x
Optical/IP

VPNs à la Carte

IP Virtual Private Networks have long been viewed as the killer application that will get carriers back on their feet. But the truth is that most enterprise customers don’t want someone else managing their secure network connections.

Slowly, carriers are catching on to this fact, and some are starting to offer pieces of their managed services to customers that want to do the majority of the VPN work themselves.

Today, Virtela Communications Inc., a small service provider startup that specializes in managed IP VPN services, announced a “tool kit” of services that allows customers to buy parts of its managed service -- like Internet connectivity, IP transport, consulting services, and/or 24x7 network monitoring (see Virtela Launches DIY Toolkit and Virtela Scores $11M for VPN Net).

Selling services à la carte might be a good idea. In 2002, about 74.7 percent of enterprises were managing VPNs themselves, according to IDC. Only about 12.3 percent of enterprises use a fully managed IP VPN service.

As a result, carriers are missing out on a huge piece of the VPN market. Enterprises spent about $7 billion on gear to build their own VPNs in 2002. That figure is expected to grow to $10.3 billion by 2007, says IDC. By contrast, companies only spent about $2.3 billion in 2002 on managed VPN services. This number is expected to grow to $3.1 billion in 2007, according to IDC.

“A lot of carriers don’t realize that their biggest competitor is not another carrier, but the internal IT department of their customers,” says Steven Harris, research manager for IDC.

There’s already a small portion of the market interested in having the best of both worlds. According to IDC, 11.4 percent of enterprises say they manage some portion of their VPN services while outsourcing other parts to service providers. Harris says that carriers could easily tap into the do-it-yourself market simply by offering more individual services.

“Right now the carriers are doing pretty well selling their managed services in the 12 to 25 percent that wants managed services,” he says. “But as that market gets saturated, carriers will realize that there is a big chunk of the business that’s still untapped.”

Virtela isn’t the only service provider moving in this direction. MCI (Nasdaq: MCIT) has paired with a software company called SmartPipes to address part of the do-it-yourself market. This software provides automated deployment and management of IP VPNs, and also allows for remote management of VPN clients. SmartPipes also sells these tools as a management service.

There are several reasons why enterprise customers want to implement their own IP VPNs. A key one is reliability. Carrier IP VPNs often experience outages, says Harris. One weak link in the chain can cause an entire VPN network to go down.

Some customers also say they can put together a VPN service that is less expensive than what they’d spend for a managed service. A fully managed IP VPN, which uses IPSec tunneling and encryption over a T1 line, costs about $1,200 a month, says Harris. A typical T1 connection costs between $800 and $900 per month. This means that carriers make about $300 per month for each customer that is signed up for the service.

Many managed IP VPN services use the same gear that customers can buy themselves. Improved management features from leading vendors like Nortel Networks Corp. (NYSE/Toronto: NT) and Check Point Software Technologies Ltd. (Nasdaq: CHKP) have made it much easier for any firewall or WAN technician on the IT staff to set up and manage a full IP VPN network, says Harris.

By installing and maintaining their own VPNs, enterprises can select vendors and manage those relationships for the best prices and for best-of-breed functionality. Managing their own VPN also means that when a failure occurs, they don’t have to rely on a service provider that may be occupied with other customers.

— Marguerite Reardon, Senior Editor, Light Reading

sgan201 12/4/2012 | 11:32:59 PM
re: VPNs à la Carte Hi,
"The truth will set you free"
Why would someone pay a SP $300 per month extra on something that they can do themselves??
SP should focus on some real value added service.

Dreamer
nbwaite 12/4/2012 | 11:32:58 PM
re: VPNs à la Carte In the article we have:

Quote:

Enterprises spent about $7 billion on gear to build their own
VPNs in 2003. That figure is expected to grow to $10.3
billion by 2007, says IDC.

End Quote:

So the "Enterprises spent" past tense already in 2003?
Checking my calendar, we are now not yet 75% of the way
through 2003. So, if $7 B (billion) was spent already in
2003, to spend $10.3 B by 2007 may not require that the
spending "grow".

Either amount, the $7 B or the $10.3 B needs some
clarification, detail, and break down or something looks
wrong. E.g., from the graph with the article

http://www.lightreading.com/do...

can estimate that core IP router sales in 2003 will be about
$1.2 B, edge router sales about $1.8 B (= 4*$370 M), and the
total router market, $5.6 B.

So, the $7 B for "gear" for enterprise VPNs is larger than all
of world wide router sales. Thus, we would need a break down
of the $7 B to see what this "gear" is.
metroman 12/4/2012 | 11:32:58 PM
re: VPNs à la Carte This article also should raise another interesting point. Carriers should invest in L2 VPN technology rather than L3 VPNs. The enterprise is then just buying SLA based bandwidth over which they can run their own IP VPNs. (See Metro Ethernet Forum Technical Specifications)

Carriers already have L3 VPNs in the core for the most part and have found that take up is limited. To expand this to the edge/access parts of the network is a complex and difficult scaling issue. Perhaps a model for the future is to have VPLS services as an access-edge aggregation function and BGP VPNs as a Edge-Core function. Enterprises can then deliver both self-managed Intra and Extranet IP VPNs with internet access on the same service.

Metroman
jbsmith 12/4/2012 | 11:32:57 PM
re: VPNs à la Carte Once again we get a confusing hodge podge of information that mixes VPNs with security services.

Rather than equate the security value added services market (FW, IPsec, SSL, IDS, DoS mitigation) with VPNs - why not take a look at
the drivers behind each security service and
understand why they may be outsourced versus
Enterprise managed.

For example - may not be a big case for centrally
managing Secure VPNs remote connectivity via IPSec.
Enterprises can likely do it themselves for much
lower cost than outsource.

But - what about Intrusion Detection or DoS Mitigation? These require constant 24X7 monitoring
which it seems to me could offer an argument for
outsourcing.

I beg market research companies to clearly demonstrate
the link between various network deployment models,
VPNs and security - so far it just isn't happening.

Jeff
lightmaven 12/4/2012 | 11:32:56 PM
re: VPNs à la Carte Jeff, Good post. But I think an interesting facet is that the IP community (meaning Cisco) is doing a great job of selling VPN tools to the enterprise IT folks. I wonder when the carrier community which has suddenly fallen in love with Cisco will realize that they are sleeping with the enemy. Of course since they long ago got out of the technical end of their business who do they have to turn to.
go_ON 12/4/2012 | 11:32:54 PM
re: VPNs à la Carte Please differentiate what you mean when you say VPN. IPSec based VPNs for remote users and Extranet connections are very different to RFC2547bis network based VPNs and VPLS architectures, but are constantly confused in articles thus diluting the impact.

While a P-P IPSec link may not be worth a $300 hike. Managing the WAN mesh via VPLS or 2547 may be worth many times that ammount depending on the ammount of WAN interconnects any given company has. I would like to hear some opinion on where the thresahold is here. For how many WAN links / internal IT expertise required does it make sense to outsource the WAN mesh. What premium would be accepted.

My guess is for a largish corporation (50 sites) it takes 2 enterprise engineers to manage the WAN mesh. Lets say salary is $10k per month. Is this a feasible premium for carrier WAN managemnt?

go
go_ON 12/4/2012 | 11:32:34 PM
re: VPNs à la Carte Large enterprises are saying - manage my capacity and I will run the security. Oh and by the way, I will also manage my own routing so don't bother selling me IP VPNs.
____________________________________________
Hmmm, I agree with the security part, particurily as I dont see any security-based SLAs on the market. On the outsourcing of routing - companies are willing to outsource their precious routing tables if the economics add up. I work for a mid-sized vendor, with about 10 main sites. Our IT guys said for a while that no way would the outsource the routing tables. A large carrier then offered us 2547 at a realy good price and that stance quickly changed. Anyway it looks like vendors will need to have a mix of Martini, VPLS & 2547 in the network-based gear so there will be a choice



IPSec IP VPNs are used in smaller enterprises over the internet for remote access. This is a destinction that is never clearly defined in these kind of articles. This results in a story that sounds great, but when you probe a little it falls apart as you start to find the devils in the detail.
_____________________________

IPSec is also used by large corporations for the same reasons - for small branch offices & SOHOs. They wont start connecting main sites over this though - agreed. They also use IPSe for Extranets with partners, suppliers etc
metroman 12/4/2012 | 11:32:34 PM
re: VPNs à la Carte Whatever you do you need capacity.

Even if you deploy your own Pt-Pt IPSec "VPN" you have a choice. You either try and deploy it over the Internet or you buy some managed bandwidth over which you define the security parameters.

In my view, larger enterprises have expertise in-house for security, thus they like to keep control, this is understandable. These large enterprises will not deploy these "VPNs" across the internet. If they see networks as being critical enough to manage in-house then they will want some kind of SLA against their bandwidth.

Large enterprises are saying - manage my capacity and I will run the security. Oh and by the way, I will also manage my own routing so don't bother selling me IP VPNs.

IPSec IP VPNs are used in smaller enterprises over the internet for remote access. This is a destinction that is never clearly defined in these kind of articles. This results in a story that sounds great, but when you probe a little it falls apart as you start to find the devils in the detail.

Metroman
metroman 12/4/2012 | 11:32:33 PM
re: VPNs à la Carte companies are willing to outsource their precious routing tables if the economics add up.
_________________________________________________
Companies will do anything if the economics add up! I would be cautious knowing the cost of 2547 based solutions if they are sold cheaply by the operator. The operator also needs to make money somewhere.

If companies are not buying 2547 for any other reason than price, it is only a matter of time before it becomes simply a transport technology to deliver IP integration into L2 bandwidth.
________________________________________________
vendors will need to have a mix of Martini, VPLS & 2547 in the network-based gear

Completely agree
_________________________________________________
IPSec is also used by.........

Of course, I was mearly stating that the article had failed to make the distinction.

Metroman

slickmitzy 12/4/2012 | 11:32:20 PM
re: VPNs à la Carte What i see in my small sp is that companys do turn to 2547 vpns.
The reasons for them to do so are various:
1. 2547 vpn gives them the ability to mix between various l2 transport technologies without the need to manage and specialize in all those technologies.
For example most of my vpn clients uses adsl as the access thechnology for small branches and E1 leased lines or atm pvcs for their hq/main branches.
2. derived from 1, the ablity to mix access technology and choose bandwidth for every branch saves them money.
3.sometimes for the same budget they can get much much more bandwidth then in legacy wan networks like f.r.
In our case a 512/64 dsl will cost them around 30$ a month while a 128/128 f.r pvc will cost them around 50$ per month.

HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE