"It is the most sensible network option available," says UUNET`s manager: strategy, Greg Lock. "A VPN saves a company money, time and trouble and increases corporate productivity and efficiency - no matter which application you use to go on-line."
In essence, a virtual private network gives a company secure data transfer over public or shared networks. In other words, the company gets the use of a large and established network and only pays for that portion of the network that it uses.
Says Rob Lith, UUNET manager, Cape region: "The only way to obtain a cost-effective section of this kind of secure use of public or shared infrastructure, is to use a network service provider, such as UUNET. The provider sets up his own proprietary network by buying bulk bandwidth from Telkom in South Africa and international telecommunications companies such as MCI Worldcom and Global One.
"With that kind of global coverage a company like UUNET can give any customer company access to thousands of other networks locally and internationally - on a scale that would be impossible for the customer company to achieve on its own.
"Clearly, a WAN is going to fall far short by comparison and with the Internet becoming the standard for electronic business transactions, there is going to be a point in any company`s evolution at which the transition to a VPN will be essential. At that point, it will be evident that all the financial and infrastructure issues surrounding a network make it far too complex and attention demanding for a company whose core business is not the ownership of networks to do anything but outsource it.
"Also, when it comes to an intranet a VPN is the most secure way to go and also enables you to get service guarantees on the way your intranet traffic is moved."
The keys to on-line computing are redundancy and access to bandwidth. Redundancy saves commercial time and therefore money when a line goes down and company data traffic can be rerouted on the service provider`s network. Access to additional bandwidth on the service provider`s network allows for increases of traffic flow when the company begins to need it, without having to wait through the long delays often experienced in installing new intercity lines.
For a company with its own network to install additional lines for redundancy or spare bandwidth is prohibitively expensive. For a network service provider it is not, as the costs of redundancy and spare capacity are shared across multiple users of the network.
Then there is the constant evolution of the telecommunications and computer industries - with ever-increasing integration between them - which requires the type of large scale capital investment which is a normal cost to a service provider but an extraordinary cost to a non-network provider business.
Serious players in the VPN provider industry have Network Operations Centres monitoring services 24 hours a day, 365 days a year. Most companies also have engineers available around the clock to resolve network problems. For most organisations the cost of implementing these services themselves is unproductively high.
When it comes to the technical aspects of VPN offerings - again, they vary. UUNET offers VPN`s in two classes: IP-based VPN`s on an Internet backbone and layer-2 Frame Relay and ATM over a switched national backbone. IP-based VPN`s are typically implemented as tunnels carrying encrypted data over the public Internet network.
Lock points out that companies considering which option to go for should be aware that on IP networks quality of service is an evolving feature and does not yet match the maturity of quality of service on layer-2 based VPN`s. For critical service issues, including client-server applications and applications requiring database replication, quality of service guarantees are essential.
Says Lith: "For example, on an ATM network, your traffic can be prioritised or you can get a Committed Information Rate (CIR), which is just not possible on other types of network. On an ATM network, a service provider can give you a guarantee that, even though you are sharing a larger network, other people`s usage is not going to slow down or interfere with your traffic.
"In fact, an ATM network allows for a new generation of network service levels not possible on public infrastructures before while, at the same time, giving you the economies of scale of a public or shared infrastructure."
Using a service provider and a VPN infrastructure also allows for flexibility of options not available under the older systems. For example, for a company that has mostly internal traffic - as might be needed for an intranet linking branches around the country - the company`s own servers working off leased lines and the private circuit made available by the service provider will very often suffice in terms of bandwidth usage. For a company that might have a portion of its traffic connecting to the Internet (via, say, a web site) and therefore to a much more bandwidth-intensive public interface, a service provider can host a separate server directly on to its own backbone. That frees up bandwidth for the customer`s intranet as well as allowing high speed public access to that portion of the customer company`s online computing activity which faces externally.
The financial and infrastructural advantages are all in favour of moving to VPNs. "Even so, private enterprise networks will continue to occupy a useful place in the spectrum of corporate options, at least until deregulation of South African telecommunications happens and it becomes possible to carry voice over a VPN." says Lock.
What to look for in a VPN
"In many ways, the cornerstones of a VPN mirror the requirements that a company would have of its own WAN. There are five specific areas to look at: security, quality of service, reliability, manageability, scalability," says Lock.
Security
Subscribers on a VPN want the assurance that the VPN is, in fact, private and that their applications and data are secure. Security and privacy is implicit in layer-2 VPN`s based on Frame Relay and ATM, although additional security can be achieved through enabling encryption, either at the application or network layer. In VPNs built using IP tunneling, encryption is an essential part of enabling security and privacy.
Quality of Service
For applications running on a VPN, or a WAN for that matter, there are two fundamental requirements: predictable performance and policy implementation.
An integral component of modern networks is the implementation of policies to ensure that not only is sufficient bandwidth available for all of a company`s requirements together, but that sufficient bandwidth is available individually for each of the applications utilising the network. These network policies are used, for example, to assign network resources to critical applications such as ERP systems, to prioritise traffic originating from particular servers or to provide additional resources and priority for critical workgroups. As the VPN market matures the implementation and management of network policies is becoming an integral part of the VPN services offered by a network service provider, both in IP-based VPN`s and in IP networks running over Frame Relay and ATM.
Predictable performance is reliant on persistent allocation of bandwidth both in the service provider`s network and in the VPN itself and on appropriate prioritisation of service classes. Technologies utilised in allocating bandwidth are QoS in ATM networks and CIR in Frame Relay networks, and queuing techniques in IP networks.
Reliability
Service levels are driven by the underlying reliability of a VPN. Reliability of the services rendered to the VPN subscriber are increased by the reliability inherent in the service provider`s network.
Manageability
It is critical for a service provider to use good management tools. A Service Level Agreement is the tool for managing the VPN partnership between service provider and subscriber. Measurements of availability of service, time to repair faults and compliance with quality of service commitments are integral to any SLA and must be provided by the management systems. Access to this management information, both for service provider and VPN subscriber, is essential for managing the VPN. Online access to this management information for the VPN subscriber is desirable. Management information about network utilisation and performance is critical for planning the growth and expansion of the VPN.
Scalability
Scalability of a VPN solution is required to allow for growth and expansion. The scale of a service provider`s operation should be such that equipment can easily be scaled as the VPN grows and bandwidth provisioning in the service provider`s network should cater for increased requirements for the VPN. Globalisation of the service provider`s network also provides access in areas that previously might not have been considered.
UUNET SA
UUNET SA is South Africa`s leading Internet infrastructure provider. A joint venture between Datatec and UUNET Technologies, the company provides Internet connectivity and corporate network services to major corporations as well as access services to Internet Service Providers such as M-Web.
Datatec is a technology and services company focusing on corporate networking and the Internet. UUNET, the Internet services division of MCI WorldCom, is a global leader in Internet communications solutions offering a comprehensive range of Internet services to business customers world-wide. Visit the UUNET website on www.uunet.co.za.
Editorial contacts

