Have managed VPN services made any progress?

The prototype of the new service announcement is very similar in nature to a recent one from UUNET. In that announcement, MCI Worldcom's ISP rolled out its UUsecure service which came with the mandatory prerequisite support of IPSec along with standard service level agreements that guarantee 99.9% availability from site to site for 10 sites or more. In addition, UUNET is guaranteeing that the average round trip latency between VPN sites will be less than 120 msec. The CPE supporting the service will be Xedia's AccessPoint QVPN product, a multifunctional box that also supports network firewall and server farm front-end switching services as well as basic routing and tunneling.

Despite the increasing critical mass of providers, formalized service level metrics and a broadening array of exotic CPE, managed VPN services have yet to even come close to the usage levels of more traditional public services such as Frame Relay or ATM. Depending upon whose numbers you follow, the global revenue for managed VPN services was roughly between $400M and $500M last year, growing at the annual rate of between 45% and 55%.

These numbers clearly indicate that there are customers for managed VPN services. However, many appear to be fairly quiet customers. Renaissance's research has shown that good reference accounts for managed VPN services are often hard to come by. But some of the research results show why the alternative to managed services - the in-house implementation - may be the way to go for many users. Those users who do have some form of VPN in-house cite both telecom and capital cost reduction as the primary benefits.

Generally, both of these benefits can be achieved without having to relinquish management control of the network to a service provider. I can make this assertion through experience. We actually have implemented an in-house dial VPN within Renaissance using GTE Internetworking's Dialinx service and Nortel Connectivity boxes. Both service and box have run quite well with very few problems. Based on the critical relationship between the quality of remote access services to the well being of our business, it doesn't seem rational to say that giving GTE or some alternative provider control over the service would be a major improvement over what we have today.

Despite the initially slow start, however, I do believe that managed VPN services will have a bright future. Of the three classes of VPN -- remote access, site-to-site and extranet - the extranet class of service has the most significant long-term growth potential, even though it's the least used today. It is this class of service that will likely require the expertise, global reach and objectivity of a third-party provider in order to bring home the projected benefits. As electronic commerce becomes more and more mainstream, particularly business-to-business e-commerce, I suspect the same will also be true for managed extranet VPN services.