ATLANTA, Sept. 16, 1999 — At a New York Giants away game, it’s not just the players in the huddle who get nervous.
Team executives, huddled in a nearby hotel room or in borrowed space in the stadium of the opposing team, can feel just as anxious. Wherever they may be around the country, they still need immediate, up-to-date access to players’ medical records, contract information, team logistics and other information contained on computers back at New York headquarters.
With a Virtual Private Network (VPN), that’s what they get. Their Windows NT Server-based VPN extends the corporate network out over the Internet, giving executives secure access to corporate email, servers and the corporate intranet from any hotel room or conference center with a telephone line.
Despite their benefits, VPNs have had a slow start. To be compelling for more corporate users, say industry observers, VPN technology needs to provide broader interoperability with a range of current hardware and software. It needs to incorporate centralized management tools for faster and easier deployment. And it needs to scale to provide simultaneous support for the thousands of road warriors at each major company that could take advantage of it.
VPNs took these major steps forward at the Network + Interop Show in Atlanta this week. Visitors to N+I viewed the first-ever Windows-based VPN, showing support to more than 2,500 simultaneous users and per-session performance that doubles real-world 56Kbps connections. To address issues beyond protocols and performance, Microsoft also showcased tools that make deployment and management in the enterprise easy and more secure. Microsoft also showed state-of-the-art multivendor interoperability with the L2TP/IPSec standard for remote access security.
The platform that makes this possible is the new Microsoft Windows 2000 operating system, due out later this year. IT professionals and others attending N+I were the first to see demonstrations of Windows 2000 supporting this enterprise scale VPN solution, as well as demonstrations of another Windows 2000 feature, called Quality of Service, that improves network efficiency to boost mission critical application performance.
Making Scalable VPNs Manageable
In addition to showing high performance, enterprise-scale VPN services, the N+I demonstrations focus on features of the Windows 2000 VPN that enable high availability and customizable remote access policies. For example, the Windows Network Load Balancing Service balances client connections across multiple servers, which boosts availability and scalability. The Connection Manager enables the VPN to be deployed across an enterprise from a central location. And Internet Authentication Services enforce sophisticated remote access policies with VPNs, allowing IT managers to specify who can access the network when, with which level of encryption and authentication, and where they can go in the corporate network once a connection is granted. The demos also show how smartcards can be used to increase VPN authentication strength.
“In addition to being enterprise scalable, the flexibility and deployment tools of the Microsoft Windows 2000 solution means that corporations can put it to use more quickly and inexpensively,”
said Ron Cully, lead product manager for Windows networking.
“Because VPN capability is part of the OS, IT pros can deploy Windows 2000-based VPNs without putting — and paying for — special software on every client. An organization with a Windows 2000 Server and client access licenses has everything it needs for an enterprise-class solution.”
Standards-based Multi-vendor Interoperability
Companies often grow through acquisitions. Some companies elect to use multiple vendor solutions to suit specific situations. And many companies are planning to use VPNs to collaborate with their partners. This means that interoperability between VPN solutions from different vendors is critical. Because of proprietary user authentication, lack of address management, and other issues, interoperability is something that to date has been difficult to achieve. With the Layer 2 Tunneling Protocol in a draft standard status and solutions shipping now and in the near future, interoperability is on the way.
As part of the Microsoft partner pavilion, vendors including Altiga Networks, Cisco, Nortel and Routerware, will be demonstrating out-of-the-box interoperability with Windows 2000 Professional and Windows 2000 Server. In separate demos, the companies are showing interoperability between Windows 2000 Professional and non-Windows-based VPN gateways, between non-Windows 2000 clients and Windows 2000 Server, and between non-Windows-based gateways and Windows 2000 Server.
“Multi-vendor VPN interoperability is critical to support partner collaboration and to accommodate diversity within evolving enterprises,”
said Ron Cully, lead product manager for Windows networking.
“Layer 2 Tunneling Protocol gives customers the only standards-based approach to address critical remote access issues, such as user authentication, while also offering standards-based IPSec encryption. This demonstration shows that customers can plan L2TP deployments with confidence they will work together.”
Windows 2000
“Quality of Service”
Solution Boosts Network Efficiency
The Windows 2000 demonstrations at N+I also show off a
“quality of service”
(QoS) solution that lets network managers set priorities for the various types of traffic on their networks to guarantee performance for the most business-critical applications at times of the heaviest network use.
For example, a retailer might need to send inventory information from its stores to its regional distribution centers daily by 5 pm — which might be the heaviest traffic time for its network — in order to guarantee overnight delivery of out-of-stock merchandise to the stores the next morning. A QoS solution can give priority to that traffic over all other email and data transfers taking place at the same time.
Until now, QoS solutions have had limited effectiveness because they’ve not involved the applications or operating system that can maximize efficiency and reduce administrative complexity. The demonstrations at N+I highlight the value of end-to-end
“signaled”
QoS through a multi-vendor solution built from Windows 2000, Cisco infrastructure and policy management, and SAP’s R/3 ERP software.
Through the Windows 2000 generic QoS API, applications like SAP are able to request priority for types of activities that require attention, while other activities are left at
“best effort”
. Windows 2000 uses RSVP to signal the priority request to the network and receive policy back from the network. This approach lets the operating system help enforce network policy and lets the network use a variety of standards-based traffic handling methods to prioritize mission critical applications.
In the demonstrations, a SAP application with QoS priority status sends and receives information in about two seconds during peak network loads, while the same application operating under the same network conditions but without QoS priority status cannot complete its transactions without losing data.
“Windows 2000 raises the bar for QoS solutions because it’s the first platform to participate in an end-to-end QoS approach that allows applications to intelligently participate under the control of the operating system and the network,”
said Cully.
”
With all parts of the network working together for the first time to facilitate QoS, network managers will realize maximum network efficiency with minimum management overhead. The result is application aware networks and network-aware applications that deliver business-class service.
“With both the VPN and QoS enhancements in Windows 2000, it should be clear that Microsoft has worked hard to make Windows an exceptional networking player in the enterprise networking space,”
Cully added.
