VPNs

Document Sample
VPNs Powered By Docstoc
					 Virtual Private Networks: The Options
 and Best Practices for Midsize Businesses




                                                                            Eric Paulak




Notes accompany this presentation. Please select Notes Page view.
These materials can be reproduced only with Gartner’s official approval.
Such approvals may be requested via e-mail -- quote.requests@gartner.com.
Is the Internet Good Enough?

Through 2007, the Internet will not be as reliable,
secure or consistent as a private WAN
(0.8 probability).


                Who Cares?

It will be good enough for all of your B2C traffic,
70 percent of your B2B traffic and more than half of
corporate WAN traffic through 2007 (0.8 probability).
Key Issues

 How will remote access and VPNs
 evolve through 2008?

 What are the advantages and
 disadvantages of VPNs for MSBs?

 What are the best practices for the
 successful implementation and operation
 of a VPN?
Key Issues

 How will remote access and VPNs
 evolve through 2008?

 What are the advantages and
 disadvantages of VPNs for MSBs?

 What are the best practices for the
 successful implementation and operation
 of a VPN?
   IP VPN: One Term – Several Concepts,
   Several Roles

                     NAP

            NAP

         POP
                        POP                                           POP

                                                       VPN Server

                                                                        VPN-Client Software

Internet VPN – Multiple ISPs
Encryption (IPSec), no SLAs
                                                                    VPN-Branch Router
Applications – Remote access, low -
 availability extranets
               Internet – Single ISP                    Managed IP Network
               Encryption (IPSec), one-size-fits-all    MPLS, strong SLAs
                SLAs                                    Applications – enterprise WAN,
               Applications – small offices, backup      high-availability extranets
                and overflow

                      Increasing Quality, Increasing Price
  Access to the Network
  2006 Residential         Good News               Bad News
   Internet Access
  in North America        High-speed access      High-speed access
                          is growing (by 2006,   availability is still
          Fixed           39 percent of          uneven and limited.
Satellite Wireless        residential access
2.4%      2.7%                                   Oversubscription
                          will be xDSL or
                                                 occurs at access
                          cable modem).
                 Analog                          concentration sites
                  50 %    End points are         and interexchange
 Cable
 28.3%                    capable of             points.
             Dial-up      displaying, hosting
             49.8%                               Sites get bogged
                          and executing rich
                                                 down with low-
   xDSL                   content.
   16.5%                                         speed connections
                                                 or underprovisioned
                                                 access.
      ISDN .4%
2003-2007 Remote Access Forecast

                     Individual
                    SSL/HTTPS




                 Individual
              IPSec/PPTP/L2TP


                 Site-to-site
                IPSec/L2TP               Site-to-site
                                           MPLS


  2001       2003                 2005                  2007
Key Issues

 How will remote access and VPNs
 evolve through 2008?

 What are the advantages and
 disadvantages of VPNs for MSBs?

 What are the best practices for the
 successful implementation and operation
 of a VPN?
Pros and Cons: Money vs. Management
VPNs vs. Frame Relay
Issue            Frame Relay            VPNs
 Performance     Guaranteed             Best effort to guaranteed

 Security        Inherent               Must be added

 Manageability   Easy, but inflexible   Flexible, but needy

 Coverage        Good                   Everywhere

 Bandwidth       Fixed throughput       Faster access, but no CIR

 Rates           Reasonable, but        Cheaper in U.S.
                 going back up          Much cheaper elsewhere
   The Real Cost of Higher Reliability
                   Network Cost + Lost Revenue = Total Cost
            Small Site                 Total Costs ($/year/seat)
   12 seats — 5.3 Kbps/seat             $3,500
        (indicative prices)
                                         3,000
 Costs ($/year/seat)
  $2,000                                 2,500
                                         2,000
   1,500
                                         1,500
                                         1,000
   1,000                                              99.5          99.7         99.9
                                          500
    500                                      0
                                                   $100       200          300      400
                                                 Revenue – $/year/seat (in thousands)
       0   99.5%    99.7  99.9
            VPN    Frame Private   Reliability Requirements:
                          Lines
              Reliability            Capital-intensive enterprises: more than 99.5%
  Lost Revenue      Network Cost
                                     SMBs and low-added-value enterprises: 99.5%
   Average total cost per device
  (Gartner Measurement)            Each enterprise must assess its own situation
Revenue per seat: $150,000/year
VPN Savings: Not as Much as You Think
                  $638,750           New VPN Annual Expenses
     Telecom                         Administration    $75,000
     Charges                         Extra Bandwidth   $24,000
                                     VPN Capital        $8,333
                                     Firewall (Client) $37,500
 Management                          Set-Up Charges    $75,000
      Costs                          ISP Charges       $60,000


 Maintenance

                                         Actual Savings:
 Infrastructure                             $358,917

            Dial-Up Costs    VPN Costs
 Is MPLS Any Less Expensive?
Frame Relay Pricing        Hub and Spoke   Frame Relay
                                              10 x $200 = $2,000
  T1 Local Access – $250                          9 x $50 = $450
  128 Kbps Port – $200                                    $2,450
                                           MPLS
  128 Kbps PVC – $50                          10 x $300 = $3,000
                                             Frame is cheaper
Initial MPLS Pricing       Fully Meshed    Frame Relay
                                              10 x $200 = $2,000
  T1 Local Access – $250                       45 x $50 = $2,250
  128 Kbps Port – $300                                    $4,250
                                           MPLS
                                              10 x $300 = $3,000
                                             MPLS is cheaper
Future MPLS Pricing        Meshed w/Q0S
                                               Frame Likely
  T1 Local Access – $250                     Less Expensive
  128 Port – $300                          But You Won’t Have
                                                 A Choice
  QOS Circuits – $????
Key Issues

 How will remote access and VPNs
 evolve through 2008?

 What are the advantages and
 disadvantages of VPNs for MSBs?

 What are the best practices for the
 successful implementation and operation
 of a VPN?
VPN Overview: A Full VPN
Is a Network Connection




                  DMZ
                Proxies
                 Filters
                Policies
MPLS –
The Core of a Converged Transport?
                            Frame Relay           MPLS
Speed                       56 Kbps to T1/T3      56 Kbps to 10Gb

Access                      Private line/DSL      P.L./Frame/ATM/DSL
Technologies                                      SONET/Optical Ethernet

Security                    High                  High

Traffic Prioritization Some services              Yes

Guaranteed BW               CIR — End-to-end      Yes — Throughput
Latency                                           and jitter

Meshed Network              Via predefined PVCs   Yes

Voice Support               Yes, many AYOR*       Yes

* AYOR = At your own risk
  Keeping the Inside World Separate
  from the Outside


                                 Frame Relay           Branch Office B
  Enterprise
     HQ
                              Optical
                              Network                  Branch Office C


                                                Core MPLS
                                                 Routers
Branch Office                       The                     Supplier 2
     A                            Internet

                                   Internet
                Home Office       Data Center       Supplier 1
  Move Over Frame Relay;
  It’s Time for MPLS


                                 MPLS VPNs              Branch Office B
  Enterprise
     HQ
                              Optical
                              Network                   Branch Office C


                                                IPsec
                                                VPNs
Branch Office                       The                    Supplier 2
     A                            Internet

                                   Internet
                Home Office       Data Center      Supplier 1
  Bringing the Internet and Extranet
  Into the Business IP Network


                                 MPLS VPNs             Branch Office B
  Enterprise
     HQ
                              Optical
                              Network                  Branch Office C


                                                MPLS
                                                VPNs
Branch Office                       The                   Supplier 2
     A                            Internet

                                   Internet
                Home Office       Data Center     Supplier 1
Remote Networking:
Four Partial Solutions
     Web Portal                      Access From Anywhere
                                             Browser- based
                                                 encryption


                   Internet              Do-it-Yourself VPN
                                                 IPSec client

                                                  Managed
                                                   Services
                  Private IP                       At home,
                                                 On the road


                    1-800-555-xxxx
                                                  Direct Dial
                                               You maintain
                                                the modems
“Thin” Is In, For VPN
Thin VPN:
  Best choice for low-bandwidth, wireless and noncompany devices
  Very low infrastructure needs   Works anywhere
Thin VPN Requirements for Device Security:
  Enhanced authentication and directory service integration
  Secure browser                     Session clean-up routines
SSL: Application or Network Access

 Private WEB access




      Private access for a
       designated C/S application




  Full network access for a
   designated workstation
Magic Quadrant Analysis
    Enterprise VPNs                                                                 SSL VPNs
 Challengers                Leaders                                   Challengers                            Leaders




                                     Cisco
                        Nortel
         Symantec                   Check Point                                                    Neoteris

                                                     Ability to                                               Aventail
                      NetScreen                      Execute              Nortel
                                                                                         Citrix

        Alcatel         OpenReach
     SSL Portals         Enterasys                                                                  Lemon Planet
      SonicWALL                                                                                       OpenReach
                                                                                     Whale
 WatchGuard                                                               Array                    Aspelle
                                                                  Info
              V-One                                               Express         Netilla         URoam
                                                                          Seagull
                                 As of August 2002                                 Tarantella                 As of April 2003

Niche Players       Visionaries                                      Niche Players       Visionaries
    Completeness of Vision                                               Completeness of Vision

From "Enterprise VPN Product 2H02 Magic                              From "Secure Sockets Layer Virtual Private
      Quadrant," 3 September 2003                                            Networks," 8 April 2003
VPN Service Provider
Magic Quadrant
                       Challengers                     Leaders




                                               iPass
                                                         Fiberlink

                                                   Aventail
                                     AT&T
    Ability to                     MCI          TManage
    Execute                                           Netifice
                                             Gric
                                Sprint
                                              Axcelerant
                                                   OpenReach




                                                           As of March 2003

                      Niche Players                Visionaries
                             Completeness of Vision
          (From “Managed Remote-Access 1H03 Leaders, Challengers” 19 March 2003)
Recommendations
For the WAN Backbone:
  Use traditional data networking (frame relay, ATM, MPLS).
  Use the Internet for redundancy.

For Branch Offices:
  Use traditional data for most locations.
  Use IPSec and the Internet where cost is most compelling.

For Remote Access:
  Use IPSec VPNs (managed services or “do it yourself”) if needed.
  Keep it simple. Use SSL-based portal access.

For B2B:
  Use private networks for high security and high reliability.
  Keep it simple for others – IDs and passwords, SSL.
 Virtual Private Networks: The Options
 and Best Practices for Midsize Businesses




                                                                            Eric Paulak




Notes accompany this presentation. Please select Notes Page view.
These materials can be reproduced only with Gartner’s official approval.
Such approvals may be requested via e-mail -- quote.requests@gartner.com.
 Virtual Private Networks: The Options
 and Best Practices for Midsize Businesses




                                                                            Eric Paulak




Notes accompany this presentation. Please select Notes Page view.
These materials can be reproduced only with Gartner’s official approval.
Such approvals may be requested via e-mail -- quote.requests@gartner.com.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:11/6/2011
language:English
pages:26