In spite of difficulties elsewhere in the market, the demand for IP VPNs (Virtual Private Networks) looks increasingly optimistic, with market analysts predicting rapid growth this year. BT Ignite has even credited IP VPNs as being “the fastest growing data product we’ve had for years”. Many other operators across Europe are also recording significant gains. So much so, in fact, that there were signs during the last quarter that prices for networking services may soon firm up and even start to go up slightly, a sure sign of growing confidence among providers.

Yet stories persist of major companies who have looked at the VPN services on offer and have expressed deep disappointment. Why is this? Our own research among medium and large corporate users offers some clues. Although we have found strong interest and increasing deployment of IP VPNs, the main applications have been for remote access services (especially for mobile workforces) and for site-site links as pure cost reduction exercises. Look deeper, and those site-site link savings have typically been due to replacing leased lines too. Not frame relay links.

This appears to be the main source of disappointment. IP VPNs are often hard pressed to offer substantial cost savings over frame relay links used for site-site data communication. Yet frame relay and ATM now represent the majority of the private network data communications market.

What gives?

Chasing costs

Once upon a time, the term VPN meant only one thing and one way of providing it: virtual voice circuits controlled by IN-based (Intelligent Network) public switched networks. Compared with building extensive corporate voice networks consisting of dedicated lines, these services provided a lower cost way for large companies to communicate site-site, both nationally and internationally.

That was it, though. Once a VPN was installed, there was little more to do to improve matters other than squeeze the operating costs, and therefore the network operator. This was network cost saving as an end in itself and perhaps not such an attractive long-term prospect for the network operator after all.

Then the Internet took off and suddenly VPN began to mean something different – providing secure access for remote workers to corporate networks via the Internet. What benefit? Potentially, substantial savings on network dial-up costs (particularly international dial-up) if a company has a lot of remote workers – a growing trend. Cost saving as an end in itself again? Not quite.

All Change

Remote access makes most sense as part of an extranet strategy: remote workers and trading partners able to access and interact with certain parts of a company’s internal information using standard client software – usually a browser. But what information? Certainly e-mail, but other applications too. Probably most usefully web-centric applications like customer support, sales and distribution for example.

This starts to change what a VPN is for - not just to save on communication costs but also to provide a platform for accessing applications built on top of it. As such it becomes more a means to an end and less of an end in itself. Cost savings then need to be looked at in a wider perspective – as possible stages of outsourcing intimately tied up with applications that also enhance the competitiveness of the user’s business.

This is problematic for many users - particularly those in larger corporations who have visibility of and management responsibility for networking costs but not of the applications run over them.

Back to the Future

Further, operators are now beginning to deploy MPLS (Multiprotocol Label Switching) into their IP backbone networks precisely so that they can offer control of network parameters at an application-specific level. Typically used for site-site high traffic links in a VPN, MPLS provides the quality of service mechanisms that were previously only available with ATM (Asynchronous Transfer Mode – as used on public voice networks). In doing so, users can determine precisely what level of service – such as delay or minimum throughput – an operator’s network needs to deliver for each application. For example e-mail delivery is not delay-sensitive, whereas SAP software applications usually are.

Other applications requiring a high quality of service – live or recorded video broadcasts, voice and videoconferencing for example  - may now also start to be incorporated more commonly. Indeed, to take just one recent example, during this month pan-European carrier KPNQwest launched an IP videoconferencing service for its VPN customers, utilising its MPLS deployment.

Pretty soon, those original voice VPNs installed to save cost will be catered for too as part of a multi-service IP VPN platform offering much more than just line cost savings.

And the catch is . . .

While all this sounds good, there are a variety of catches in making it a reality. One such is Service Level Agreements (SLAs). If VPNs are to deliver network services for specific applications, how is this reflected in SLAs in a way that is meaningful for users? Examples of application-specific SLAs are not thick on the ground. Indeed, virtually all SLAs are currently defined according to technical network parameters – and most are pretty loose at that.

It looks like there is a gap growing between what many users are currently looking for (traditional network cost savings) and where the industry is headed (application outsourcing). To reach the true potential of IP VPNs, this gap needs to be bridged. The prizes will undoubtedly go to those who manage to do so.

 © e-principles 2002

Robin Duke-Woolley

Any comments on this article? Please send them to : Editor@e-principles.com