Your ISP may be brewing a new class of virtual private network (VPN) services that will couple security, bandwidth management and guaranteed quality of service (QoS), but you probably won't see these services until early next year.
Some ISPs will be turning to Xedia to bring the new VPN services to business users. Xedia's new Access Point QVPN gateways will let ISPs develop VPN services that give users the opportunity to define class-of-service measurements over their virtual network while keeping it secure using 168-bit key encryption and X.509 digital certificates.
Xedia is expected to introduce its Access Point QVPN gateways next month. The devices will integrate IP Security (IPSec); Differentiated Services (Diff-Serv), a pending IETF QoS specification; and class-based queuing (CBQ) bandwidth management parameters, says John Morency, vice president at Renaissance Worldwide, a Newton, Mass., consulting firm.
Today, Xedia works with a handful of ISPs, including PSINet, UUNET Technologies and Sprint, but none have committed to deploying the Access Point QVPN yet.
But some unidentified ISPs are expected to trial the devices before year-end, one source says. Access Point QVPN will initially be targeted toward service providers, systems integrators and large enterprise business users. One device can support up to 4,000 simultaneous encrypted tunnels, a source says.
Corporate Technology Group, a Hunt Valley, Md., network integrator, wants to check out Access Point QVPN, says Eric Younkin, director of telecommunications.
Corporate Technology Group is supporting real-time accounting applications for some of its attorney clients, Younkin explains. Adding security to Xedia's bandwidth management features would be a good fit for users who want to keep financial information confidential and for businesses that need to support a lot of remote access users securely, he says.
For the first time, Xedia is supporting the IETF's pending IPSec protocol that defines encryption and authentication parameters for IP traffic. Xedia is using an "off the shelf" IPSec PCI card in Access Point QVPN, one source says.
Xedia is also supporting X.509 digital certificates for user and network authentication. X.509 support will let service providers offer their customers the most secure user authentication available today. Xedia is using Verisign and Entrust certificate authorities to issue, distribute and maintain its ISP customers' digital certificates.
While today business users and ISPs can deploy their own IPSec VPN equipment, they are limited when it comes to integrated QoS features, Renaissance's Morency says.
Xedia's CBQ technology lets users carve out and dedicate chucks of their VPN bandwidth based on traffic type, IP address or URL.
The company's Diff-Serv support lets users mark packets using the type of service (TOS) portion of an IP header. By using standard TOS code points, users will be able to send their traffic as first class, business class or coach across the public Internet when more vendors and ISPs roll out Diff-Serv support.
Initially, Diff-Serv QoS will only be available on Xedia-equipped networks. While Xedia plans on supporting Diff-Serv when its products are available next month, the technology parameters can only work if all routers and switches on the Internet understand the Diff-Serv language. And Diff-Serv development and adoption is not that far along yet.
But as the specification solidifies, analysts believe more ISPs and vendors will roll out support for the QoS technology.
Access Point QVPN is slated for availability by the end of October for $7,795 to $24,995, depending on configuration. Xedia is also developing a QVPN client that will be available next month for $79.
RELATED LINKS
'Net QoS hurdles cripple enterprise VPNs
Network World, 8/24/98
Say what? QoS in English
Network World, 8/17/98
Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.
Request a reprint or permission to use this article.
