Saturday, February 11, 2012
Google  
Web voicendata.com
  RSS | Archive    
 Home > Networking Plus > New VPN Needs
  Networking Plus
New VPN Needs
Continued from page: 1
Monday, November 02, 2009

The Fourth Generation: Business-Aware VPNs
The driver for the fourth generation is customers' desire to completely outsource VPNs to service providers.

In fourth generation SLAs, customers will define their requirements in a non-technical language that they understand-the sites they have, the applications they run, the expected quality of experience (instead of quality of service), the relative criticality of the various applications, the required level of security, etc-along with the classical metrics of reliability and availability.

The main advantage is that the VPN service definition is agnostic with respect to the type of 'enabling' connectivity. This will be a huge benefit to providers introducing fourth generation services. Instead of being confronted with the complexity of marketing Layer-2 and Layer-3 VPNs and presenting techno-economic comparisons, service providers will focus their marketing efforts and differentiators on how close their service is to the customer's real needs, as understood from a business process point of view.

The service provider can decide whether it is preferable to deploy Layer-2 or Layer-3 VPN solutions per client, per network segment and even per site. Indeed, such a solution can combine Layer-2 Ethernet and Layer-3 IP connectivity (see Figure 3).

The key concept of the fourth generation is that the service provider will identify the application that has generated a flow (a voice call, a file download, a Citrix activity, etc) and use this information to handle the entire flow end-to-end, according to the type and level of criticality of the application.

In addition to controlled application-aware connectivity, some added-value functionality are also provided. These include-visibility (end-to-end quality monitoring, resource usage monitoring), online configuration, security, expenses control (alerts when new resources are required), applications acceleration, etc.

We will call these fourth generation VPNs 'Business-Aware VPNs' (BA-VPNs). The following two major features differentiate this new generation:

  • Service requirements will be defined in terms of quality of experience per application and performance of the business processes
  • The service is provided transparently to enable connectivity and network type, and may be delivered over IP and/or Ethernet between multiple customer sites.

BA-VPNs Market Opportunity
The customer demands for this type of VPN solution is not new. Historically, when an enterprise was facing quality of service problems, the first natural move was to negotiate the increase of the access bandwidth of the sites facing the quality degradation. This solution is expensive and doesn't always solve the problem. Indeed, the congestion may be in the servers or other parts of the network. Therefore, in the late 1990s, several start-ups introduced new enterprise monitoring appliances. Such equipment, owned by the customer, allowed for monitoring the usage of the access (WAN) links and optionally provided basic traffic control over available access bandwidth.

As previously noted, in order to better fit the requirements of enterprises' business processes, the third generation was introduced to, for example, enable services without any restriction on VPN topology, specifically allowing direct traffic exchanges between sites (usually based on the so-called 'hose model'). The newly enabled business processes are more distributed and, consequently, control of the traffic access link is suboptimal, so global control of VPN traffic is required. A few companies are now proposing solutions for this problem.

In any case, companies envision the application/traffic awareness solution in terms of appliances to be deployed at their sites, usually under their control (even when selected and bought by the service provider).

In the new generation VPNs, this functionality is outsourced and sold as an added value service, a key enabler for advanced business processes and a new source of revenues for service providers.

Overall Benefits of BA-VPNs
The most important benefits of BA-VPNs for customers include:

  • Network transparency from the point-of-view of the CIO and individual end-user. The CIO can outsource all possible networking functionality to a service provider. The end-user obtains the expected quality of experience on critical applications in any circumstance.
  • As a consequence, the company's business process can be enhanced, but more importantly, new business processes, to increase productivity and generate new revenues, become possible. Indeed, the dynamic protection of critical applications, seamlessly from the end-user point of view, and without requiring any specific expertise from the IT team, is a main enabler for deploying new business processes.
  • The global visibility obtained allows the enterprise to better control expenses and plan predictable services.

The most important benefits of BA-VPNs for service providers include:

  • The service provider sells the BA-VPN as an integrated service. It doesn't need to market different 'technically defined' offers (IP VPN, L2 VPN), requiring technical insight and lengthy negotiations. This is becoming more and more important as the trend of many CIOs is to outsource their networking and focus instead on core activities more closely related with the enterprise business processes
  • Differentiating new VPN services with high value proposition that leads to increased revenue and prevents customer churn
  • The new VPN offering is highly adaptable to every customer's specific needs
  • Optional additional VAS (application management, security, etc) are facilitated

Functional Requirements of BA-VPNs
To supply BA-VPNs, the service provider has to identify the flows generated by the VPN's various sites, then recognize which application at which site has generated the flow, and thereafter make a decision regarding forwarding (which destination, which path) and quality control (scheduling the various flows based on the type and criticality level of the application that has generated them).

For this purpose, the service provider may have to analyze customer traffic. The analysis can de undertaken in different ways, the most popular of which is the so-called Deep Packet Inspection (DPI). In DPI, at least for the first few packets in a flow, the content of the traffic is analyzed up to the application layer in order to identify the application. DPI can be complemented by statistical analysis of the temporal structure of the flows.

Traffic awareness, therefore, may require analyzing the traffic at several layers, including the application layer, as well as certain traffic semantics. This does not impose any restriction on traffic forwarding; traffic is usually forwarded at Layer-2 or Layer-3. In other words, a packet will be analyzed to decide to which flow it belongs to, or if the packet initiates a new flow. From this analysis, a decision will be taken on functionality like scheduling and queue management.

Implementing BA-VPNs
Based on the facilities of third generation VPNs (like IP VPNs or Ethernet VPNs), and new technologies (like IP Telephony), the direct traffic exchanged between multiple sites of a company is increasing. For example, in IP telephony the signaling for session (call) set-up and the media may follow different paths: typically, the signaling will be exchanged through a server located in the headquarters or data center, whereas the media (voice) will be exchanged directly between terminals that may be located at different branch offices, therefore resulting in a meshed traffic. In such a distributed environment, the traffic-aware control has to be distributed and it will require specific functionality at the customer premises. This functionality is under full control of the service provider in the BA-VPN service model.

At the customer premises, moreover, a service provider will deploy a device that will enable smart demarcation (fault management, quality of service control, etc) at Layer-2 (Ethernet) or Layer-3 (IP). To reduce capex and opex, it seems natural to integrate the whole functionality (traffic awareness and smart demarcation) in the same device. These customer-located devices will collaborate in the VPN architecture with centralized servers that will allow for a policy-based configuration of the customer-located devices, reducing opex even further. Since routing and switching functionality is provided by existing Layer-2 and Layer-3 VPN infrastructure, no additional investment is required. Previous investment serves as leverage for the provision of the BA-VPNs.

B-VPN and IMS
IMS is a session control plane that enables an IP network to provide managed session-oriented services, like telephony. It was first defined by the 3GPP to enable session control in pure cellular networks and, therefore, was integrated by ETSI in the more general TISPAN architecture, which also includes broadband access. This architecture also integrates other sub-systems like RACS (resource and admission control subsystem), which allows the application and/or the IP Multimedia Subsystem (IMS) to indicate resources and admission control policies for the network equipment.

In a BA-VPN, as defined in previous sections, control would be based on the recognition of the data flow. Control might also be triggered by a session control plane like IMS, which, for example, would limit the number of sessions to be established as a function of the load state of the VPN.

Dr Daniel Kofman and Dr Yuri Gittik,
The authors are chief technology officer, and chief strategy officer, RAD Data Communications
vadmail@cybermedia.co.in

Page(s)   1  2  
Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit
A Leap Forward
The Right Companion
I wish the partner service providers would offer more remote connectivity tools
 

Subscribe to our Newsletter
Name:
Email Address:




 

Current Issue
Click here to book your copy now






Your Opinion Matters

Does cloud computing cast a cloud on the future of IT professionals?

Is your Accounts Payable Solution working for you? Think Again…

   CIOL Services
IT News | IT Jobs | IT Outsourcing | IT Shopping
 



  For Voice&Data Print Subscription
  [ Magazine Subscription ]  [ Contact Info ]  [ Media Kit ]
 
Other CyberMedia web sites
[Dataquest]  [PCQuest]  [CIOL]  [Living Digital]  [CMR India]
[DQ Channels]  [The DQweek]  [CyberMedia Events]
[CyberMedia Digital]  [Cyber Astro]  [CyberMedia India]
[Global Services]  [BioSpectrum]  [BioSpectrum Asia]  [DARE]
[Computer Shopper]   [College Buying Guide]   [Technology Review

CyberMedia India Ltd

 
  Copyright © CMIL. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmaster@ciol.com