Virtual private networks based on the internet protocol (IP) have truly come of age in the last two years. Throughout the economic downturn, the market for IP VPNs continued to post robust growth rates and now that recovery beckons, the future looks even brighter.
So what is the secret of success for this new networking technology? IP VPNs use the benefits of the internet's open infrastructure to link offices and staff in different locations, creating a wide area network (WAN) that can carry data and, increasingly, voice communications at low cost.
While there are lingering concerns about security, the cost savings from using IP VPNs instead of proprietary WAN technologies are winning over more businesses each day.
A survey by In-Stat/MDR finds that 89 per cent of US firms currently have an IP VPN or plan to have one within two years.
"We are seeing more large corporations look at IP VPNs because of the huge potential cost savings," says Richard Archdeacon, director of technical services at Symantec, the network security software company.
According to PA Consulting, annual savings on network costs of 20 per cent are easily achievable. In cases where the WAN traffic is confined to "dense" telecommunication areas, such as North America or western Europe, savings can be even higher - up to 40 per cent.
Of course, VPNs are nothing new. For years, carriers have offered VPN services to let mobile and remote users connect into corporate networks. But these services are based on "legacy" WAN technologies, such as X.25, frame relay or ATM, with complex tariffs based on time and distance.
As such, they are costly to use and require businesses to install and maintain special equipment. IP VPNs are not only cheaper in communications charges, they require smaller capital investments and allow businesses to shift more of their network support burden to external providers.
As IP technologies become more reliable, companies are increasingly considering moving IP applications to external hosting locations where they can be accessed through the web. Ultimately, it might be possible for a business to dispense with a dedicated corporate network altogether.
"A fundamental driver for IP VPNs is that companies no longer need to have their own network," says Martin Pettitt, a consultant at PA Consulting.
Already, many businesses are turning to third-party service providers to help run their IP VPNs rather than try to do it themselves. These "managed" IP VPNs constitute the fastest growing part of the IP VPN market, according to IDC, the market research firm.
Equant, one of the leading providers of managed IP VPNs, says this business is growing around 30 to 40 per cent a year , although it does not provide absolute figures. The data services firm, owned by France Telecom, says IP VPNs are replacing legacy networks as the chosen method for connecting offices and users around the world.
"By 2005, we expect IP to provide higher revenue than our traditional frame relay business," says Axel Haentjens, Equant's vice president for strategy.
Equant started life offering proprietary Wan technologies such as frame relay and X.25 to let large corporations connect their branch offices around the world. By migrating to an IP VPN, the costs of providing this type of multi-site global connectivity drop dramatically as Sea Containers, the shipping company, has discovered.
"It is an economically viable solution, especially for small, local offices, as we are not charged on a distance basis, but on access," says Duncan Scott, vice president of information services at Sea Containers.
The company recently signed a 5-year, $6.7m contract with Equant to connect more than 50 sites in 25 countries around the world. Previously, Sea Containers had been using Equant's frame relay service.
Like many large organisations contemplating a switch to IP, Sea Containers was attracted by the cost savings but had concerns about network performance and reliability.
"One of the big issues with IP VPNs is this idea that the internet is not necessarily as reliable as a traditional network," says PA Consulting's Mr Pettitt. Equant insists that its VPN services are offered over its own managed IP infrastructure rather than the public internet, which means performance and reliability can be closely controlled.
Equant plans to monitor Sea Containers' network around the clock via a web portal, and provide the firm with regular reports on the network's performance and service levels.
Equant says more than 750 multinational corporations now use its IP VPN services. The network can cope with varying demands in terms of performance and bandwidth thanks a technology called Multi Protocol Label Switching (MPLS) - a way of managing different types of IP network traffic.
Analysts say IP VPNs are much easier to deploy and scale using MPLS and Equant cites MPLS as an example of how IP networking technologies have evolved to address earlier concerns such as unpredictable performance and poor security.
"With MPLS you have exactly the same security as on Frame Relay," says Mr Haentjens.
Nevertheless, security remains a concern once traffic leaves a managed IP network and has to travel over the public internet. For these cases, Equant insists that companies use firewalls and encrypt their VPN traffic using a technology called IP Security, or IPSec.
"We do not promote using the internet to create VPNs unless you use IPSec," says Mr Haentjens.
The IPSec protocol is widely supported by vendors of networking equipment such as Cisco, Nortel and Lucent. Vendors hope to take many of the headaches out of managing VPN security with a new class of product called a network appliance, which bundles encryption and VPN gateway functions once handled by dedicated software into a
easy-to-manage device.
"Bundling a VPN gateway with a firewall is a very good idea," says Jim Slaby, senior industry analyst at the Giga Group, part of Forrester Research.
Security has long been seen as a big block to the broader adoption of IP VPNs, particularly for businesses already using traditional Wan technologies, which are seen to be more secure.
But analysts say the issue is more to do with perception than reality. A company that did not use encryption for its Frame Relay WAN is not taking on significantly more risk by not encrypting its MPLS links when it moves to IP infrastructure, argues Mr Slaby.
"There are different types of security available for VPNs so unless people are incredibly concerned about security, it is an issue that can be addressed," says Mr Pettitt of PA Consulting.
