 |
|
| End
To End Connectivity:
Vendor Hype or the Real Enabler in the 'E' World by Steve Broadhead For years now vendors have spoken of “the ultimate” networking solution. End-to-end computing is its name and the idea is simple: a vendor delivers a complete physical and logical network connection from the desk (or mobile location) where the user is sitting, to the destination point – be it a web server, an office network or any other remote computer. All very simple and all very transparent to the user. The problem to date has been that, regardless of the technicalities involved in applying this end-to-end solution, for many years there has been very little to truly apply it to. Now along comes the “e” generation of computing and – with e-commerce and e-business – the promise finally of a real application for end-to-end computing is with us. Given that the concept lends itself naturally to the Internet via the use of VPNs, e-business and e-commerce would appear to be the perfect applications for the end-to-end approach and industry analyst figures would seem to support this argument. That the Internet forms a truly global and inexpensive medium for carrying out e-business upon, is qualified by the astronomical growth figures quoted by Forrester Research in the US, for example, who forecast that inter-company trade over the Internet will double every year. This means a surge from $43billion back in 1998 to $1.5trillion by 2003 and this excludes the value of services exchanged or booked online. Even if we take these figures with a proverbial pinch of salt and divide them several times over they are still impressive. But if e-business especially is the “killer application” for end-to-end connectivity, then VPNs are equally clearly the prize technology within the same solution set. A virtual private network is basically a WAN or Extranet connection, typically running over a public service such as the Internet, rather than a company’s own private network connections. The clever bit is that – to the user�– there is no discernible difference between public and private. So imagine you run a company that provides online shopping or banking services. With a VPN in place, not only is it simple to add both company offices and home workers into the network, but customers can access your network in a similar, but secure, fashion. So then imagine that you offer an online catalogue for users to view across the Internet. Using VPN and the equally fashionable voice and data integration technology for example, it would be possible for a customer to be viewing the catalogue onscreen while, at the same time, talking to a sales assistant. This need not be via an external call made separately to the office, but as part of the same call, down a single VPN connection, to the same web site, typically at local call rates. This same basic strategy, plus innumerable variations on a theme, can be applied to any number of scenarios - technical support being one example where human resource can be supplanted by automated techniques to handle simple enquiries and use their skills in better ways. For example, imagine if a single “call” to the support centre could include either voice and/or data and that the same centralised system could take the call in either fashion, but be fully automated, only passing it on to a human operator when necessary. By employing such a system that integrates voice and data, a company could cut back on human resource while maintaining service quality levels, or even improving them. This kind of approach simply isn’t feasible using a traditional, fixed leased line WAN service, but is clearly realistic using VPN technology. So what is equally clear is that VPNs are surely a catalyst for e-business. So – and here we turn the argument on its head - why hasn’t e-business taken off as much as anticipated, at least in Europe? Is it because the end-to-end connectivity that makes it so accessible has not genuinely been in place? Similarly, why have so many e-commerce oriented .com companies been floundering recently?� While there are many and varied reasons for these failures in each individual case - with more than a hint of stupid-ideas.com around all too often - one major technical issue goes back to the end-to-end computing argument. As a means of getting “ordinary”, non-computer literate people into the “e” world, the idea of a transparent, end-to-end connection clearly makes sense. However, there has been one big technical issue that has slowed the uptake of both the technology and the applications. That issue is security, or rather, the lack of it. Several recent high profile cases of – mainly – incidental access to private company data, by individuals doing nothing more than browsing an “e” site, has highlighted the need for a truly secure end-to-end connection for e-business and e-commerce applications, if they are to become popularised.� For example, apply the e-business+VPN solution to the idea of secure, online banking and it clearly makes a lot of sense, seen through the eyes of the user. But there is still the issue of security to overcome. In such an example, the link needs to be secure from the moment a request leaves the users PC to the time it arrives at its destination web page. In order to make data connections secure when creating a VPN across the Internet, a ‘tunnel’ is created between the source and destination end-points which encapsulates the IP packets the Internet uses and encrypts the data within. This tunnel is normally created by a device acting as a VPN Gateway - usually a dedicated piece of hardware - of which many examples exist. The problems have come with agreeing – or failing to agree - on a tunneling standard to implement globally. Does this mean, then, that standards-based, secure, end-to-end connectivity solutions still don’t exist? On the contrary there have been several such products enter the market recently, such as Intel’s newly announced NetStructure product range that is aimed specifically at e-business and provides a complete, secure end-to-end solution from the users’ desktop to the e-business data centre. More importantly, it is aimed at both the service provider and the end-user. Intel’s VP communications product group, John Miner explained: “Service providers are demanding unparalleled cost savings, integrity and performance, whereas corporations want ubiquitous and secure access for their employees, customers and partners.” The idea behind the NetStructure range, then, is to keep both parties happy. Key to the launch is a range of VPN products. According to Infonetics Research in the US, the worldwide market for VPN equipment is set to rise from $1.2bn this year to $3.7bn by 2004. So why the sudden take-up of the technology by vendors and users alike? One reason is that the ongoing problems with a lack of security standards are finally being resolved. IPSec especially is one tunneling protocol that the vendors have looked to support but found problems with until recently, due to it being a framework of open standards, rather than a tight industry standard. So each vendor has been able to produce its own interpretation of the “standard”. However, IPSec standards finally appeared to be settled and according to Intel’s CPG marketing manager, Richard Lissenden, the catalyst has been the implementation of standards driven by the market rather than by the standards bodies themselves. “We have made a lot of progress now with fully secure IPSec managed NICs whether on the server desktop or laptop platforms”, he explained, by way of example. Intel is using VPNs to connect remote workers or branch offices and suppliers on the Intranet and create the, seemingly once-mythical, end-to-end solution, but it is the secure element that is winning the day for the company according to Lissenden, who added: “With the use of standards based SSL based encryption for enabling e-commerce we are giving users and customers real confidence in this solution.” So end-user confidence would seem to be the key requirement for e-business and e-commerce to take off. And that confidence can come from the technology itself according to Bob Jones, director with the newly-formed DICA Technologies, a merger of companies which brought together a combination of products that, like Intel’s NetStructure range, creates a secure end-to-end connection, transparent to the end user. Jones explained: “The upsurge in interest in secure remote access into corporate networks using VPNs and encryption has been stimulated by the increasing deployment of technology to non-technical users. Such people require functionality with the minimum of complexity, and security has to be inherent and foolproof so that whatever the user does doesn't compromise the integrity of the corporate data.” What Jones has looked to do with DICA is place a shift of emphasis from pure functionality to a balance of “functionality and usability” in order to gain the all-important mass acceptance from a broad user base in order for the “e” world to really take off. “The main benefit to the user is secure connectivity from pretty well anywhere for the cost of a local telephone call. In short, remote connectivity seems to have shifted from being used primarily by 'techies' to the wider marketplace”, said Jones. Business Benefits Of Virtual Private Networks A VPN represents a way of quickly and easily extending your corporate network and realise cost savings at the same time; so many organisations will look at a VPN as a cost-effective alternative to a private remote access network. A key attraction of a VPN is the way it enables you to make adds and changes without incurring heavy time and cost penalties. You can make a connection into an ISP anywhere in the world and be connected into your VPN as a result. It takes but a few seconds to connect people up, which makes it perfect for remote or temporary users, as well as for combined intra-company and Internet access. This flexibility means that the number of potential applications for a VPN is enormous, not least e-business and e-commerce. IPSec While some IP tunneling schemes – the means of enabling a secure, end-to-end network connection - are still proprietary, most now support IPSec. IPSec is a framework of open standards for ensuring secure private communications over public networks like the Internet, for which reason it has been applied to VPNs. It is a set of protocols developed by the IETF (Internet Engineering Task Force) to support secure exchange of packets at the IP layer. IPSec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure tunnel mode, as used in VPNs, encrypts both the header and the payload. On the receiving side, an IPSec-compliant device must be present to decrypt each packet. This means that the confidential data within a transaction will only be “open” at the very beginning and end of each transaction.
|
|
Send mail to webmaster
with questions or�
|
