Build a private network on infrastructure
By Zatni Arbi
JAKARTA (JP): In the not-so-distant past, if you were an IT manager of a growing company, connecting branch offices and plants in different cities and towns in Indonesia would mean building your own Wide Area Network (WAN), based, perhaps, on Very Small Aperture Terminal satellite links. This would be particularly the case if dial-up connection was no longer adequate to support increasing business demands.
Of course, if you just want to have the convenience but not the headaches inherent to managing networks, you can use the services offered by companies like Aplikanusa Lintasarta, which offer data communications services on their extensive Frame Relay, VSAT and other types of networks.
However, with the sprawling availability of the Internet, businesses now have an alternative. They can use the public infrastructure, and new technology has made it possible for them to have safe and secure links to their branches at a fraction of the cost. Today we'll have a brief look at the technology and some of the products that are available on the market.
VPN
When you build a network using public infrastructure, it is called a Virtual Private Network, or VPN. The clearest benefit is, of course, the slashed cost. Instead of having to dial directly to the headquarters in Kuningan, Jakarta, for example, a branch office on Jl. Slamet Riyadi, Surakarta, can remotely access the company database by connecting to the Point of Presence (POP) of a local ISP.
The phone charge would be local instead of long-distance. The same would hold true for mobile workers who may not be in the branch offices at the time they need to access their company's data. Naturally, the key concerns that will immediately come to mind are safety and security of the data that is being pumped along the line.
While tapping digital data that travels along the public network may not be as easy as tapping phone conversations between political figures in Indonesia, it is still legitimate to worry about data being leaked to competitors.
VPN helps by ensuring that data will be able to go back and forth through a "tunnel" that is established between the salesman's notebook to the corporate VPN gateway in the headquarters. Because it uses heavy-duty encryption, the tunnel is relatively secure and well protected.
Two types of VPNs are available. Based on a special agreement, the ISP may create a secured tunnel from its POP to the company's LAN. However, in such an arrangement, which is known as ISP- dependent, there is no protection to the data traffic between the client PC and the POP of the ISP. Another disadvantage is that there is still a very limited number of ISPs that offer VPN service.
The situation is made more complicated by the fact that data may traverse a number of different Internet Protocol (IP) networks, and not all of them offer the service. On the other hand, the advantage is that a large number of users can take advantage of the VPN.
In an ISP-independent VPN setup, users have to run a VPN client application on their PC. Once they are connected to the ISP, this VPN client application will establish the tunnel to the VPN gateway of the LAN at the central site.
To the ISPs, the encapsulated data traveling through the tunnel are just common digital data. They don't know that a tunnel has been created. The benefit is end-to-end security. The downside is that each of the users should have a copy of the VPN client application.
Currently there are at least three different standards for tunnel protocols being developed by leading networking players such as Cisco Systems and Nortel. These are Layer 2 Forwarding (L2F), Point to Point Tunnel Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). The last one was actually a hybrid of the earlier two.
Enter Intel
The name Intel Corporation should be as familiar to us as the name of the President's close confidante that has been making interesting public statements on TV lately.
Intel has been bringing us faster and faster microprocessors that power our PCs (the latest demo was a 700 MHz Pentium III processor). However, Intel has also been increasingly active in the networking market as well.
The Gospel according to Intel is that we are going to have a billion connected PCs throughout the world in just a couple of years' time, and to make it a reality the company has been working hard to push networking technologies forward.
As part of its strategy, Intel has been acquiring companies with promising networking technologies. One of them is Shiva, a company whose products allow companies and large organizations to provide secured remote access.
At an Intel press gathering recently, Ivan Lim, Intel Shiva's systems engineer, showed off his company's VPN solutions that allowed businesses not only to establish an intranet (a network internal to a company but based on Internet technology) but also an extranet to link them with their suppliers and customers based on the same technologies.
A series of products were also demonstrated at the briefing. "With Shiva VPN Client Application running transparently on a remote worker's or a business partner's computer, he can use the Internet to access the corporate network without incurring long- distance phone charges," explained Werner Sutanto, Intel Country Manager for Indonesia. On the other end of the tunnel, Shiva offers LanRover VPN Gateway.
However, a VPN is only as good as the public infrastructure that it uses. At the time when latency so typical of Internet connections has become intolerable, a direct remote access is a better solution. A salesman at his client site may require instant access, and only a direct connection to his company's LAN will help him. To support such needs, Shiva also offers products such as its LanRover Remote Access server and Access Manager. The latter will provide centralized authentication, authorization and accounting of remote users.
Acquisition of Shiva has not been Intel's only bold move in the networking industry so far. In another initiative just announced last week, Intel introduced a family of new network processors that can be used to build faster and more intelligent networks. It has even set aside US$200 million "communications funds" to be invested in companies that help develop what it calls Intel Internet Exchange (IX) architecture-based systems and software.
Now, could these initiatives mean that Intel has foreseen that it may not be able to continue to rely heavily on its flagship chip business in the future due to the fact that computer microprocessors have now become far too powerful for the majority of computer users?