A virtual private network (VPN) across both public and managed IP networks provides a means for enterprise-level communication - and opens vast opportunities for IP VPN products and services. Markets for both IP VPN product vendors and service providers are expected to increase significantly in the short term, making room for new players in a technology still largely unrecognised by local SMEs. But for those looking to enter the IP VPN channel, consider - in advance - the issues of quality, security and corporate users' requirement for service-level agreements (SLAs).
Among the various VPN implementations, IP-based VPNs -- both over the public Internet and within managed IP networks - are attracting the most industry attention.
Despite the recent economic woes, worldwide IP VPN equipment revenue is expected to increase from $US2.3 billion in 2000 to $US7.5 billion in 2005, according to a July 2001 IDC report, Worldwide IP VPN Equipment Market Forecast and Analysis, 2000-2005. Moreover, the same report predicts the market for IP VPN services to increase from $US2.2 billion to $US21 billion in the same period.
"We are experiencing an increase in VPN usage," says Roy Wakim, solutions manager, convergence, Avaya South Pacific. "Our scale of VPN solutions ranges from five to 10,000 users."
Although IP VPN implementations are set to increase, research indicates an apparent slow local uptake. IDC's Australian 2002 Telecommunications Survey (December 2001) questioned 164 small, medium and large organisations on the status of IP VPN use. The survey found 24 per cent using IP VPNs (including 50 per cent of companies with more than 500 employees) and 29 per cent either planning to implement or evaluating the technology. However, a high 48 per cent have no plans to establish an IP VPN this year.
According to Craig Neil, managing director of NSC, an Avaya partner, local IP VPN deployment is not limited by the number of providers large enough to offer managed services. "The uptake is hampered more by incredibly competitive pricing from large telecommunications companies on alternate technologies," says Neil. "The telecommunications brands will significantly alter market offers in order to retain existing business in areas where they have a high level of share."
Furthermore, the IDC Asia-Pacific WAN Manager Survey, March 2001, indicated many Australian companies are happy with the performance of ATM and frame relay and do not see an immediate necessity to switch to other emerging technologies. "As there are many different IP VPN solutions, technologies and options, most customers are either not fully aware or they are confused by the complexities," says Richard Knott, managing director of Equant Australasia. "Often, customers have a small piece of the puzzle which has come from a particular vendor solution and this colours their view."
Public Internet VPNs can be established throughout the variety of existing infrastructures such as frame relay, DSL or a public switched telephone network (PSTN). This makes Internet VPNs globally accessible and low in cost. However, the major disadvantages of Internet VPNs are the service levels, including connectivity degradation due to varying network infrastructure, and security.
Bruce Hampel, chief operating officer of Panaseer, warns that using a VPN across a PSTN presents "real risks". To establish a truly secure environment, he explains that a firewall would need to be installed at every access point. "When migrating a VPN to a frame relay environment, industry needs to ensure there is a single IP point. Hackers can't tell one company from another or whether it is big or small."
Although VPN traffic can be sent through the Internet, VPN devices themselves are considered secure in terms of hiding information because they can use the data encryption standard (DES).
In addition to the Internet VPN, a service provider's network can provide the environment for an IP VPN. A private network VPN eliminates many of the problems associated with sending traffic through the Internet and also provides a basis for the provider to offer SLAs for network performance.
"The MPLS [multiprotocol label switching] -based VPN technology that COMindico has deployed is as fundamentally secure as frame relay or ATM technology," says Craig Reilly, product manager of corporate network solutions at COMindico, an IP wholesaler. "The carrier technology is only one component of the overall security statement. That's the reason we have spent a lot of time and money deploying state-of-the-art security into each of our 66 data centres Australia-wide."
The right type of IP VPN for business depends very much on cost and the required quality. If customers' requirements are global reach and low startup costs, and they can afford less quality of service, an Internet VPN is ideal. However, where the integrity and security of data is essential, an investment in a private network is recommended.
The IP VPN channel
With a significant difference between the projected revenues of VPN product vendors and service providers, it is clear that the provisioning end of the market will drive the channel.
"We began establishing channels for the resale of VPN services last year," says Reilly. "There are a number of companies in the systems integrator space that are keen to move to the recurring revenue model offered by selling telecommunication services. These companies typically design, implement and manage the corporate WAN, so they are naturally positioned to sell the network solution."
Tapping in to an established and unified IP provider, as well as investing in vendor products, are only the beginning for companies looking to join the IP VPN market.
"The development of a channel relationship between a vendor and a provider is a long-term partnership," says Equant's Knott. "The responsibilities need to be clearly defined and each must need each other. Issues such as market segmentation, channel conflict, margin, risk management and loyalty will be major discussion topics which must be addressed before the parties can work together."
This sentiment is shared by NSC's Neil. "Our relationship with the vendor, Avaya, is based on a serious level of accreditation and certification. Heavy testing and training takes a certain amount of upfront investment from us as the reseller."
In the end it's the consumer who expects the best SLA from any IP VPN provider. Although vendors develop the IP VPN performance-monitoring software, the overall quality of service rests with the provider.
"There are many issues relating to equipment interworking and interconnection of provider networks," says Knott. "It is very difficult to provide service-level guarantees and monitoring across multiple provider backbones."
Although the quality of service of any IP VPN is essentially dependent upon the quality of the network, providers can establish new business by guaranteeing their work.
"A good SLA is one that tells the client what level QoS should be expected and which mechanisms are in place to provide it," says Neil. "If the provider is prepared to make guarantees on the technology, and protect the client from risk if it fails or is unsuitable, business will be more prepared to make bolder moves in adopting new technologies."
Whether business requirements are low-cost private communications over the Internet, or managed data and multimedia connectivity, IP VPNs are the technology to watch in the medium term. An increased awareness of what they provide, along with comprehensive SLAs by providers, will only help establish IP VPNs as a corporate necessity.