The pressure to increase communications speed continues to build. Companies no longer exist in an isolated environment. E-mail and Internet access are necessities, and the increase in graphical content, streaming video, and audio content forces companies to increase bandwidth on a regular basis.
In addition, the corporate environment now extends to employees as they travel and work at home, which translates to more communications traffic and more demands on the links. IT managers must consider their broadband communications needs continuously and evaluate the cost of upgrading facilities.
Most large companies already implement dedicated links, called T1 or E1 connections. These leased lines provide dedicated bandwidth, but the expense of the lines make them impractical for smaller companies. However, providers now offer a wide variety of broadband communications services that provide cost effective, high-speed links.
Several companies implement these links as Virtual Private Networks (VPNs). The VPN establishes a communications tunnel using public switched networks, the company’s intranet, and dedicated links. Under VPN, an active communications link appears as though it is a dedicated circuit while it is active. The user, however, is only charged for the time and data actually transmitted, and that cuts costs.
The Options
Communications carriers offer a confusing array of broadband technologies. Unfortunately, services differ in each geographic location. This means that managers must first ascertain the available options in each region the company operates. Once the options are known, the manager also must gauge the viability of the service providers. Costs and scalability then dictate the solution.
Most market observers expect broadband services to capture a sizable portion of the communications market. These links can operate as follows:
- Digital Subscriber Lines (DSL) run at speeds up to 160K bps; support ISDN services.
- High data rate Digital Subscriber Lines (HDSL) and Single-line Digital Subscriber Lines (SDSL) operate at speeds up to 1.544M bps to 2.048M bps.
- Asymmetric Digital Subscriber Lines (ADSL) supports download speeds of 1.544M bps to 9M bps and 16K bps to 640K bps upload rates.
- Very high data rate Digital Subscriber Lines (VDSL) provides download transfers from 13M bps to 52M bps with uploads rates of 1.5M bps to 2.3M bps.
Carriers tout DSL as the solution for small offices, home users, and remote users that require high-speed communications links. In this market, the services generally compete with cable access. Businesses in general prefer DSL because it operates like a dedicated circuit, as opposed to the shared nature of cable access. DSL should perform at the same speed regardless of the traffic on the line, while cable circuits can experience overload from traffic.
In addition, companies have turned to satellite services. Once the domain of very large companies, the cost of satellite communications is dropping, although it remains higher than other land-based or wireless options.
In each of these technologies, capabilities vary. Some carriers, for example, provide high download speeds and relatively modest up-load capability. These connections work well for remote sites and heavy Internet usage, but they do not serve offices that need to transmit large amounts of data.
The Virtual Solution
VPN structures can vary from full client/server products that include management software and VPN support to server-to-server links to extranet VPNs that provide direct communications between a company and its suppliers and customers. Many devices use TCP/IP protocols to define the tunnel, and this technique promises to be cost-effective. As VPNs become better defined, several implementations will emerge:
- Point-to-Point Tunneling Protocol (PPTP) provides a secure connections using the Layer 2 of the OSI model. Developed by Microsoft and U.S. Robotics with PPP technology, it provides point-to-point encryption. However, it is limited to Microsoft NT servers.
- Layer 2 Forwarding (L2F) uses VPN connections to forward data and, in a sense, operates like a bridge on a switched network.
- Layer 2 Tunneling Protocol (L2TP) combines PPTP and L2F to support frame relay and ATM links as well as switched networks. It includes authentication, but it does not encrypt transmissions.
- Non-IP protocols: Many VPN products use IP protocols to create the tunnel for data transmissions. A few, however, implement other protocols, and this may be needed for some installations.
Secure Connections
Managers must ensure that the VPN implementation they select provides the flexibility and power they need. While the standards for VPNs evolve, managers also need to consider security. VPNs assign IP addresses, and this can permit unauthorized access. Therefore, encryption capability becomes a key consideration. The following list represent some security approaches:
- IPSec compliant products provide encryption facilities for data transmissions. They only support Internet Protocol (IP) traffic, encrypting the entire IP packet or the data.
- Key management software security remains a critical concern in Private Virtual Networks, and vendors are implementing public and private keys. The sending and receiving devices must obtain a key to encrypt and decrypt the transmission. Key management software allows communications managers to control the distribution of keys.
- Hardware certificate authorization: These devices send a certificate that identifies the sending and receiving systems. Once the devices validate the certificate, they establish a tunnel and transmit the data.
VPNs have a great deal to offer, but the flexibility of using switched lines or the Internet to support private network requires some limitations. Most products only support one protocol. Several require specific server platforms and require a relatively high entry cost. These products use a second protocol to establish the communications tunnel, which introduces additional processing overhead that can throttle the overall throughput.
Gerald Williams serves as director of quality assurance for Dolphin Inc., a software development company. This story originally appeared in CrossNodes, an internet.com site.