Managed VPN services are going to continue to become more important to business users," says Jim Slaby, senior analyst at Giga Information Group Inc., a Cambridge, Mass., consulting firm. "From lower costs in terms of connectivity and international reach, managed VPN services are a slam-dunk."

Among the prime reasons that businesses look to outsource any service are a lack of in-house expertise and the desire to keep IT staff free to focus on other projects. Because IP Security (IPSec) tunneling and encryption, digital certificates and public-key infrastructure (PKI) authentication are becoming staples of most VPNs, users will find security experts in even greater demand.

This jobmarket reality is why more businesses will turn to managed VPN services, Slaby says.

But managed VPN services are not new to businesses such as Booz, Allen & Hamilton, Lord Corp. and Carbo Ceramics. While different sizes - Booz Allen employs 10,000; Lord, 2,000; and Carbo Ceramics, 200 - all use managed VPN services for cost-effective connections with expansive international reach.

Carbo Ceramics set up its Internet-based VPN two years ago with PSINet to link three remote manufacturing sites with its headquarters in Irvine, Texas. Carbo was ready to deploy a new enterprise resource planning (ERP) system called Navision but had no connectivity between sites in New Iberia, La., Eufaula, Ala., and Mcintyre, Ga., says Barney Lejeune, IT manager at Carbo. Lejeune is charged with keeping about 35 employees traveling in Asia and South America connected to the firm's VPN.

"We didn't have time to get involved with dealing with local exchange carriers, choosing routers and DSU/CSUs," he says. "We wanted someone to provide dedicated and international dial-up Internet access and be able to manage the network for us."

Carbo talked with AT&T, MCI and Intermedia before going with PSINet. PSINet has been able to easily increase bandwidth at Carbo's manufacturing sites as well as add needed back-up systems, he says.

While pleased overall, Carbo is looking for more intuitive client software that will allow users to connect to the 'Net over a dedicated T-1 in a hotel or using a dial-up connection. The biggest problem for Carbo is that the firm's employee base is not computer-savvy and any glitches in client software cause problems for the IT staff back in the main office, Lejeune says.

Robust client software is especially important to Lord, a manufacturer of aerospace motion control devices and chemicals, because the company is only supporting dial-up users on its Internet-based VPN.

Lord stumbled into its managed VPN service while looking to replace an "expensive, unreliable and not well-supported" managed remote LAN dial service from MCI, says Tom Stribling, manager of network services at the Cary, N.C., company. Lord started talking with GTE Internetworking about that company's Dialinx IP remote access service, but because Stribling was very concerned about security, GTE Internetworking suggested its VPN Advantage offering.

Lord is supporting a dial-up VPN for about 400 of its 2,000 employees who work from small or home offices and travel the world. GTE Internetworking has the U.S. coverage that Lord needs and also offers local number dial-in support around the world.

Giga's Slaby recommends that businesses check out an ISP's domestic coverage before signing on the dotted line. Ensuring that users will be able to connect to a local point of presence will keep telecommunications costs lower and latency in check, he says.

GTE Internetworking is among the ISPs that team with global roaming-service provider iPass to offer local dial-in support in 150 countries. This means employees traveling in Sri Lanka or Brazil, for example, can connect to Lord's network for the price of a local call instead of a long-distance international call.

Lord is using both IPSec and the Layer 2 Tunneling Protocol when remote users connect to Lord's corporate net. Lord is also using standard Data Encryption Standard (DES) overseas and Triple-DES domestically. Lord is issuing digital certificates to remote users for additional user and network authentication.

Lord has TimeStep's Permit VPN device deployed to support its remote access users, but is in the process of switching to Nortel Networks' Contivity gateway. "The TimeStep device is very good, but its client is difficult to install and rather fragile," Stribling says. "If we make any changes to a system, we have to uninstall and then reinstall the TimeStep client. We haven't yet been able to break the Nortel client."

Booz, Allen & Hamilton signed up for its first managed VPN service in 1997 with UUNET, but has since swapped vendors. "UUNET understood what we were trying to get done, they had the knowledge, but they weren't good at productizing it," says Daniel Gasparro, chief technologist at the McLean, Va., management consulting firm.

Some ISPs are more concerned about selling network capacity than managing a worldwide VPN service, Gasparro says. This led Booz, Allen & Hamilton to team with Fiberlink to connect about 7,000 employees and customers worldwide to the company's networks. While UUNET probably has more international coverage than any other domestic ISP, Fiberlink is able to offer dial-up Internet access connectivity locally through iPass, which referred Booz, Allen & Hamilton to Fiberlink.

Each business has to decide what's more important for its VPN, Gasparro says.

The choices are to team with an ISP that can offer high quality of service by only using its backbone or to use an ISP that allows you to use a third-party service such as iPass that provides international connectivity.

Booz, Allen & Hamilton is also looking for the flexibility to deploy other broadband services, such as digital subscriber line (DSL) and wireless services. With some ISPs, it's difficult to incorporate other service provider offerings into managed VPNs.

"What's happening now is that our user base is outpacing our ability to keep up with new developments," Gasparro says. He would like to see a centralized method for letting Booz, Allen & Hamilton employees sign up for DSL services to link to the company's VPN. This centralized method could be as easy as a secure Web site that Fiberlink would set up and manage.

Managed VPN services will continue to need technology and customer service upgrades, but there are now more service choices for users than ever before.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Allen & HamiltonAT&TControl DevicesFiberLinkGatewayGiga Information GroupGTEGTE InternetworkingIntermediaiPassMCINortel NetworksPSINetStrategy&Uunet

Show Comments