The dangers of DIY VPNs

Businesses should rethink their networks as the first step towards implementing an enterprise WAN, says Jill Ainscough

The falling prices of Digital Subscriber Line (DSL) connections have made high-speed, high-performance networks a reality for businesses of all sizes. At the same time, the world is rapidly moving towards IP. Legacy WAN technologies such as ATM and Frame Relay have been relegated to ‘old school’ status.

But a number of companies appear to have taken the “I” in IP a little too literally. Sales of “DIY” internet VPNs – which use conventional DSL connections and VPN hardware to encrypt the traffic as it passes through the internet – are booming. Uptake doubled between 2003 and 2004, according to IDC.

Though cheap and easy to install, internet VPNs are risky. Well suited to basic processes that are not time-critical such as email, they fall short of the high performance, sophisticated “next generation” IP applications that can transform business performance.

These applications rely on certain network performance guarantees in order to operate – but it simply isn’t feasible over the public internet. Traffic moves as quickly as conditions dictate, which means there is no way to predict network performance. For example, internet-based voice over IP applications are simply too unpredictable to support a business.

Fault management can also be a major headache with DIY VPNs. With customers effectively responsible for managing their own WANs, rectifying a fault might involve physically visiting each location and testing every component.

Migrating from internet VPNs to a more resilient alternative need not involve rebuilding the WAN from the ground up. DSL is an ideal access technology, yet private IP infrastructure is the best home for traffic thereafter, not the public internet. Most operators can carry IP traffic across their infrastructure: indeed, a few only support IP. QoS measures inherent in Multiprotocol Label Switching (MPLS)-based infrastructures like the new generation of “pure IP” networks enable the implementation of sophisticated business applications, while end-to-end service level guarantees and reports tell customers exactly what they get for their money.

Internet VPNs should be regarded as the first step towards an enterprise WAN, but nothing more. Only MPLS VPNs can provide the level of resilience that can support long-term growth – and with support for a vast range of applications, offer considerable opportunities for resellers able to harness them.