
Virtual Private Networks
Customer Premise Equipment for VPN
Services - continued
Software-based VPNs
One more option to consider is the software-based VPN server. Products
like Aventail's Extranet Center are essentially software deployed on general-purpose
computerstypically someplace inside the customer's
firewall. Software-based VPNs may operate as proxies that intercept application
traffic and redirect it to another server. From an ISP perspective, this
alternative can be attractive because it involves a single, dedicated
device with greater independence from routing and firewall concerns. However,
software servers only scale so far, and some customers may consider a
general-purpose platform to be a security risk.
Customer sensitivities
Of course, there are other alternatives to consider: adding VPN support
to a router that sits inside the firewall, locating VPN hardware on a
DMZ, or placing VPN CPE parallel to your customer's router or firewall.
Placement of CPE is not a simple question, and there are no easy answers.
However, service providers must pay attention to a number of customer
sensitivities regarding CPE placement and management.
- Customers who already own a firewall or access router may prefer to
purchase a VPN add-on from the same vendor, rather than introduce another
vendor's product. This is most relevant for turnkey VPN services. ISPs
may be wise to qualify several products and allow customers to select
the product that best meets their business needs.
- Customers may more readily accept introduction of new CPE than installing
new software on existing customer-owned CPE. Turnkey service providers
may find it useful to offer preconfigured "drop in" VPN hardware; managed
service providers are better positioned to absorb the reconfiguration
and tuning required to add VPN support to an existing managed firewall
or access router.
- Customers will look to ISPs to recommend placement of CPE with respect
to access routers and firewalls. This does not mean customers will allow
ISPs to dictate placementbut
it does mean that the most successful ISPs will be those prepared to
discuss network topology issues, identify obstacles before deployment,
and recommend solutions that overcome them.
The bottom line: treat CPE selection as a critical component of service
deployment. Don't be swayed by vendor pitches that argue the best kind
of CPE is the kind they happen to market. Listen to vendors, weigh their
arguments, and talk to your prospective customers before making this strategic
decision.
End
return to the top of the article
Questions? Comments?
Drop a line to the Author or the
Editors.
|