 |
|
| Shiva
LAN Rover Access Switch An NSS Group White Paper by Bob Walder Table of Contents IntroductionThe Access Switch: More Than Just A New Product�- Fact or Fiction? Access Switch: An Independent Overview Appearance Configuration & Management Scalability and Flexibility Security Overall Feature Set Client Support Product Futures Appendix A: ISDN and the Internet - The Opportunities Appendix B:� An Appraisal of the ISDN Products and Services Marketplace Appendix C:� An Appraisal of the Internet - Pros & Cons Appendix D:� Internet Access - PSTN versus ISDN � TABLE OF FIGURES � The Access Switch: More Than Just A New Product - Fact or Fiction? Fact: Shiva is a well-known, world-wide provider of remote access products. Fact: Shiva is a well-known, world-wide provider of simple, low-cost, PC (and Mac) oriented remote access products. Fact: The LanRover Access Switch is not a simple, low-cost product. It costs several times more than the "typical" Shiva product, and therefore, customer expectations will be that much greater. Fact: This means that Shiva cannot expect to sell an Access Switch in the same way it sells a $3000 remote access server, geared for the plug �n play Novell/Microsoft market. However, Shiva has recognised this - hence the use of major telecomms companies such as NorTel and Alcatel to sell the Access Switch. The only question here is: does this in any way upset the "traditional" sales channels for Shiva who feel (perhaps wrongly) that they could sell a high margin product like the Access Switch but are not being given the chance? Or are they? The point is, the Access Switch is a major departure for the company; a move into a completely different league - where companies buy products which are "critical" to their business. Expectation levels are higher, not just in terms of the product itself, but in terms of the level of support and all aspects of that product and the supplier. However - and this is a big "however" - in truth, the quality of products released into the high-end remote comms market have generally been less than brilliant in many ways to date. Typical of their shortcomings are as follows: Serious architectural design flaws which limit true scalability of product. The result has, in many cases, been to either go for the classic "forklift" upgrade or to use outmoded technology. Lack of conformance to standards, with - in many cases - pseudo-proprietary implementations of future standards; the result being a device which will only work with other devices from the same vendor, despite all the talk of open standards. Severe shortcomings in terms of ease of configuration and management. This both limits the ability to maximise use of the product and makes problem resolution more difficult than it should be. The results can be inefficient operation and extended downtime�- both to be avoided at all costs. Very expensive to upgrade and change with limited or restricted options - e.g. you have to upgrade "x" connections at a time, rather than having a choice of "x, y, or z". All of the above should be avoided if a company like Shiva wants to make its� mark in the "big league". By bringing forward some of the ideas from the PC (rather than mainframe/telecomms) world; ease of configuration and management from a standard PC interface, low-cost and flexible upgrades, conformance to standards (e.g. PCI bus) - and combining these with true adaptability and scalability, high levels of resilience and redundancy, Shiva can produce a new generation kind of comms products, combining the best of old and new worlds. So how does the Access Switch fit in with the above requirements? The next stage of the report outlines what the product has now, what it needs, and suggests future possibilities for expanding its capabilities, all from a features point of view. Access Switch: An Independent Overview They say that first looks count for everything. So how does the Access Switch look? Kind of like a giant LanRover is the answer. So, for anyone familiar with Shiva remote access servers there�s nothing "frightening" about the box. For anyone new to Shiva - and particularly the old school telecomms guys - the Access Switch comes across as functional rather than flash, so there should be no worries there either. Does it look like a $50,000 box (which it can cost in a loaded configuration)? No, but then what does? Comms equipment isn�t like sports cars - there is nothing to shout its� value. What it does look is "serious" which should satisfy anyone who doubts the calibre of the product in advance. What is great about the Access Switch is that it may have an expensive price tag and a great deal of potential power, but it�s not a pain to configure and manage unlike many of its peers and predecessors (outside of Shiva that is). While it is still a common problem among WAN product vendors, in that they believe in making it as complicated as possible to set up a router or switch, Shiva has never followed this line of thought and it is good to see this applied to large scale products such as the Access Switch. Put simply, whereas the majority of WAN hardware developers have come from an mainframe or UNIX host connection oriented background, Shiva�s is Macs and PCs. "Mickey Mouse" maybe, but the result, when applied to a box like the Access Switch, is bliss after many unwelcome experiences with obscure terminal sessions and sadist-designed key strokes. What we are saying is that the Access Switch is very straightforward to configure compared to may other remote access servers and routers - and not necessarily high-end ones either. Perhaps the handful of disks (9) required to load the management software onto the PC could be replaced by a CD-based alternative. Talking of CD�s, the documentation being based on CD is a good thing, albeit somewhat standard practice now anyway. A good feature is that on loading up Shiva Net Manager, the software scans the network for available Access Switches and lists them along with any other Shiva devices attached to the network. OK, so this is a long-standing Shiva manager feature, but it�s reassuring to be able to incorporate a new device like the Access Switch, alongside existing Shiva remote access servers without any new learning curve or shocks to the system. Equally "standard Shiva" but good is the way that once a remote link has been established, remotely located Access Switches can also be located and managed from the single PC, along with other LanRovers. Another good feature is that all the configuration information can be stored in files and then downloaded to other Access Switch units. Likewise that the management systems can also be used to perform software upgrades on remote Access Switches - and indeed any other Shiva LanRover product. Again it�s worth stressing: if you�ve got any existing LanRovers it means the news is great - no new management software and no new learning curves. If you�re new to Shiva then it�s good news anyway. Shiva is right in placing the emphasis on developing an architecture for the Access Switch which tries to avoid any bottle-necks through processor saturation. Instead of placing the total emphasis on a central CPU, as do some competing manufacturers - notably market leader Ascend - the use of a distributed processing architecture, whereby several individual processors within the box work concurrently, is clearly very sensible. It means no single processor should, at least in theory, be overburdened and create a bottle-neck. In turn this means the product should scale well, as more and different services are added to it. The other good architectural point is that the concept of removing bottle-necks by sharing all resource where possible, is carried over to other areas of the switch, such as the use of shared memory. A word of warning here however: while the approach of distributing processing between multiple intelligent cards is a good way of removing bottle-necks, equally it is a potential cause for bottle-necks, if each individual element is not up to the task. Remember when 3Com brought out its first intelligent Ethernet adapter in the mid-�80�s with the 80186 processor on it? During that time, PCs moved into i386 mode and the onboard processor was so slow on the 3Com card that it actually ended up slowing network access, rather than improving it. It became the bottle-neck in other words. In the case of the Access Switch it appears to be well thought out however with ample power assigned to each processor. The important thing here is to maintain the high level of processing power on each component which is added to the switch AND to ensure that all elements are sufficiently engineered to cope with future demands. From a security point of view, the key point is to realise that Shiva cannot do everything itself. It is good to see, therefore, support for third party products such as TACACS, Security Dynamics SecurID and Digital Pathways� third-party authentication products. All the PPP related access control mechanisms seem to be in place also. What is the situation regarding NetWare�s NDS, in terms of pulling users - with full account/security settings from a NetWare 4.1 server in the same way you pull all this information from the bindery currently? Similarly what is the situation regarding getting this kind of information directly into the Access Switch from Microsoft�s NT? The easier it is to set up users/security on the Access Switch the better. And there�s nothing worse than keying in information - e.g. setting up users - twice over. The adoption of the features common in the other LanRover products is good. Features such as the phone group help to make the Access Switch a simple product to manage, something we cannot stress highly enough. With so much emphasis now placed on the cost of ownership, rather than the initial hardware/software purchase costs, ease of management is now a major topic. The ability to demonstrate - up front - the ease with which an Access Switch can be configured from under Windows, should prove to be a good sales aid, especially in head to head evaluations and product reviews. From the point of view of ISDN features, a detailed analysis is not especially useful, since the Primary Rate module currently being used is due to be replaced by the end of the year. With the new in-house module, what the company should be looking to achieve, combined with the client software/hardware, is the same level of protocol support offered by direct ISDN bridge/routers to bridge/router connections, including Shiva�s own products (which originated with Spider). The remote node type of working, where you connect to a remote LAN as you would locally, is very popular, but requires widespread protocol support (not just PPP and IP) and true protocol spoofing, the means of maintaining a logical connection to a remote network without the line itself having to be up. It fools the network operating system into thinking that a connection is permanently made, even when the line is dropped. So that when a user leaves for lunch, say, their remote connection is dropped, then auto-reconnected on them next touching the keyboard without them knowing. By signalling to a LAN file server (for example, a NetWare file server) that a logon is still established, the ISDN device can maintain a logical link with a remote server even though the line is not up (you can usually set how long you want maintain a connection for after it has received the last piece of input). This means that instead of having to re-logon again, a user can simply come back to his or her machine and pick up where they left off - even if the line has been down for hours. With ISDN�s call set-up time being so fast, no sooner has a key been pressed than the line has been brought back up and the connection made. The same technique is also used to prevent unnecessary broadcast traffic (for example, RIP and SAP broadcasts from a Novell NetWare file server) from being sent out across the WAN links. After all you don�t want the line unnecessarily brought up every 30 seconds (which means in practise it would probably be up constantly) just so that your local server can receive broadcast information from remote servers that it has already received thousands of times. This may sound outrageous but there are plenty of users with ISDN line bills which show the potential dangers of connecting LANs together. Proving to potential customers that this kind of danger can be avoided is clearly a big selling point. Nothing rocks a potential sale more than lack of confidence. Shiva is clearly in a good starting position when it comes to client support. With the tie-ins with Microsoft products, as well as Shiva�s own badged and distributed client software, client coverage is excellent. The same can be said for the range of modem support - second to none. What Shiva needs to do now is to provide the same level of support for ISDN client hardware, bearing in mind the features we mentioned earlier. Clearly this is not a simple matter; ISDN adapters are produced all over the world and with specific requirements for certain countries (more details on this area in the appendices). However, it is the breadth of modem support which has partly (or largely) made Shiva�s client software so successful in the first place. So it is logical to extend this approach to ISDN adapters also. The one certainty about networking, whether in LAN or WAN terms (and will there be a distinction in 10 years time?) is that is will continue to change, in terms of technologies, speeds, bandwidth requirements, user expectations, telco services etc. etc... For example, while everyone is talking about ATM as if it's the ultimate networking technology, it will - doubtless - be superseded sometime in the next century, as will its' successor and so forth. But hold on a minute. We're already talking about a successor to ATM and - barring LAN/campus backbones - ATM itself is barely in place yet. The point is, with a device such as the Access Switch the requirement is to be able to support both technologies which are still popular now; analogue connections, ISDN, leased line/private circuit (e.g. T1/E1), and future technologies; ATM in the WAN, digital satellite connections and so forth. So is the Access Switch designed to allow this kind of future proofing to be a reality? Certainly in terms of bus standards support - MVIP and PCI/ISA - the basics are in place to allow a broad spread of support for various in-house developed and third-party devices. Clearly a company the size of Shiva cannot develop everything itself (or buy the world, Cisco-style) so support for standards such as PCI is important. MVIP also appears to be winning its own little bus war, even though rival technology SCSA - promoted by Dialogic - appears to be a superior solution. Certainly the ability to quickly support various "standard" technologies while they are still at their most popular (and some are pretty short lived), without going through the time and expense of internal development cycles, is a powerful weapon. One of the biggest changes in the wide area will occur in mobile computing. The GSM standard widely adopted in Europe and the East has shown that there is already a huge demand for true remote node type connections onto the office network from wherever you might be. So, while analogue modem connections may still rule the portable computer connections, standards such as GSM - thanks to their truly mobile nature - will clearly take over. Shiva must be in a position with the Access Switch to support these mobile users in the same way they support traditional PC/modem connections now. One example of the kind of product that could be integrated into the Access Switch is the Apollo remote access card, developed and manufactured in the UK by Cambridge-based Brand Communications. It is a multi-function communications card for Novell NetWare, Microsoft NT and TCP/IP environments, available as either an internal PC or Server card based or as an external box. In whatever format, the basic hardware and options are the same. It supports not just ISDN but also features programmable external ports which can be any combination of V24 sync/async, V35 or X.21. This gives it the ability to drive a wide range of external devices such as modems, ISDN terminal adapters, Kilostream leased line circuits or private network connections. Two ports can be combined concurrently supporting sessions from two different remote locations, so, for example, you could run Kilostream with ISDN back up, or any variation on a theme. To generate the horsepower required to handle multiple links, the Apollo features an onboard RISC processor, which also has the effect of relieving the load on the server or PC processor on the internal card version of Apollo. Whereas many of the ISDN and comms products are Ethernet or Token Ring specific, the Apollo is LAN independent, working with whatever LAN cards you want to use. Another key feature is dynamic bandwidth allocation, providing true bandwidth on demand without needing to set any thresholds or other parameters other than high or low. The Apollo has all the other features you would come to expect of an ISDN comms product now, such as IPX spoofing and session "keep alive". Whereas many products stop at Novell's IPX however, the Apollo supports Novell's SPX, TCP/IP, AppleTalk and - most interesting of all, Windows 95 and NetWare 4.1's NDS and NLSP, since the middle of last year. Support for PPP (Point to Point Protocol) is also provided, for communicating with third-party devices. Onboard STAC data compression is also included. Recently the company has added full GSM support with all the kind of line management and protocol spoofing features you expect on an ISDN connection. Cards like the Apollo - being ISA based initially with PCI on the agenda - are the kind of third-party product which could be taken on by Shiva to make the Access Switch a truly versatile product. Think of the Access Switch as the engine - the beginning - rather than a complete, narrow solution - the end point - and imagination is the only real limitation. Performance testing on the Access Switch was carried out in Shiva�s Bedford labs. The focus was on testing in a TCP/IP environment, but with both UNIX and NetWare servers at the "host" end and a cluster of Windows-based PCs at the "remote" end. The Access Switch was configured with two Primary Rate ISDN cards and four modem cards (providing up to 48 modem connections). At the clients we used Shiva�s Windows client and Dial-in software version 4.0.3 (supplied with the product) to connect to the Access Switch via a mixture of V.34 modems and ISDN adapters. The idea was to add clients incrementally in order to test the following:
In order to achieve the above aims, we added clients one after the other, making a connection via PPP then running a continuous looped file transfer to the UNIX or NetWare servers. The idea was to see how relative performance, on a per client basis, was affected as the load on the Access Switch built up. A secondary - and obvious - test was to see just how many connections the Access Switch could take without any operational problems occurring. In total, over the three days we achieved a best of 86 concurrent connections - 41 digital (ISDN) and 45 analogue - with still very little degradation in performance on either digital or analogue connected PCs. At the maximum load we tested under, performance fell by around 2-3% maximum per client - which indicates excellent scalability for this switch. On just one occasion the switch fell over, after achieving the 86 concurrent connections described above. The switch log indicated that the fault lay with one of the Primary Rate ISDN cards which, as we have already mentioned, are due to be changed later this year to an in-house design. It will be interesting to retest the box then with the new PRI cards to see if performance improves on what is already an impressive showing. On the following pages are a set of tables summarising the results of our tests. As can be seen from the figures, the tail-off in performance as modem/ISDN connections are added is minimal with a strong average throughput being maintained throughout. Figures given are in KBps.
Figure 1 - Eight� Asynchronous Modem Connections
Figure 5 - 14 Digital (ISDN B channel) Connections Figure 6 - 46 Digital (ISDN B channel) Connections
Figure 7 - Analogue IP lines Shown as part of 86 channel connection (45 analogue and 41 digital (ISDN B channel)) Appendix A: ISDN and the Internet - The Opportunities It's difficult to imagine anything in the world of computing which will ever emerge to rival the intensity of the Internet explosion we're all witnessing presently. Sat around for years, ticking away like a time bomb waiting to explode, the Internet has surpassed even the mega-hyped Windows 95 in popularity and inches of print. Not only has it captured the imagination of the general public, but in the business community the Internet is increasingly being taken seriously. Why? Because it offers cheap and easy mail access and a way of buying and selling products and services. So rather that simply being a hobbyist service for the spotty teenager with his fifty-dollar modem and mail-order PC, the Internet has become all-things-to-all-computer-users. This means that whereas initially the idea of a "serious" networking vendor making money out of the Internet was dismissed, now it has real appeal. So instead of an Internet access "package" being restricted to cheap modems and shareware, it now equally might encompass an ISDN router used by home workers or office users with shared LAN access. Even the major tele-communications service providers have accepted that the Internet exists and introduced Internet-oriented service options aimed at the corporate business market rather than the home/hobbyist sector. Often these combine classic public data networking services with Internet access in one package. So the Internet is an option for both small and big-time users alike. What has both captured the imagination of the end users and given the vendors the opportunity for mass sales is the world-wide nature of the Internet; the way it shrinks the globe. It doesn't matter where you are - US, Europe, Australia, Japan, South Africa... the Internet is the Internet. You can just as easily gain access to a WEB server sat in an office several thousands of miles away as you can in the office next door. The method, user interface, basically everything... is the same as far as the user is concerned. As a result, service providers have been springing up on both sides of the Atlantic, as well as in other parts of the world, so local access points are relatively easy to find. This means Internet access costs are kept down and so make the whole package attractive on a financial basis. It is also extending the range of options for the heavy-duty business end of the market as suggested earlier. One of the key potential service for Internet access is undoubtedly ISDN. A box like the Access Switch should therefore be an ideal product with which to attack both the ISP and corporate (private Inter/Intranet) marketplaces. Go for it� Appendix B: An Appraisal of The ISDN Products and Services Marketplace From a technical point of view, ISDN has made sense as a WAN service ever since companies started to interconnect remote LANs. Its flexibility in providing bandwidth as you need it, the ability to carry any type of traffic and the familiarity of its PSTN-like connection make it the logical successor to the huge number of analogue PSTN, X.25 and other networks still out there across the world. The networking hardware vendors�- particularly in the UK, Germany, France and Australia, and more latterly the US - quickly caught on to the technology with a wide range of products having now been available for a couple of years or more. With the US finally discovering the beauty of ISDN, suddenly there are a whole raft of ISDN devices appearing, many aimed at the SOHO or Internet access market. This is driving the cost of the hardware down dramatically. Whereas just 12 months ago you would be looking to pay in excess of $500 for a very simple terminal adapter and $1500 plus for an ISDN bridge/router, these prices have more than halved recently and are still on the way down as the market increases in size. Looking briefly at the ISDN products themselves, initially it seemed that the terminal adapter (TA) was the primary focus of the hardware vendors, particularly in Europe. As a direct replacement for the modem, offering Hayes compatibility and support therefore for existing comms software, it was felt that the TA would obliterate the modem. Of course it hasn't happened. No one wanted to go to the cost of replacing their analogue lines with digital alternatives, plus the cost of the TA�s themselves, simply in order to get a "faster modem". It was the LAN to LAN interconnect market and the introduction of the access router which enabled ISDN to find its true vocation hardware-wise. Now we have a proliferation of ISDN remote access devices at all levels of the market, from personal PC-card based routers to big modular systems. At the entry level in particular, simple ISDN devices lend themselves ideally to the role of Internet access device coupled with LAN and other systems access. Bear in mind, however, that we could easily be talking about novice users in this environment and therefore the device must be as simple to use as possible. While a complex business network has so many if�s and but�s that it is near impossible to provide a "common" installation, configuration and management routine which almost auto-runs, in a situation where you have a huge percentage of users with a standalone PC running Windows, or simple NetWare LAN, the set-up of the ISDN device can - and should - be simplified as much as possible. The revised Windows-based set-up option now part of the new wave of Shiva ISDN routers is clearly a step in the right direction here. Of course, the hardware is only part of the story. While the ISDN hardware market is now well and truly established and largely consistent throughout the world, the same cannot be said of the ISDN service options. Even within Europe the costs involved in both installing and running ISDN connections varies hugely, though the same is also true of PSTN analogue lines. Look outside of Europe, particularly the US, and the plot thickens further. After a very slow start, the US has got into ISDN big time. With the competitive nature of the communications service provider market there, low prices were always a likely outcome once ISDN was accepted as a suitable medium. The result is basic rate installations being offered at as low as $18 a shot with very low line rental and usage costs alongside. At these sort of prices, ISDN is clearly an option for home users looking for fast Internet access as well as business users. The same cannot be said for everywhere however, not least the UK. Not only has the coverage across the UK been slower to roll out than expected, but ISDN prices have remained far, far higher than they should be. Maybe partly because of this, ISDN-based Internet access is hardly widespread. If our own experiences of trying to obtain a temporary UK ISDN Internet connection for testing for this report were anything to go by, this is hardly surprising. Neither UUNET (formerly Pipex) nor Demon - two of the biggest names in Internet access in the UK - could provide us with an ISDN connection. In the end Warrington-based Unet stepped in and provided us with a connection, though this was an existing service provided to Baynton-Thompson Networks in Wokingham. Getting back to pricing, even allowing for the occasional installation offer, you only need to compare prices with some of the European ISDN offerings, let alone the US, to realise how expensive the UK service has been - though the newly announced tariff reductions (long overdue) will help - and how this has again worked against ISDN Internet access. On the other hand, in countries such as France, Germany and the US, ISDN pricing does encourage its use for Internet access. In Germany, for example, ISDN is now being installed as standard, so there is clearly a huge market here, as local ISDN specialists such as AVM have noted, bearing in mind the company�s recent focus on entry-level products. If we try and analyse why ISDN pricing is so different from country to country, it basically boils down to protecting existing - and lucrative - services. The price differences are also in part due to the relative popularity of the service and how it is used. For example, in France ISDN is very popular for voice but not data, whereas in the UK and - to a lesser extent - Germany it is primarily used for transporting data traffic. A great deal has to do with protecting established markets however, not least the proliferation of private leased-line networks in the UK. In contrast to the UK's heavy investment in private networks via Kilostream or the 2Mbps Megastream lines, most of Europe's businesses rely on the public networks to carry their traffic. This, in turn, is partly because the public networks are that much better, cheaper and more advanced than in the UK. In the US, WAN bandwidth has long been far cheaper than Europe, so it is easy to see why ISDN is being introduced at such competitive rates. In the European ISDN world, top of the pile when it comes to installed base is Germany, while France has the second most established ISDN network in Europe. France Telecom was boasting national availability by 1990, a time at which you had to be in the right place in the UK to get the digital service (so little has changed there). Called Numeris, the service has been undergoing conversion to Euro-ISDN during this year, which is resulting in a planned price increase but despite this it is still significantly cheaper to install an ISDN line in France than in the UK. Germany is significantly cheaper still when it comes to both digital and analogue services. So currently, France, Germany and the US, from an entry-cost point of view, offer the most convincing cases for ISDN-based LAN or Internet access. In particular the combination of LAN to LAN interconnect and Internet access options is a strong argument to use for promoting ISDN in the business - rather than home-user - community. Having a single, high-bandwidth gateway for both services is clearly both cost effective and easy to manage. It also offsets the initial costs of setting up an ISDN installation and connection. It is clear though that the ISDN picture is a global one. A product needs to be able to support and justify itself in many different markets, supporting perhaps multiple ISDN "standards". Here, the Access Switch has flexibility on its side. Clearly of importance however, is the need to support as many ISDN client products from as many different countries as possible. While this is expensive in terms of development and support time, it is a key differentiator, as Shiva has already discovered with its breadth of client support to date. Appendix C: An Appraisal of The Internet - Pros & Cons Over the past 12 months the computer world seems to have gone Internet crazy. From home hobbyist to senior IT director, huge interest has been shown in this world-wide internetworking service. But how suitable is it for mainstream business pan-European (and beyond) networking? Originating in the US Defence Department over 20 years ago, the Internet is now a true global information network linking millions of users and networks in almost every country of the world. It is estimated that the number of Internet connections is currently growing at 10% per month. And there are now real commercial benefits to be gained from establishing an Internet connection. But it is as important to be aware of its limitations as of its benefits and particularly - where business is concerned - any potential security problems. Performance is also a key issue. You cannot expect to guarantee delivery of a file between two remote European offices in the same time as you could on a private network, for example. Also, modern remote access methods such as remote node, where you effect a remote connection to a LAN in the same way you would a local based file server, are not possible with the Internet. Typical Internet use involves sending and receiving E-mail messages and access to information services which provide hyper-text systems with embedded graphics, sound recordings and video clips. It is important to remember though that none of these services are provided as part of the Internet itself, which should be thought of as the underlying communications system that supports these services. The Internet is roughly equivalent to the phone system, in that an Internet connected computer can connect to any other computer given its Internet address (which is the equivalent to a phone number). This basic service is used by software applications to provide enhanced services such as e-mail and access to information services. But to gain the benefits of the Internet, two basic components are needed, a connection and selection of add-on services. The Internet provides a wide range of the latter, while there are now numerous access methods available from a wide range of suppliers. In addition to the most common services outlined above such as E-mail, there are other services which provide for remote terminal connections and file transfer links to remote systems. Recently services such as Gopher and World Wide Web have emerged and become extremely popular. Both of these are distributed information services. Distributed means that any Internet user can provide an element of the overall service. As an example, an advertising service on World Wide Web might include a list of dealers for a particular product. Selecting an entry on this list would automatically connect to that dealers World Wide Web server to enable you to retrieve and display the information provided. The information shown is under complete local control and could include whatever the dealer wanted you to see including photographs and possibly video clips. Gopher and World Wide Web are particularly significant because they provide a new level of service on the Internet and open up new opportunities for information providers and information consumers. Herein lies a potential problem however. Most of these companies are both information providers and information consumers; providers because they will want to publicise their products and services and consumers because users need information to carry out their job function. So to meet these needs, an Internet connection must support incoming and outgoing links, each of which poses its own security threat. The most obvious threat is the risk of unauthorised access to systems connected to a local network. Some level of incoming access must be granted for incoming E-mail to be received and for information services to be offered. A less obvious security problem arises from linking a network to the Internet, when all systems on that network are then potentially visible to the outside world. There are a number of tools which enable a network to be probed to discover the systems connected to it. In the wrong hands this provides detailed information on the number and type of computers running. Not only is this information itself potentially sensitive but every system on the local network, including desktop PCs, becomes a potential target for break in attempts. Outgoing access to the Internet also introduces security problems. Every outgoing connection carries information on the internal structure of a network. Each E-Mail message sent carries the identity of the sender in a format which includes information on the computer used. So an E-mail message from [email protected] may be acceptable for internal use, but the details should be kept hidden from a competitor. Solving this potential security threat could obviously be the difference between using the Internet seriously or not at all. One option is to use a firewall server which isolates your network from the Internet. There are several such products around, both software and hardware based, varying in price from a few hundred pounds to UNIX-based systems costing thousands of dollars. Solve the security problem though and you have access to what should be a valuable means of communication between remote offices, whether just in Europe or world-wide. As a pure date network however, the bandwidth is not really there to make it a viable proposition if you need guaranteed fast delivery of information. At least not yet. Therefore any help you can get at the ISP end - for example a reliable, fast communications server, will help matters. Yet another argument in favour of a box like the Access Switch! Appendix D: Internet Access. PSTN versus ISDN - A Feature Comparison As we have already identified in Appendix C, to some extent, where hardware is concerned the Internet is a bit of an equaliser. In other words, Netscape is Netscape and the Internet provider is the Internet provider, regardless of whether your connection is via 14.4kbps or 28.8kbps modem, or ISDN. Performance will be the big differentiating factor, but some of the benefits clearly found with ISDN over async modem connections in the remote LAN connect world will be less clearly defined. What exactly are we talking about here? Well, we're talking about all the features which have been developed to make ISDN devices the ideal solution for remote LAN access and take advantage of the rapid call set-up times it offers. Intelligent line management, protocol spoofing, multi-level filtering, redundant paths, SNMP management... the list goes on and on. All features which can be quoted ad nauseam to demonstrate why the ISDN bridge/router, rather than the modem, is the only true answer to today's remote node LAN connection scenario. After all, who wants to wait 30 seconds every time they want to reconnect to the LAN? But Internet access is typically session-based. In other words, you go onto it the come off it and carry on doing something completely different - e.g. word processing. So, other than the initial time spent waiting for the modem to make the connection, performance and - to a lesser extent - reliability are the primary benefits an ISDN Internet connection offers over a modem-based equivalent. Of course, looking beyond pure Internet access, there are stacks of arguments in favour of ISDN. The most obvious is that a device such as an ISDN bridge/router can be used for true remote LAN connections as well as Internet access. The second most obvious is that ISDN itself provides two 64kbps channels in Basic Rate format, so you can use data and voice simultaneously. Basically, at this point you can quote any of many reasons why ISDN is beneficial over async modem PSTN as part of the general argument in favour of the former, not just as an Internet access tool but as much more than just that. But - there is still the problem of cost. The cost of the ISDN device, the cost of the ISDN line installation, the cost of the line rental... all are significantly more expensive than an analogue modem equivalent need be. That said, ISDN devices - notably in the form of PC cards - are dropping in price dramatically. At the same time, the 28.8kbps (V.34) modems are still relatively high priced, many approaching $500 or more list price, depending on the country they're being sold in. Line installation is typically a quarter of the price however, as is line rental, so all of this will be built into the buyer's equations. From the point of view of a hardware vendor selling remote access products into this market, the ideal world product then is clearly one which supports both analogue and digital connections, hence the success of companies such as Ascend. With the Access Switch, Shiva is clearly bringing the right kind of product onto the market. The only problem might be that Shiva is not the only company to have spotted the reasons for Ascends� success to date.
|
|
Send mail to webmaster
with questions or�
|
