Deciding on an Enterprise IP-VPN Solution?
When considering VPN deployment, there are four common solution sets that usually meet the needs of the Enterprise customer:
- Remote Access
- Site-to-Site Connectivity
- Tight business controls to prevent stocks loss
- Extranet Applications and
- Security Solutions
An Enterprise might require one or all of the above in implementing their VPN model, and while perhaps being aware of the usual merits of choosing an IP-VPN as a cost-effective, secure and flexible solution meeting the above requirements with the ubiquity of the IP protocol, a multiplicity of networking options renders decision-making a formidable task. This is even more so for those Enterprises seeking to migrate their legacy networks to an IP-VPN, where investment protection and a seamless service migration and retention adds another dimension to the overall decision-complexity.
Whatever comes around to be the final networking solution, the Enterprise customer must seek to have a clear perception of some fundamental network service attributes which would aid a well-informed decision best suited to their specific requirements.
Here is one possible IP-VPN service checklist:
1. Secure Connectivity
- Layered Architecture ensuring multiple levels of security
- Full support of security protocols: tunneling, authentication, secure routing
- Secure design to seal trap doors, provide DoS protection, firewalls, anti-spoofing
- Ease of use
2. Business-Grade Service
- High network reliability - deliver Quality of Service (QoS) with high network availability
- Use of redundant common equipment from the ground-up
- Use Carrier-class equipment ensuring 'five nines' equipment availability
- Support Traffic shaping, Policing, Accounting, Filtering, Policy forwarding & DiffServ marking of packets
3. Investment Protection
- Interoperable with existing WAN services and hardware (example, Frame Relay)
- Ability to overlay network gracefully on existing equipment to provide the full services complement
- Provide clear migration path from legacy WAN to IP-VPN
4. Scalability
- Provide a smoothly scalable network solution to hundreds of sites
- Support a range of access and trunk speeds and protocols
5. Business Case
- Offer solution architecture customizable to the Enterprises' unique requirements
- Offer a comprehensive suite of solutions including Site-to-site, Remote access IP-VPNs, including strategies for migration of legacy (Frame Relay) networks to IP-VPN
6. Value-add services Offer
- Security services
- Traffic management
- Multi-service capabilities
- Secure routing services
- Remote access and Extranet service
7. Proven vendor track record
- Offer IP-VPN services for almost every Enterprise need
- Leading market share
- Key Reference accounts
- Recognised by industry analysts
- World-class service and support
Here is a quick reckoner comparing legacy networking services to IP-VPNs:
|
Comparing Legacy with IP-VPN Architectures
|
| Criteria |
Legacy Services |
Legacy Services |
Network-based IP-VPN Services
|
| |
Private Line |
Frame Relay
|
|
| Cost |
Highest cost solution |
Viewed as cost-effective for hub
and spoke networks |
Lowered capex and opex (due to limited number
of VPN devices at customer's premises). Cost-effective
in comparision to legacy (non-IP) VPN's. At the
end of 3 years the TCO of the service would be
50% less than the cost of comparable WAN solution.
|
| Scalability |
Least scalable solution |
Scalable for hub and spoke designs
|
Highest scalability for large networks. Network-based
IP-VPN's are fully-meshed in nature and pre-configured,
IP-VPN's are virtually defined by the provider
within its network.
|
| Converged Video, Voice & Data
Support |
Well suited for individual application
on dedicated pipes or channelized circuits |
Strong support for data applications.
Voice and Data endpoints have to be on same Frame
Relay network |
With QoS and service delivery
standards in place, IP-VPN's are ideally suited
for converged, multimedia the networks. |
| Perceived Security |
While perceived to be secure due
to dedicated circuits, lacks encryption & authentication |
Perceived secure, but lacks encryption
& authentication |
Security at par with Frame Relay
from PoP to PoP, and with optional encryption available
over the last mile (IPSec) makes the IP-VPN as secure
as CPE-based solutions. |
| Any-to-Any Connectivity |
Static, connection-oriented technology
is not conducive |
Static, connection-oriented technology
is not conducive |
Inherent IP capability, including
international & dial IP-VPN's. Coverage includes
almost every type of customer stie. Network-based
infrastructure works as a intermediary for multi-vendor
connectivity. Supported vendor equipment communicates
with the "neutral IP-VPN Cloud" as opposed
to directly communicating with each other. |
|
