Tunnel vision provides safe links

Virtual Private Networks offer e-commerce secure connectivity from pretty much anywhere in the world, and for the cost of a...

Virtual Private Networks offer e-commerce secure connectivity from pretty much anywhere in the world, and for the cost of a local telephone call - just the thing to lure customers in. Steve Broadhead reports

Suppliers have spoken of the ultimate, secure networking solution for years. Its name is end-to-end computing and the idea is simple: a supplier delivers a complete physical and logical network connection from the user's desk, or mobile location to the destination point, be it a web server, an office network, or any other remote computer - all of this being transparent to the user. The problem has been that, regardless of the technicalities involved in applying an end-to-end solution, there has been very little to which it can truly be applied.

Along comes the e-generation of computing - with e-business and e-commerce - and the promise of a real application for end-to-end computing finally emerges. Given that the concept lends itself naturally to the Internet via the use of VPNs (Virtual Private Networks, e-business and e-commerce would appear to be the perfect applications for an end-to-end approach.

Industry analyst figures seem to support the argument that the Internet forms a truly global and inexpensive medium for e-business.

This is qualified by the astronomical growth figures quoted by Forrester Research in the US, for example, who forecast that inter-company trade over the internet will double every year. This means a surge from $43bn (£30bn) back in 1998 to $1.5trillion (£1trillion) by 2003, and this excludes the value of services exchanged or booked online.

Even if we take these figures with a pinch of salt and divide them several times over they are still impressive.

If e-business is clearly the "killer application" for end-to-end connectivity, then VPNs are equally the prize enabling technology.

A VPN is basically a Wan (wide area network) or extranet connection, typically running over a public service, such as the internet, rather than a company's own private network connections. The clever bit is that the end-user finds no discernible difference between using the public and private networks. Imagine a company that provides online shopping or banking services.

With a VPN in place, not only is it simple both to add company offices and home workers into the network, but customers can access your network in a similar, but secure, fashion. Features such as an online catalogue can then be offered for any of these users to view across the Internet.

Using VPN and the equally fashionable voice and data integration technology, for example, it would be possible for a customer to view the catalogue on screen while, at the same time, talking to a sales assistant. This need not be via an external call made separately to the office but as part of the same call, down a single VPN connection, to the same Web site, typically at local call rates.

This same basic strategy, plus innumerable variations on the theme, can be applied to any number of scenarios - technical support being one example where human resource can be supplanted by automated techniques to handle simple enquiries allowing the staff to concentrate on the more complex problems.

For example, a single call to the support centre could include either voice, data or both and the same centralised system could handle the call, however it is placed, in a fully automated fashion, only passing it on to a human operator when necessary. By employing such a system, a company could cut back on human resources while maintaining service quality levels, or even improving them.

This kind of approach is not feasible using a traditional, fixed Wan leased line service, but becomes realistic when VPN is used.

VPNs should be a catalyst for e-business so why has e-business not really taken off in Europe? Is it because the end-to-end connectivity that makes it so accessible has not genuinely been in place? Similarly, why have so many e-commerce oriented dotcom companies been floundering recently?

While there are many and varied reasons for these failures in each individual case, one major technical issue goes back to the end-to-end computing argument. As a means of getting ordinary, non-computer literate people into the e-world, the idea of a transparent, end-to-end connection clearly makes sense.

However, there has been one big technical issue that has slowed the uptake of both the technology and the applications - security, or rather, the lack of it. Several recent high profile cases of individuals gaining, mainly, incidental access to private company data by doing nothing more than browsing an e-business site, has highlighted the need for a truly secure end-to-end connection for e-business and e-commerce if they are to become popularised.

For example, apply the e-business+VPN solution to the idea of secure, online banking and it begins to make a lot of sense, from the user's viewpoint. Such a link needs to be secure from the moment a request leaves the users PC to the time it arrives at the destination Web page.

In order to make data connections secure when creating a VPN across the Internet, a "tunnel" is created between the source and destination end-points which encapsulates the IP packets that the internet uses and encrypts the data within. This tunnel is normally created by a device acting as a VPN Gateway - usually a dedicated piece of hardware - of which many examples exist. The problems have come with failure to agree on a tunnelling standard for global implementation.

Does this mean that standards-based, secure, end-to-end connectivity solutions still don't exist?

On the contrary, there have been several such products entering the market recently, such as Intel's newly announced Netstructure product range. This is aimed specifically at e-business and provides a complete, secure end-to-end solution from the user's desktop to the e-business datacentre. More importantly, it is aimed at both the service provider and the end-user.

John Miner, Intel's vice president for the communications product group explained, "Service providers are demanding unparalleled cost savings, integrity and performance, whereas corporations want ubiquitous and secure access for their employees, customers and partners."

The idea behind Netstructure is the need to keep both parties happy and key to the launch is a range of VPN products. According to Infonetics Research in the US, the worldwide market for VPN equipment is set to rise from $1.2bn(£1.8bn) this year to $3.7bn (£5.6bn) by 2004.

So why the sudden take-up of the technology by suppliers and users alike?

One reason is that the ongoing problem of a lack of security standards is finally being resolved. IPSec, especially, is a tunnelling protocol that the suppliers sought to support but, until recently, problems kept arising because it was a framework of open standards, rather than a single, tight industry standard. So each supplier has been able to produce their own interpretation of the IPSec.

The IPSec problems now appear to have been settled and, according to Intel's CPG marketing manager, Richard Lissenden, the catalyst has been the implementation of standards driven by the market rather than by the standards bodies themselves."We have made a lot of progress with fully secure IPSec-managed NICs [network interface cards] whether on the server, desktop or laptop platforms," he said.

Intel is using VPNs to connect remote workers or branch offices and suppliers on the Intranet and create the, seemingly mythical, end-to-end solution - but it is the secure element that is winning the day for the company, according to Lissenden. "With the use of standards-based SSL [secure sockets layer] encryption for enabling e-commerce we are giving users and customers real confidence in this solution," he said.

So end-user confidence would seem to be the key requirement for e-business and e-commerce to take off. and that confidence can come from the technology itself, said Bob Jones, director of the newly-formed DICA Technologies, a merger of companies which has brought together a product combination that, like Intel's Netstructure range, creates a secure end-to-end connection, transparent to the end user.

"The upsurge of interest in secure remote access into corporate networks using VPNs and encryption has been stimulated by the increasing deployment of technology to non-technical users. Such people require functionality with the minimum of complexity, and security has to be inherent and foolproof so that whatever the user does doesn't compromise the integrity of the corporate data," Jones said.

What Jones is looking to do with DICA is to place a shift of emphasis from pure functionality to a balance of "functionality and usability" in order to gain the all-important mass-acceptance from a broad user base in order for the e-world to really take off.

Jones explained, "The main benefit to the user is secure connectivity from pretty well anywhere, for the cost of a local telephone call. In short, remote connectivity seems to have shifted from being used primarily by 'techies' to the wider marketplace."

The business benefits of VPN

A VPN represents a way of quickly and easily extending your corporate network and realising cost savings at the same time; so many organisations will look at a VPN as a cost-effective alternative to a private remote access network.

A key attraction of a VPN is the way it enables you to make changes without incurring heavy time and cost penalties. You can make a connection into an ISP anywhere in the world and be connected into your VPN as a result. It only takes a few seconds to connect people together, which makes it perfect for remote or temporary users as well as for combined intra-company and internet access. This flexibility means that the number of potential applications for a VPN is enormous, not least for e-business and e-commerce.

What is IPSec?

While some IP (Internet Protocol) tunnelling schemes - the means of enabling a secure, end-to-end network connection - are still proprietary, most now support IPSec. IPSec is a framework of open standards for ensuring secure private communications over public networks like the Internet, for which reason it has been applied to VPNs.

IPSec offers a set of protocols developed by the IETF (Internet Engineering Task Force) to support secure exchange of packets at the IP layer. It supports two encryption modes: transport and tunnel.

Transport mode encrypts only the data portion (payload) of each packet but leaves the header untouched. The more secure tunnel mode, as used in VPNs, encrypts both the header and the payload. On the receiving side, an IPSec-compliant device must be present to decrypt each packet. This means that the confidential data within a transaction will only be "open" at the very beginning and end of each transaction.

Read more on Business applications