ISP Planet - Technology - Extend Dial Access Reach b

Extending Dial Access Reach - continued

Pay Attention to Technology Integration
Enterprises looking to roll their own remote access VPN over the public Internet must pay attention to integration between dial access services, authentication methods, and VPN technology. PPTP requires only a "vanilla" dial-up connection to be established before the VPN Adapter is launched on the remote laptop or desktop. But IPsec remote access may require greater integration between the IPsec client and dial-up networking software used to place the call. Microsoft dial-up networking accommodates only simple user login/password authentication, but some VPNs may require stronger authentication methods like digital certificates, or even mutual authentication.

One company combining global Internet roaming with technology integration is iPass. Through alliance with 650 ISPs in 150 countries, iPass partners can offer their subscribers Internet access through 5,000 POPs, world-wide. A remote user dials into an iPass partner POP. There, username and password are encrypted and sent to an iPass Transaction center, which relays an authentication request to the "home network" authentication server. Once authenticated, the roaming user can initiate a VPN tunnel. iPass records usage, pays partner ISPs for POP access, and bills the "home network" (ISP or Enterprise) for services. Detailed statements enable ISP billing of subscribers or organizational charge-back within an enterprise. ISPs determine their own surcharge for providing POP access (e.g., $4.95/hour). Again, this compares favorably with international toll charges. I recently spent $23 for a week of iPass Internet access in China; during the same week, I spent 10x this amount for fewer minutes of voice calls.

Where does technology integration come in? Each ISP partner must install iPass RoamServer software to provide roaming client authentication. This software has been integrated or proven interoperable with authentication servers from vendors like 3Com, Ascend, Cisco, Funk, Lucent, Merit, Nortel, Secure Computing, and Security Dynamics. iPass Connection Software must be installed on the roaming client, where it must work seamlessly with VPN clients and security gateways from vendors like Aventail, CheckPoint, IRE, Microsoft, Nortel, RADGUARD, and RedCreek.

iPass established a lab to test integration with VPN vendor products. Last July, iPass announced the first round of testing had been completed with 3Com, CheckPoint, Intel, Microsoft, Nortel, and Novell. According to Bob Shoettle, VP marketing for iPass, "Through our VPN Lab, iPass is taking the guesswork out of configuring remote access VPNs. We configure the VPN solution ourselves…[and] document the results, giving IT managers a head-start on implementation via easy-to-install, proven configurations."

Are VPN vendors really willing to undergo testing and integration development effort with iPass? IRE Product Manager, Bill Pozerycki, says "IRE and iPass are working together to combine the sophistication and security of Soft-PK with the ease of use of the iPass dialer, makings the road warrior's task of connecting back to corporate simple and secure." According to RADGUARD's Iris Tal, "Radguard's relationship with iPass merges IPSec, the enabling technology for Internet remote access, with ISP partnerships, thus providing secure Internet access to corporate networks from practically anywhere in the world, and at local call charges." While motivation to partner with iPass seems clear, concrete business opportunities are undoubtedly needed to justify any development effort for integration.

Final Thoughts
Remote access VPNs present a wide variety of ISP revenue opportunities. From increased demand for basic Internet access to a large, roaming market for POPs, VPNs mean growth in network infrastructure revenue. Value-added services, ranging from customer network management to encrypted tunneling, build upon network infrastructure to further tap the VPN market. By capitalizing on opportunities to provide ubiquitous, low-cost Internet access, you'll also help your customers realize remote access VPN return-on-investment.

—End

Return to the top of the article