A year and a half ago, Metropolitan Life Insurance, in New York, began a re-engineering project to convert its information systems to Windows NT hosts running on a TCP/IP network. The company recognised that it would need to give 10,000 remote users access to the NT systems. Remote access on that scale has the potential to rack up enormous costs and consume large amounts of IS resources.
Met Life figured that the most cost-effective approach would be some form of outsourcing.
But although the company was eager to off-load the remote-access connectivity, it wanted to retain full control of its remote users and how they get into the corporate network.
"In looking at the CompuServe solution, it was attractive because, first of all, it would in effect extend our internal IP network," says Don Elustondo, the systems consultant who designed Met Life's program. "The remote clients have IP addresses assigned by our own internal DHCP [Dynamic Host Configuration Protocol] servers."
Met Life has 5000 users connected to its network through CompuServe's IP Link service. It plans to add another 2000 users before the end of the year and the remaining 3000 users during the first four months of next year. The principal control issue for Met Life is security. Met Life's security for the IP Link service has two facets, authenticating the remote users and filtering the traffic from the CompuServe Value-Added Network.
"It's a Value-Added Network that's private to us," Elustondo says. "CompuServe owns and manages the entire network that we use, and within the CompuServe network it firewalls off any connections it has to the Internet and the rest of its private network. So we feel we're in a safe part of the CompuServe network."
In addition to the firewalls within CompuServe, Met Life filters its links to the CompuServe cloud, Elustondo says. Met Life's routers block sessions that are not initiated from the ports designated for the company's remote users, and those ports are protected by the authentication service.
Met Life also controls the authentication service. So far, Met Life has found CompuServe's IP Link to be cost-effective. Because CompuServe has points of presence throughout the world, most connections into IP Link are local calls.
"We had one or two people doing infrastructure, one or two people doing security, and then it's just an additional thing to learn for the help desk to support it," Elustondo says.