Virtual Document Processing

by Robert Schroeder

Product Manager, AT&T VPN Services.

With the ability to automate business transactions, Electronic commerce (E-commerce ) has become the buzzword in corporate boardrooms around the world. The challenge for network managers has been to empower their organization with E-commerce capabilities with a minimum cash outlay, with fewer staff resources and without jeopardizing the security of the corporate LAN. Virtual private networks (VPNs) can meet all of these criteria while giving organizations the flexibility to add and subtract business partners, remote offices and members of workgroups in real-time.

Previously, organizations used proprietary, point-to-point electronic data interchange (EDI) solutions to connect major customers, branch offices and key suppliers. They found that the fixed wire approach is quite costly and often leads to complex topologies that are difficult to manage. In addition, Internet EDI is limited to data sharing. A key benefit of the new VPN delivery technologies is, they enable interactive information exchange.

Expanding Definition

With the Internet as the backbone, sharing information and documents across the country or around the world is not only less expensive, it's easier to deploy and manage. These inherent features are now incorporated in a complete family of VPNs with solutions that range from internal networks (Intranets) and remote access VPNs, to external networks (Extranets).

VPNs have become increasingly popular because they improve the quality and timeliness of information exchange, increase productivity, enhance document/data accuracy, promote trading partner loyalty and improve inventory management. Business can be conducted around the globe, 24x7 at a fraction of the cost of older methods Y and in a fraction of the time. Because of the new generation of VPN products, transactions and information exchange can be done with increased confidence because of the enhanced security and reliability of the Internet.

The benefits are compelling, however, when transporting private traffic over a public Internet Protocol (IP) network, the exchange of information must be completely reliable and secure (Figure 1). To accomplish this, VPNs combine security (encryption, authentication and access control) with tunneling protocols. In other words, a private tunnel for a firm=s communications traffic is created over the public Internet network.

Multiple Levels of Security

Security has always been a major concern for IS and corporate managers because firms need the assurance that their data will be safe from prying eyes, protected from tampering, and safe from spoofing (outsiders masquerading as insiders). To solve these security issues, hardware and software manufacturers maintain data privacy through encryption. Data tampering is prevented using hashing functions (digital fingerprints) and spoofing is prevented by user authentication.

There are three levels of security:

Point-to-Point Tunneling Protocol (PPTP)

Focused primarily as remote access solution

Good for multiprotocol environments

Layer 2 Tunneling Protocol (L2TP)

Focused primarily as remote access solution

Good for multiprotocol environments

IPSec (IP Security)

Built-in security which defines encryption type between ends of the VPN tunnel

Operates at Layer 3 B offering better scalability and security with wide vendor and user support

Shades of VPNs

The exciting thing about VPNs is their scalability and the fact that the applications are not mutually exclusive (Figure 2). A company can deploy a VPN to link branch offices, expand access to remote users and then open the network to authorized outsiders while continuing to use the same equipment and services. Once the connectivity needs of remote and outside users are met, IS can use the equipment to dynamically create virtual work groups where users are assigned to specific groups and others are restricted from that group, all without having to physically move people or actually reroute/rewire the users= workstations.

Branch office VPNs connect the remote location to the corporate headquarters through tunnels that carry traffic over the Internet backbone. (Figure 3). By replacing leased line networks with Internet connectivity, organizations can achieve a savings of 20 to 40 percent over privately managed WAN (wide area network) solutions.

Remote access VPN solutions have become increasingly popular with the growing number of mobile workers and telecommuters. With a remote access VPN, the mobile employee dials into the service provider=s local point of presence (POP) and tunnels back to headquarters over the Internet. A user authentication application protects the corporate network from unauthorized access.

Obviously, with a large number of telecommuters and remote workers, there is a significant savings on the calls. Rather than placing a long distance phone call or using an 800 service to dial back to the company, the VPN allows users to make a local phone call to the provider=s POP. These savings can be substantial. In fact, some firms report that they have cut telecommunications charges from $1,000 to $2,000 per month to less than $420 per month using a flat monthly rate ISP service.

Extranets Y Reaching Out

For many organizations, the VPN that is causing the most excitement is the Extranet. According to Forrester Research, 50 percent of the demand for Extranets is to generate new business opportunities, and 33 percent of the demand is to meet present customer needs.

VPN-based Extranets give IT managers the ability to grant or deny customer, trading partners and business associates access to specific information within the company that is needed to conduct business. In addition, the authentication and access control can be used to manage levels of access privileges. Best of all, access approval or denial can be accomplished in real time.

By extending their extranets to key suppliers and distributors, organizations can quickly communicate accurate bill-to/ship-to information at virtually no increase in cost. They can also facilitate just-in-time inventory management. For example, by posting an electronic catalog and providing a link between the vendor, distributor and reseller, products move through the channel quickly, reducing the need for higher than necessary physical stock requirements.

The Auto Industry=s Extranet

One of the most ambitious Extranet projects to date is the Auto Network Exchange (ANX), which enables the big three automakers to interact and allows their 20,000 suppliers to track orders, invoices and payments.

When fully implemented, it is projected that ANX will save automakers $1.1 billion annually (about $76 per car). By eliminating proprietary communications systems, large suppliers can reduce costs and small suppliers will be able to access technologies they previously couldn't afford. With electronic exchange for billing, JIT delivery, EDI, CAD/CAM and other applications, the reliance on paper will also be substantially reduced. Many in the industry feel that the rigorously tested, business-only IP network backbones that organizations like AT&T are building to accommodate these exchanges will extend beyond the auto industry in the not too distant future.

Levels of Involvement

A successful VPN starts with defining how involved the service provider will be in handling VPN tasks; establishes a realistic level of QOS and negotiates an SLA that protects both organizations.

The biggest challenge for the IT manager is to determine what extent they want/need the provider to be involved (Figure 4). Options range from minimal involvement, where the provider delivers raw access and the IT staff handles everything else; to applications where the service provider delivers everything and manages the entire network.

Providers generally offer a full range of services that can be mixed and matched to meet the organization=s corporate VPN requirements. Because of the shortage of qualified IT personnel, most firms organize their VPN according to which areas are managed in-house and which are outtasked.

Once the division of labor has been established, companies need to ensure that they receive the level of performance they require. This means an effective and equitable service level agreement (SLA) should be negotiated that provides real value to the relationship.

The Best SLA

The benefits of VPNs are only realized if the exchange of information is completely reliable.

Every company that enters into a VPN relationship with a provider must be prepared to know what they want and why they need a Service-Level Agreement (SLA). The provider has to be willing to understand that the customer requires significant protection built into the SLA, and acknowledge that there are certain levels of performance that could justify terminating the contract.

The best SLA is one that incorporates both carrots and sticks. APerformance bonuses@ are included to encourage the service provider to exceed the service levels specified in the SLA. At the same time, the two organizations need to agree on fair credit arrangements for failure to meet specified service levels. During the SLA negotiations, both sides learn a lot about their prospective partner=s approach to important issues. It is an important step in establishing a long-term, mutually profitable relationship.

With a reliable VPN, businesses will not only have a competitive differentiator that will increase their productivity while lowering their costs, they=ll have a scalable solution that will continue to meet all of their growing communications requirements well into the future.