conference analysis - csudhsom.csudh.edu/fac/lpress/articles/giga/ni981.pdf · on streaming media,...

Volume #5 CAN #426July 17, 1998 by Barbara C. McNurlin & Laurence I. Press

Conference AnalysisIn-depth reports on leadingIT conferences

Networld/InterOp 98Presented ZD COMDEXand ForumsMay 4–8, 1998Las Vegas, Nevada

Introduction

This is the second installment ofour continuing coverage of theexpansive Networld+Interop 98show in Las Vegas. —Ed.

Table of Contents

Introduction 1Keynote 2: The Next Generation ofBroadband Communications 1State of the Web: A Perspective 3Training and Distance Learning 5Multicast Grows Up 8Extranet War Stories 10ISPs as Enterprise Partners forVPNs and Remote Access 14Editorial Analysis 19

Keynote 2: The NextGeneration of BroadbandCommunications

Rob Glaser, Founder andCEO Real Networks

Mr. Glaser covered thefollowing general topics in hiskeynote:

• Internet & intranet trends• Communications based

computing (applications)• Technical challenges &

requirements

Internet and intranet trends. One trend is strong growth. There were an estimated 57 million Internet users in 1997, up from31.4 million in 1996.

Exponential growth andwidespread acceptance of the Internet as a viable shopping medium is expected. Revenues from e- commerce transactions topped out at an estimated $707 million in 1996. Estimates for 1997 rounded out at $2.6 billion in e-

commerce transactions. In addition, online ad revenue jumped to $906 million in 1997, up from $268 million in 1996.

Another trend is the growth ofwidespead acceptance of intranets.

Companiesthat are:

July,1996

Sept,1997

Considering 10% 12%Evaluating 7% 16%Using 14% 50%

Connection speeds are alsorising, but office connections aremuch faster, producing a bi-modalenvironment:

Oct.,1996

Oct..,1997

14.4 kbps 21% 7%28.8-56 kbps 61% 70%ISDN 4% 5%>= T1 14% 18%

The great majority of PCs arenow multimedia-ready. TCP/IP,HTTP, HTML, and other standardsare now in place. IP connectivity ispretty well restricted to PCs today,but set top boxes, wirelessconnections, cable, etc. well greatlyextend that.

Conference Analysis #426

2 © Giga Information Group � One Longwater Circle � Norwell MA 02061 � tel. 781.982.9500 � fax 781.878.6650

Communication basedcomputing (applications).

Communication basedcomputing is also with us andgrowing. We moved from terminalemulation in the late 1980s to LANsand WANs in the early-mid 1990sto LAN/WAN and Internet today.We have now moved beyond textand can assume wide accessoutside of our work world.

Mr. Glaser foresees threeimportant communications-basedapplications emerging:• Desktop conferencing and

telephony• Multimedia email and

messaging• Streaming media delivery

• one to many livebroadcast

• one to one, or one tomany on-demand

Mr. Glaser predicts thatmultimedia email and messagingwill catch on once people becomecomfortable with leaving videomessages (as they did withanswering machines), and we getsimple tools for editing andcorrecting. He feels in three or fouryears multimedia email will be ascommon as text based email.

Mr. Glaser's company focuseson streaming media, controlling 85percent of Web sites that hoststreaming technology. He feelscomplex ideas are easier to conveyand digest when video is used.Streaming media volume isincreasing rapidly:

April,1997

April,1998

Streamingweb pages(thousands)

80 307

Live hoursper week(thousands)

40 150

RealPlayerusers(millions)

8 22

This is faster than Internetgrowth, and comparable to the rateof growth of the Web about threeyears ago.

There is also growth in live,continuous feeds. There are nowover 1,000, 24 hour-a-day liveaudio and video stations on the Net.The number of users has alsoexploded. Over 20 million userswith unique email addresses haveReal Player software, and that isgrowing at a rate of 100,000downloads per day.

The range of applications onthe Internet is also broad:• Broadcasting

• news/information• entertainment

• Marketing and selling• advertising• product demonstrations

• Teaching and training• Personal communication

Mr. Glaser singled out news,citing MSNBC research showingthat people average nearly as muchtime per week reading online newsnearly as many hours per week asnewspapers:

NewsMedium

Hours/Week

Broadcast TV 5.7Cable TV 5.0Radio 4.5Newspapers 3.6Internet/Online 3.5Magazines 2.4

He demonstrated short video"headlines" in a streaming contextusing the latest version of theirsoftware.

Mr. Glaser said streamingmedia is being widely used forexecutive briefings and otherexternal communication onintranets. He showed clipsillustrating executive briefings atBoeing and 3Com, each of which

was viewed by over 10,000 people.(The Boeing clip had Spanishsubtitles, incidentally.)

Mr. Glaser stated that Boeingis saving about $130,000 perweek using streamingtechnology. Sales force training isanother strong application forstreaming media, and he presenteda testimonial from MCI and a clipfeaturing management consultantand author Tom Peters.

Technical challenges andrequirements.

Mr. Glaser asked what thechallenges were if we were to makesuch things universal. Hementioned bandwidth requirements,protocols to support isochronouscommunication, and standards.

Today we are in a bi-modalperiod for bandwidth—some havehigh bandwidth now, others areusing modems. Enterprises andon-campus LANs will havebroadband capability soon, but theramping up will be slower in wide-area networks.

The installed base of cablemodems grew from 100,000 at theend of 1997 to around 200,000today. At this rate of growth, it willstill take a very long time to reachthe 100 million households in theUS.

The most optimistic surveys hehas seen suggest that by the year2000 only around 15-20 percent ofUS households will have highspeed access via cable modem,Digital Subscriber Line, or satellite.He cited a Jupiter Communicationssurvey showing the followingcommunication rates to UShouseholds today and in the year2000:

Speed 1998 2000sub-28.8K 89% 18%56K 10% 65%high-speed 1% 17%


© Giga Information Group � One Longwater Circle � Norwell MA 02061 � tel. 781. 982.9500 � fax 781.878.6650 3

High-speed communication tothe home will not be ubiquitous inthe near future, so they areintroducing new data types thatstream well—text and audio withsynchronized stills (including clientside effects and fades).

Applications must also scaleand run on mission criticalnetworks. IP multicasting (see thereport in this issue) will beimportant. They also have aproprietary splitter technology whichcan be used where multicasting isnot available. They have deployedsplitters in the US and Japan (withMCI and NTT). Local caching isalso important.

Customers also expectbroadcast-level reliability andperformance, and they are nowdoing dynamic protocol andbandwidth negotiation (before andduring sessions) and interpolating toreplace lost packets. He showed anexample in which a pause for re-buffering was needed using theirold technology and the newtechnology merely degradedgracefully, maintaining continuity.

At the transport layer, Real-Time Streaming Protocol (RTSP) isnow an IETF standard (RFC 2326).At the application layer, we have anewer standard: the SynchronizedMultimedia Integration Language(SMIL). Mr. Glaser referred toRTSP as the "HTTP" of streamingmedia and SMIL as the "HTML" ofstreaming media. SMIL is now aW3C proposal, and it allows forsynchronization of all types ofstreaming media—video, audio,text, images, etc. They supportboth RTSP and SMIL in their latestsoftware.

They feel streaming must beopen, so any data type or fileformat can be streamed.Synchronized playing of live orstored streams from any server toany client is also a requirement if

streaming is to become ubiquitous.To this end they are working withmany vendors, and Mr. Glaserlisted many data types they nowsupport.Mr. Glaser summarized by statingthat we are entering a new era ofcommunications basedcomputing, that key technologiesand standards are aligning, earlyadopters are already derivingcompetitive advantage, and thetime to deploy is now.

State of the Web: APerspective

Ed Tittel, PresidentLANWrights, Inc.

Ed Tittle is a well-known authorand consultant and member of theInterop program committee,specializing in networking with anemphasis on the Web. Hispresentation was one man'spredictions about Web technology,not tools or demographics. NatanyaPitts-Moultis collaborated on thepreparation, but Mr. Tittle made thepresentation.

He began with a disclaimer,stating that the past can predictnothing new, and that revolutionarychanges can and do occur. Forexample, he asked how many peoplewould have predicted the rise andfall of Active-X three years ago.

His talk covered fourtechnologies:

1. HTML 4.02. Cascading Style Sheets (CSS)3. Dynamic HTML4. Extensible Markup Language

(XML)

HTML 4.0The HTML 4.0 recommendation

came from the World Wide WebConsortium (W3C), on December18, 1997. It comes in three flavors,one requiring strict adherence to thespecification, one that is atransitional state between 3.2 and4.0, and a separate one for thoseusing frames.

It took W3C 26 months to getfrom version 2.0 to version 3.2,which gave vendors time to createand propagate proprietary features,and version 4.0 is an attempt tounite browsers. The separation ofpresentation from content with stylesheets is a big step in this direction.Tables and frames are alsoimproved. Unicode is alsosupported, allowing us to get awayfrom English and the Romanalphabet.

His advice is to move to HTML4 in order to ease support ofmultiple browsers and hardwareconfigurations. Mr. Tittle predictedthat HTML 4 will create a newlowest-common-denominator forWeb content, but he still feels that itfails to offer truly customizablemarkup or dynamic behavior.

Cascading Style Sheets (CSS).There are two CSS versions:

CSS1: Recommended,http://www.w3.org/TR/REC-CSS1

CSS2: Working Draft,http://www.w3.org/TR/WD-CSS2/

CSS1 fulfills the same functionas templates in Microsoft Word orother word processors and pagepublishing programs. You candefine styles by name, specifying



things like font size and types andtext colors, and you can positionitems precisely on the page. Youcan establish a list of fonts to beused if the user's machine does notsupport your first choice.

There are also color controls.For example, you could set level-1heads to be blue by default, yetoverride that at some point in yourdocument. You can even assignbehaviors to color, for example,having it change when the mousemoves over some text.

You can create a library of stylesheets which can be referencedexternally. This allows a centraldesign group to maintain a library ofstyles to be used by the organization,providing control and uniformity ofappearance, and frees peopleconcerned with content from havingto be make style decisions. Mr.Tittle recommends moving to CSS1.(Natanya Pitts-Moultis has written abook on CSS1 for Coriolis Press).

CSS2 is a strict superset ofCSS1, so your CSS1 work will beprotected. It supports differentmedia types, which means you canprovide alternative forms of deliveryfor the same content. For example,you could offer sound in place ofvideo for blind people. (You may belegally obligated to do so).

There are also font handlingextensions, like allowing a differentfont for the initial character in aparagraph and other text effects youare used to seeing on printed pages.In addition, there are style controlsfor tables, for table headings, celldata, padding, etc. Layers anddynamic positioning of elements onthe page are provided and librariesof standard headers and footers are

possible. You can even associate adifferent color palette with a page asa function of the user's browser.

CSS make it easy to enforce aconsistent look and feel and separatecontent from presentation; however,one must learn a new, more complexmarkup and syntax. Mr. Tittlepredicts that CSS be commonly usedfor complex sites, but may beoverkill for simple ones.

Dynamic HTML.Dynamic HTML allows

dynamic client-side behavior,without requiring traffic between theclient and server. Appearance maychange and local updates may bemade without involving the server.Microsoft and Netscape do this insomewhat different ways, andMicrosoft has even copywritten theterm "Dynamic HTML" (with acapital D). W3C is working on theirspecification, but the work is goingslowly, and in the meantime,Microsoft and Netscape arecharging ahead.

W3C is attempting to considerCSS, DHTML and XML together.This will enable things like changingthe color of the third level-3 headingon the page after the document hasbeen downloaded. This sort of thingcan be done in response to userevents like mouse clicks or movingthe mouse over an object on thepage.

Mr. Tittle suggests taking anexperimental approach, but perhapsnot converting your site until thestandards shake out. The WC3working draft can be found at:

http://www.w3.org/TR/WD-DOM/

WC3 has been more influenced byMicrosoft than Netscape, partiallybecause Netscape did someunpopular things like onlysupporting JavaScript as a scriptinglanguage, and supporting non-standard CSS.

Microsoft's Dynamic HTMLhas a full-fledged HTML object andevent-handling model, and iscompatible with CSS1. It providesa means for communication with adatabase on the server. There arealso a number of multimediacontrols, like canned dissolves andwipes between sequential screens.Voice and key commands cangenerally substitute for mousecommands.

Netscape has a different objectmodel and style sheets, and dynamicbehavior is achieved by displayingdifferent layers. This requires re-rendering entire pages to make smallchanges. Netscape can only changecontent while the page is stilldownloading, unless you havemultiple layers. This means, forexample, that to play a long videofile with Netscape, you would haveto download it with the page;whereas, with Microsoft, you coulddownload it only if the user clickedon the button to play it.

Dynamic, event-drivenbehavior is key to next-generationapplications. This will move theWeb from a document repository toa general purpose platform for manyapplications.

Mr. Tittel believes, however,that we are at least a year awayfrom a standard. So, for now, youshould either content yourself withexperimentation only, or be resignedto having to deal with the



complexities of two platforms(unless you have an intranet and cancontrol the user environment).

Extensible Markup Language(XML).

XML stands for eXtensibleMarkup Language. You can findthe most recent recommendation:

http://www.w3.org/TR/1998/REC-xml-19980210

XML is a metalanguage, whichmeans it is a notation that allowsyou to define custom markuplanguages. You must define tagswith a rigorous document typedefinition (DTD). XML is a subsetof the Standard Generalized MarkupLanguage (SGML). HTML is anexample of one tag set which may bedefined via an SGML DTD.

Since you are free to define yourown tags, XML provides greatflexibility. There are over 35 knownXML-based markup languagesalready in use. Examples are theChannel Definition Format used forautomatic software maintenance,Chemical Markup Language formolecule description, andMathematical Markup Languagebased on Donald Knuth's TeX.

XML has the potential to allowthe definition of multimedia datatypes, eliminating the need for plug-ins. Via the SynchronizedMultimedia Integration Language,sound, graphics, transition effects,etc. will be synchronized. There isalso a Commerce Net initiativeunder way to define an XML-basedmarkup language for electroniccommerce.

XML will provide greatflexibility in data types, linking, and

application behavior, but it requiresa working language of SGML,which is no small task. CharlesGoldfarb, one of the inventors ofSGML, is editor of an SGML bookseries at Prentice Hall, and thiswould be a good starting place forlearning. Tittel predicts that overthe next 5-10 years XML will makeits way down from the high-end togeneral acceptance.

Certification and Commerce.The Web is becoming a global

marketplace, but electroniccommerce has too many standards tosettle down yet. The same is true forprivacy via encryption, identitymasking, cookie refusal, contentselection and blocking, identityverification, authentication forcontent and code, restriction of whatexecutable code (like Java applets)can do on your machine (you maywish to allow software from certainsources to have more rights thanother software), and secure storageof sensitive data.

Solutions to these problemsinclude certification and use ofdigital certificates, electronic wallets(how do you synchronize yourdesktop and portable wallets?),secure electronic transactions, theXML-based Commerce Net industryinitiative mentioned above, eCash,and micro-payments.

Since there is so much money tobe made in e-commerce, Mr. Tittelis confident that the standards andsystems will eventually becomeavailable—it is inevitable. For now,either plan on spending at least$5,000-10,000 on a turnkey systemor on spending a lot of time.

Mr. Tittle threw in a fewadditions to his prepared talk. He

cited a Gartner Group study statingthat it costs $15 a year to maintain adynamic Web page and $225 a yearto maintain a static web page. Hementioned that servelets—server-side applets that extend back-endfunctionality—are gainingimportance and that people are nowbeginning to plug Web servers intodocument management systems,thereby cutting maintenance cost.(This has been done with databasesfor some time. It is the sort of thingthat reduces maintenance costs from$225 to $15 per year).

For slides from this presentationor additional information, pleasesee:

http://www.lanw.com/

Training and DistanceLearningModerator: Al Gordon,Program ManagerSiemens Virtual University

This session focused primarilyon low bandwidth, instructor-directed training which combinedsynchronous and asynchronousmaterial. The application is atSiemens and the server softwarefrom Databeam. There were threespeakers, Yatman Lai and AlGordon from Siemens and DebbieBlack from Databeam.

Yatman LaiManager for LearningTechnologySiemens Virtual University

Mr. Lai gave an overview ofSiemens view of the role of trainingand distance learning. Training isstrategic at Siemens, and the trainingdepartment is challenged by



globalization, competition, anddemands to increase productivitywhile cutting cost. Siemens also hasself-directed work teams, with notime for classroom training, socontinuous learning is needed.Training is key to attracting andretaining people. Distant mentoring,training and collaboration are allimportant.

Education was traditionally donein a group learning environment witha captive audience. Computer-basedtraining (CBT) like CD-ROMsallows any-time, any-placeindividual training, but you areisolated and on your own. Theyseek a middle ground with somematerial on-demand and someinteractive:

On-Demand

• curriculum planning• course catalog• course schedule• course enrollment• Web-based learning

Interactive• discussion groups• data conferencing• application sharing• audio-graphic conferencing

(and later video)

Today companies have intranetswith information scattered aroundthe organization. But ideally theywant to have learning-relatedmaterial available in one place onthe intranet, at a "virtual university,"with reference material and Web-based training.

This material must beaugmented with live, interactivetraining—"the glue that holds it alltogether." The interactive materialmay be a dialog with someone, anexpert you can ask a question of,

discussion groups, dataconferencing, audio-graphicconferencing, application sharing.Ultimately video conferencing willbe widely used, but it is still tooearly.

Their goal is to make learningless intrusive (and time-consuming).They want to create a classroom onevery desktop and laptop and anetwork of interactive learners. Youdo not ask "what course can Itake?" Instead, you look at thewhole knowledge repository of thecompany, and ask "what can Ilearn?"

They will support continuouslearning, collaboration, mentoringand independent workgroups on theNet. Success factors includefostering a company culture thatembraces networking, a tremendousamount of knowledge to be sharedwithin the company, and a strongrelationship between the training andIT departments (which is nowstrategic).

The line-of-businessorganizations are also important andmust value their role in the transferof knowledge. Employees must alsosee training as worthwhile andvaluable. Finally you must promoteit. Training and education—themanagement and dissemination ofthe organization's knowledge—is theintranet "killer application."

Debbie BlackMarket DevelopmentDatabeam Corporation

Siemens uses Databeam serversoftware for their virtual university,and Debbie Black talked about theirview of distance learning and theirproducts.

The technology for onlinecollaboration has improved inrecent years. It began withexpensive video conference roomsfor high level meetings, usingproprietary audio and video formatsin the 1980s. In the 1990s, desktopconferencing and standards beganto emerge. In 1996-97, we saw thetransition to IP networks using low-cost equipment with standards inplace. The next challenge iscultural issues, and Ms. Blackexpects a relatively large share ofcost and effort to be in content andconsulting rather than hardware andsoftware.

She gave the audience sometips:

i Training needs to be live andinteractive at least at sometimes.

i It must also be Web-based andeasy to access. Databeam nowuses thin clients and Javaapplications so the user hastransparent access to easily-used software.

i The interactive portion oftraining must also be wellintegrated with self-pacedmaterial.

i There must be an alternativefor those who miss groupmeetings or other synchronousevents. You can also integrateInternet material with yourWeb-based training.

i You must know your audiencecapability and how they connect(e. g, their speed ofconnection). It is critical thatyou adhere to standards: T-120for multi-point datacommunications and H-323audio and videocommunication. RSVP andother forthcoming service-quality guarantee protocols will



be compatible with these whenthey are deployed.

ISPs are also deploying serversso that you do not necessarily haveto operate your own. For example,MCI offers a Net-basedconferencing service, and will setup an audio or data conference foryou on demand. The same maybecome the case for distanceeducation.

There is a tradeoff between theamount of interactivity andmanagement complexity. Browser-only operations are the lowest end.Next comes Java applications, butyou must ensure that users haveJava-enabled browsers, theapplication can get throughfirewalls, etc. Full applicationsoftware like Microsoft NetMeetingis most powerful, but must beinstalled and capable of operating.

Databeam has two IP products,a conference server and a learningserver. They are used in fourgeneral areas: brainstorming andplanning, team meetings, largeonline events, and virtualclassrooms. A company typicallyruns both, and Ms. Black gaveexamples of each from marketing,help desks, training, companymeetings, etc.

Al GordonProgram ManagerSiemens Virtual University

Like all companies, Siemens isconfronted with fixed function jobsevolving into expanded roles, rapidtechnology change, short shelf-life ofknowledge, and the need forcontinuous learning rather thanevents like classes. For the trainingdepartment, this means more coursesand instructors, but the reality is thattraining budgets and headcounts arenot increasing.

They are under pressure to cutfield expenses and to improveproductivity. Siemens providestraining and education for 5,800employees in the US, and has begunworking with distance learning.

They had good infrastructure,including a nation-wide LAN/WAN,and introduced an intranet with goodremote access capability. They alsohave modern desktops with PentiumPCs running Windows 95. Withthat technology base, they launchedtheir Virtual University forinstructor-led synchronouseducation.

They decided today's low-bandwidth video quality was toopoor, so they went with audio-graphic conferencing—separate, butsimultaneous data and documentconferencing—carried over IPnetworks and using the Databeamconferencing server. This iscombined with a simultaneousconference call using the public-switched network (not telephonyover IP).

They provide instructor-ledsynchronous education. Mr. Gordoncited data showing that less than 12percent of purely asynchronous(self-led) CBT courses arecompleted in the corporate world.They combine synchronous andasynchronous training, with studentsdoing CBT and taking tests betweenon-line class meetings.

The program was low-cost(under $30,000 hardware andsoftware) and easy to implementrelative to video conferencing.Education is at the desktop—office,home, a hotel, etc.). This is theprecursor for desktop multimedia

(which will be ready in three or fouryears).

They are using a medium sized(233 MHz Dell) server withmoderate specifications, WindowsNT, Microsoft's Internet Information(Web) Server , and Databeam'sserver software. They have theirown audio bridge for the voiceconference. (At first they usedcommercial telephone conferencing,but realized they could pay for theirown bridge in about two-monthsbilling).

They also have a remote accesssystem. They initially used FarSiteand NetMeeting clients, but foundthem cumbersome to install and notwell suited to their applications, sothey are moving to Java and thinclients. Users also began using thevideo for many other applicationsand for playing around, so they wentto a stripped down version ofNetMeeting that did not allow end-user conferencing.

The instructor and students cantalk, share a whiteboard, use ahighlighter or drawing pen, shareapplications, etc. They find thismuch more compelling thanPowerPoint presentations.

Students can save presentationsand material can be imported fromcommon graphic formats and anyWindows-based program like Excel,Word, or Power Point. They canalso do screen and video capture.

Mr. Gordon presented anevaluation of their first course. Thetask was re-training over 500telecommunication engineers. Thishad traditionally been done in an 8-day classroom program. Theyreplaced that with eight 2-houraudio-graphic sessions, each



separated by a week forasynchronous assignments andonline testing. Classes were 22students and 2 instructors, and thematerial was advanced and at thecollege level. The topics included:

1. Standards: OSI, IEEE, andITU

2. LAN/WAN: Client Server3. TCP/IP4. Internet, WWW and

Intranet5. ISDN: PRI, BRI, and

Broadband6. ATM, FDDI, and Frame

Relay7. Video8. Wireless, Cellular, and PCS

They found the class wascompressed—there was no fluff orpadding which may occur in a fixed-length class in a classroom.Instructor platform time wasreduced by 75 percent. They savedsending people to a training centerfor 8 days. (Interviews indicatedthat the workers worked extra hourson session days to make up the timelost rather than accomplishing less).The savings for each class of 22students with two instructors were:

Savings

Travel/Lodging$3,155 x 24

$75,720

Field Productivity$1,650 x 22

$36,300

Expense

Telephonecharges: 1,080minutes x 24 x.265

$6,869

This results in a return oninvestment in hardware, software,development time and presentationtime of over 50 percent. (Theinstructors re-purposed theirclassroom materials, anddevelopment costs are not includedhere).

They carefully analyzedanticipated loads before starting, sothe training application did notswamp their network.Pedagogically, they found thatfrequent student interaction isimportant, people in their officesmust be able to make the space andavoid unscheduled interruptions, andstudents liked the time betweensessions to solidify knowledge.

Subsequent to this evaluation,they replaced Databeam'sconferencing server with theirlearning server, and went to Java ona thin client. The learning servergives them an explicit participantlist, live questions and answers, andstudent "hand raising." They havealso implemented recording andplayback so a lesson can be recordedby the user, and purchased their ownaudio bridge to save the telephonecharges.

Multicast Grows Up

Moderator: Jeff Kunst,Newbridge Networks

This session featured threespeakers, Martin Hall, RodMurchison, and Mike Galli. Theyupdated the audience on the state ofthe IP Multicasting, which they feelis ready to move out of research anddevelopment and be deployed on theInternet and intranets.

Martin Hall, StardustForums

Mr. Hall's company, StardustForums, is the organizer of the IPMulticast Initiative (IMI), an 18-month old group of users andvendors working on standards andmulticast promulgation. He notedthat audience sizes at hispresentations have grown steadilysince he began making thesepresentations when the Initiative wasformed.

Mr. Hall discussed IP MulticastBackground and technology and itscurrent business and technicalstatus. He also described the IMI.

Multicasting is useful if youhave material—perhaps an audio orvideo stream—that you wish manypeople to receive simultaneously. Itis the Internet Engineering TaskForce (IETF) standard for multi-point communication. It wasinvented ten years ago by SteveDeering at Xerox Palo AltoResearch Center, and is often usedto cover events in the researchcommunity. (Deering is now atCisco Systems.) The protocols,which matured within the researchenvironment, and are now beingimplemented commercially.

Multicast is designed forefficiency in transmitting a messagefrom one source server to multiplereceiving clients:

Unicast one sender, onereceiver (the typicalInternet mode)

Broadcast one sender,everyone receives



Multicast one sender, “tuned-in” group ofreceivers

The goal is never to send morethan one copy of the same dataacross the network.

The client computer initiates thetransaction that tells its local routerto tune into a particular multicaststream. Clients can join and leavegroups at will using the IGMPprotocol. Therefore, to multicast,routers must support the InternetGroup Management Protocol(IGMP) and multicast routing.Routers and switches that do notsupport these functions may beupgradable.

Multicast traffic is only routedto destination networks which haveat least one client tuned into theparticular multicast address, therebyreducing load on the server andnetwork traffic. Where you mayneed a group or "farm" of servers tosupport a large number ofsimultaneous users in a unicastenvironment, one server may sufficein a multicast environment.

When the multicast initiativebegan 18 months ago, there wasalready a good deal of support inhardware—routers, switches, etc.—and it is also now supported inoperating systems. Streaming audioand video application software likethat of RealNetworks and Microsoftnow also support multicasting.

Congestion and bandwidthscarcity are always issues on theInternet. If you have a T1connection, you can only support 55concurrent users at modemconnections. With multicast, a

single stream would fan out to reachall tuned clients.

The Internet is increasinglygoing to be driven by content.AOL, Netscape and others arebecoming media companies.Reaching large audiences is key toadvertising-supported services, sowe need the efficiency ofmulticasting. (AOL has a largeraudience today than MTV).

Multicasting offers a value-added service opportunity for ISPs.They can provide multicast serviceto customers, either on proprietaryextranets or the Internet. UUNet isoffering such a service now.

This is only the start of demandfor multicast-compatibleapplications. As high-speed last-mile solutions like xDSL and cablemodems become widely available,such applications will proliferaterapidly. High-speed wireless—whether terrestrial or satellite—willalso facilitate these applications.Networks are at capacity today butnew investment is occurring rapidly.

The IMI has around 80 membercompanies. These include leadinghardware and software vendors,users, ISPs, and cable, satellite, andtelecommunication companies. Itsgoal is to facilitate broaderdeployment of multicast on theInternet and within corporateintranets.

The IMI organizes technicalprograms and provides technicalresources for the members. Theyare seeing much more deploymentthis year than in the past, so thereare now a series of deploymentprograms and training sessions.They have materials such as adeployment guide (which is available

on request). They also run anInternet server to keep help vendorsand users find each other in themarketplace. From June 1-5, 1998,IMI will run the first of what theyplan to be an ongoing series ofinteroperability tests.

Multicast has moved fromresearch, to commercial products,and now to deployment. It isnecessary if we are to support audioand video on the Net of the future.For more information, see:

http://www.stardust.comhttp://www.ipmulitcast.com

Rod MurchisonMulticast Product Manager,Newbridge Networks

Murchison talked aboutdeployment considerations andissues, and concluded with mentionof capability we can look forward toin the future.

Before deploying IP Multicast,you need to study all aspects of yournetwork and applications. Forexample, if many users need onlinetraining, multicast should beconsidered. You need support inyour hosts and routers for multicast.If you have to upgrade hardware, itwill be costly, so you shouldconsider the cost/benefit carefully.

IGMP allows a client to tell itsrouter and other hosts on the LANwhich stream it is receiving,therefore all hosts and routers mustsupport IGMP. There are threeversions of IGMP

i In version 1, hosts left groupsby not renewing membership,which meant high overhead.



i In version 2, one stays tuneduntil a termination command isexecuted, significantly cuttingbandwidth requirements.

i IGMP version 3 is an IETFdraft at present, and it will allowmultiple senders and receivers,for example, for a multi-personconference.

One major concern is thebroadcast of packets to all peerhosts on a LAN even if only one istuned to a multicast stream. Thismay place a significant burden onthe network interface cards andprocessors of hosts which are notreceiving the stream. (They mustdecide to discard the extraneouspackets). This will always be thecase if you connect hosts to a hub ormost switches.

Some modern switches, though,now do multicast containment, toeliminate this problem. The switch"listens" to IGMP messages, andacts appropriately. Your hardwaremay have to be replaced or upgradedto do this, and you should definitelylook into this if you plan high bit-rate applications.

Murchison also summarized thefour multicast routing protocolswhich are now in use, and thefactors to consider in selectingamong them. One factor to considerwould be the percentage of clients ona network that frequently receive thesame material. Networkconfiguration is also important inchoosing the appropriate protocol.If one server is a common source formost programming, you would tendto different a different protocol thanif there were many. Protocolselection is an important deploymentdecision—you should consider the

distribution of typical senders andreceivers.

Multicast will work well withhigh-speed routers and ATM in thefuture, and selectable quality ofservice will be available.Encryption and authentication willalso be available, so you can protectsensitive material and limit access.Directory-based usage monitoringand billing are also being worked on.

Mike GalliDirector of MarketingOptivision

Optivision has traditionallyworked on MPEG broadcast, but isnow working on enterprise networks.Mr. Galli mentioned a number ofthings which remain to be done:

• Optivision sells videoencoders which can generatemulticast MPEG streams,but more development isstill needed on servers andclients (the deployment ofIGMP version 2).

• Analog broadcast usersmust learn new skills andbecome concerned with thesort of network design andprotocol selection issuesdiscussed by Murchison.

• User-friendly clientsoftware, which makes thecomputer look more like aTV with a VCR is needed.

• ISPs want relativelyuniform traffic throughoutthe week, whereas multicasttraffic peaks and drops off.

• Tools are needed formanaging content andkeeping track of where it isstored and in what format.

Mr. Galli assured the audience thatwork is underway in each of theseareas.

Extranet War Stories

John Kay, ChryslerAs manager of electronic

commerce for Chrysler, Mr. Kay isresponsible for communications withsuppliers, including EDI, email, thecompany’s extranet, and any othertechnologies suppliers want toadopt. The extranet—www.spin.chrysler.com —can beaccessed by the 12,000 suppliersthat have a business relationshipwith Chrysler by using theirpassword and user name.

Chrysler’s EDI arrangement,which includes 17 transaction sets,is the best in the industry becausethe company has taken a proactivestance to get all suppliers online.Use of it has virtually eliminatedmost other forms of communicationrequired to do business withChrysler.

Although EDI has beensuccessful, Chrysler does not have100 percent participation, especiallyby smaller suppliers, because EDI isexpensive. Thus, Chrysler isintroducing EDI over the Web. Ithas 2,500 non-production suppliersonline, it is trying for another 4,000via the Web.

The company has 45,000 userson Lotus Notes, generating lots ofonline communication. Chrysler raninto a few problems with Notes. Onewas cultural—not copying others onsubmissions. Externally, an issuewas unsecured communications.Furthermore, there is a limitation tothe size of attachments. Finally, itwould be desirable if industry emailaddresses were stored in one



directory. At the moment, they arenot.

Chrysler’s extranet started in1993 and used proprietary software.More recently, the company movedto Web technology. Some 5,000suppliers are now online, with14,000 user IDs. The extranetcontains 45 applications—a mere 10percent of their goal. Ten of theapplications are mainframe-basedand the other 35 are Web-based,where the users ask questions orseek information.

Typical queries include, “Whenwill I be paid?” “What informationdo you have on X.” “What is yourpolicy on Y?” And so on.

When initiating the extranet,Chrysler asked for input fromvarious departments—legal, audit,patents, corporate communications,and IS. It was a bit tedious, but Mr.Kay discovered that thesedepartments were only interested insetting policy at the outset. They hadno interest in monitoring the site.Asking for their input at verybeginning got his group off to agood relationship with thesedepartments because it showed hewas concerned with corporatepolicy. Then they let him build thesite his way.

His e-commerce groupapproached management of the siteconstruction by saying, “Here’s agreat opportunity to communicate toexternal users. Management boughtthe idea and provided the funding.However, over time, unless thebusiness benefits are continuallyemphasized, they see it only as an ITproject, not a business project. Itwas imperative to continuallydemonstrate all the business uses ofthe site." In fact, Kay’s group evencreated presentations, cost/benefitanalyses, and pamphlets to sway

employees to get behind thetechnologies so they couldcommunicate with suppliers on anequal basis.

Mr. Kay discovered that the beststrategy for working with end userswas to ask what they wantedonline—rather than ask what theythought dealers or suppliers shouldhave. By asking about their ownneeds, he got support for futureapplications.

As you understand youraudience, said Mr. Kay, be aware ofthe hardware and software theyhave. Also realize that some usersare techno savvy, while others arenot. Keep your site simple—at thelowest common denominator—because you never know whatknowledge or equipment the userhas. For example, only support Webbrowsers after they are inproduction. You do not want yoursuppliers to be beta testers. Also, donot include Java applets that cannotgo through a firewall.

Over the past four years,Chrysler has learned that theextranet needs to keep changing, tokeep up with the fast-paced world oftoday. Their security wasshoehorned into the extranet fromthe mainframe applications. Thesign-up process was laborious,requiring some 15 pieces of data.They learned this was not tenable forWeb users because many suppliers,governments, state senators,distributors, and others want arelationship with Chrysler.Registering them and keeping thesecurity data up-to-date wasponderous. Chrysler is thereforetying to move security on to thesuppliers to manage themselves.

In addition, Chrysler has learnedthat its extranet has numerousredundancies with Ford and GM.

For instance, users must rememberthree of everything. An industryaction group is therefore creating acommon user ID so as to unburdenend users. The industry group is alsoexperimenting with certificates toauthenticate and authorize users.

Watch traffic at your own site tosee what’s hot. Then try to figureout what else users might want tosee, advises Mr. Kay. One goal atChrysler is to find out what users doafter visiting the first page. If youget 1000 hits/day on the home page,but 30K on other pages, your site isdoing something right.

Chrysler’s first extranet sitelacked luster, so it was redesignedby categorizing applications bybusiness area, for easier use. Theleft side of each screen lists thegeneral areas, such as purchasing,sales and marketing, and so on.

Chrysler discovered that usersmisinterpret information they find onthe site, so training is important.Training also pushes responsibilityto end users, which is important.Chrysler’s goal is to have moreexternal than internal users by theend of 1998.

They also learned to have first-time user pages. These give anoverview of each application and theuser’s responsibility for each one. Inaddition, the user manual is online,along with a contact list ofapplication owners. But Chryslerencourages self-help, embedding hotlinks to help pages.

The Big Three automakers arerealizing they need to help eachother on the administrative aspectsof managing their extranets. Forinstance, they are thinking that thesites should look somewhat similar,so that users only need to learn oneinterface. They plan to use the same



help keys, always have the samecontact list in the lower left, and soon. They want to reduce the burdenon users to interact with them.

The Big Three are also workingon an industry-wide email directoryand creating an electronic commerceyellow pages, which will contain thebusiness requirements of conductingbusiness online with eachcompany—how they handle email,attachments, and so on..

Managing an extranet is likedriving at 80 mph. Things come andgo pretty quickly and you have tostay on the ball. Web strategychanges every 90 days. Furthermore,applications pop up quickly. If theinfrastructure is not in place to putthem up rapidly, you have problems.In addition, when you launch a newapplication, you will have users whoaccess it that same day. You need tobe ready. Before the Web, peoplelaunched applications without 100percent quality. That does not workwith an extranet.

Currently, Chrysler isconcentrating on linking internal andexternal users, reducing complexity,finding more applications forexternal users, and adopting industrystandards.

Dave Leonard, CorporateExpress

Corporate Express, which wasfounded in 1986, is the world’slargest supplier of non-productioncorporate supplies and services. Itsells office supplies, furniture, basicsoftware and computers, janitorialsupplies, and such. It is commodity-and service-driven with sales of $4billion, over 500 locations, and 80distribution centers in 11 countries.It has 28,000 employees and 10,000delivery vehicles. Technological

change has helped sustain its growthand customer ease of access.

Corporate Express’ technologyobjective is to improve the supplychain of the non-production goodsindustry, making it very efficient.Since this is a commodity business,competitors cannot differentiatethemselves on products, so theydifferentiate themselves on service.The goal is to create customizedsolutions for every customer.

The company’s role is to shieldcorporate customers from thecomplexities of dealing with manyvendors of non-production goods. Itis expensive for corporations to dealwith 6,000 suppliers. It is muchmore efficient to deal with 15, orone. Corporate Express owns a largenumber of companies, so it caninclude all, or most, orders underone invoice. It also has relationshipswith other companies, to also ease acustomer’s ordering process. Forone car company, CorporateExpress was able to reduce thenumber of suppliers from 1,600 to50.

Customer-facing technologies.

Corporate Express custom-builtan electronic infrastructure to makethe company more efficient. It usesthis infrastructure to take orders,serve customers, plan deliveries, andcontrol reporting and finance. Theinfrastructure has progressedthrough four technologies: EDIcustomer-premise catalogs, theInternet, and virtual privatenetworks.

EDI.

If a customer has an EDI orstorefront management or ERPsystem, Corporate Express canaccept their applications in any EDIformat. They have several Internetcapture systems to capture orders.

On the back end, they source orderto suppliers, such as a company thatsells hammers. In essence, they actas the procurement switch.

Once it has been set up, EDI isoperationally very stable. But sinceCorporate Express tries to fill ordersthe same day for next day delivery,EDI does not meet its needs becauseit uses store-and-forwardtechnology. In addition, CorporateExpress owns all the problems withEDI.

So the company’s extranetstarted with EDI via a value-addednetwork. The company has 150 EDIusers and is receiving over onemillion EDI-based orders a year.

Customer-premise catalogs.

The company then installedcatalogs on customers’ computers(AS/400s to PCs) and a network linkto transmit orders. The company has850 customer premise catalogs andis receiving 250,000 orders a yearvia this route. But this method ofordering is not increasing fast.

Catalogs are stable andcustomers love the functionality, butthey are difficult to implement. Youhave to install them in thecustomer’s site and they are notscalable. Data management is alsodifficult because updates must bedone at each site, and catalog priceschange often. As with EDI,Corporate Express must fix everyproblem, even when the problem iswith the customer’s NT server.

The Internet.

The company then created anextranet for Internet-based ordering.The company currently has 600corporate customers ordering via theInternet, and it is receiving 300,000Internet orders a year. But this



method of ordering is increasingquickly.

Internet ordering is a greatsuccess. Customers love thefunctionality, and data managementis easy. However, it can betechnically difficult to implement. Itrequires 24/7 availability andCorporate Express still owns everyproblem—even if the problem is,say, due to an outdated firewall atthe customer’s site.

Virtual private networks.

The future is Internet tunneling,extending the company’s intranet tocustomers via encrypted and virtualprivate networks. The company willthen be able to pump orders directlyinto its ordering system. But it hasonly experimented with tunnelingwith two customers and has receivedonly two orders. The company hasdiscovered that every time the proxyserver was changed, theyencountered problems. So thecompany still seems to own all theproblems. But, this technology holdsgreat promise.

Don Wilde, Soligen

Soligen is a $6 million companythat makes functional metal castingsin days (rather than weeks) foralmost any size or metal alloy. Theymake complex metal parts for autosuppliers and tire companies. Theirniche is rapid manufacturing—supplying faster parts or better partsat lower total production costs. Theyaccept a 3D CAD file and return afinished part in two weeks, even if itis very complex. Engineers use thisservice to quickly get a part fortesting. Then they redesign it, ordera new version and test it. And so itgoes through many iterations.

The company started six yearsago in a garage where six engineersdesigned a machine to build ceramicmolds layer by layer, fire them, thentake them to a foundry to make asand casting mold from which theparts could be cast.

They took their proprietarytechnology and broadcast it throughthe Internet to connect with suppliersand customers. They have thuscreated an extranet for gettingrequests and giving quotes, on aworldwide basis. The customerportions of the extranet arepassword protected. The companyalso has part of the site forinvestors.

The company receives ordersfrom companies where the engineersdo not speak English. They onlyknow the correct numbers to pluginto Soligen’s site.

Soligen learned that when youdeal with large companies, you must“be there” to talk to them. The goalsof the extranet were therefore tofurther Soligen’s business withFortune 1000 companies, to allowmore people to do business withSoligen, and to integrate theirelectronic CAD with customerdesign centers in other parts of theworld.

Mr. Wilde believes that theInternet has everything now. He canhave one corporate site andnumerous design sites, all of whichinteract over the Internet, giving hima global presence.

Building the extranet withfreeware.

Soligen created an internalordering system in 1995. Customersdid not want not use it thoughbecause they did not want to load hissystem onto their computers. So Mr.

Wilde pulled back and went to theWeb.

The first generation Web sitewas designed by an externalcontractor. It was introduced at the1995 Autofact show. Then Mr.Wilde became the company’s full-time IS department. The second-generation site had three times thefunctionality. It not only allowedcustomers talk to Soligen, but theycould request quotes, and receivequotes back through the Internet,with email and fax confirmation.

The system has grown from PCbased to Berkeley UNIX—which isfree. Mr. Wilde uses stable release 4of Internet BSD UNIX. Everythingon the site is based on freeware—theApache Web server, the networkdrivers, the Web browsers, thegraphics manipulation tools, and soon.

“There is nothing wrong withfreeware,” says Mr. Wilde, “sodon’t be afraid of it.” One-half theservers on the Internet use Apache,incidentally. Yahoo is based onBSD. And the entire DNS systemthat routes connections is freeware.So everyone is already dependent onit when they use the Internet.

Mr. Wilde had to have a systemthat did not crash because all hisproduction work runs through thesite. So he prefers freeware,because, he says, Berkeley UNIX isvery stable. It does not crash.Windows NT and Novell cost more,they require more engineers, andthey crash.

Since they were a smallcompany, they did not want to investcapital in the extranet. So theycreated it by spending only$150,000, which went mainly for thecontractors who built the firstgeneration site and the two



programmers who worked on it part-time.

Freeware allows Mr. Wilde towork on such a lean budget becausethe Internet is his help desk.Whenever he hits a glitch, hebroadcasts it on the Net and one ofthe original developers of thesoftware in question generallyresponds within several hours withfixes. “Contrast this with trying toget something out of a majorsoftware company,” he says. Whenyou deal with corporate proprietarysolutions, you will not get it fixed ifit is not within their limits. Withfreeware on the Internet, theopposite is true.

Since Soligen’s customers arelarge companies, it must work theirway. Much freeware works and itcosts less to build and maintain. ButMr. Wilde has to spend timefiguring out the differences betweenthe proprietary systems thesecustomers use and the freeware heuses. Since he has source code forall the packages, this is easier.Furthermore, the Internet-baseddevelopers share their answers.

Mr. Wilde builds to industrystandards, not to the latest buzzproduct. JavaScript is a problem, sohe does not use it. New browsers area problem, so he does not use them.Not everyone has Communicator4.05. Many people stay with whatthey have because it works. Mr.Wilde also does not use specialtechnologies. He stays with HTML3.2 and his server generates pagesdynamically via Perl. As a result, hedoes not have problems. Everythingworks.

Mr. Wilde believes that freewareallows taking a small company tobeing a larger company.

ISPs as Enterprise Partnersfor VPNs and RemoteAccess

Brian Barton, CabletronSystems

Virtual Private Networks(VPNs) are at the forefront ofpeople’s thinking these days. Amajor question is: What role willISPs have? These four presentationsdeal with:

• The underlying technology,standards, and protocols

• The hardware/software fordeploying a VPN

• Information management forVPNs

• Going forward with VPNs

Rob Redford, CiscoSystems

An IP VPN is a way of gettingprivate IP over a publicinfrastructure. Getting IP to yoursite may occur over the Internet,over a private network, or a privateIP infrastructure. Once you get it,you can extend your intranet toencompass remote users—called aWAN intranet—orcustomers/suppliers, also called anextranet.

Three fundamental requirementsneed to be met:

• Privacy. You need a way tocommunicate privately withthe your customers.

• Predictable performance.Some applications, such asemail and store-and-forwardapplication, do not requirespecific performancecharacteristics. But others,like video conferencing, do.The goal is for IP to

recognize an application andclassify it properly.

• Policy. A policy-basednetwork means the ability todistinguish the differenttypes of traffic on thenetwork (such as theimportance of each type). Apolicy designates certaintraffic as high priority andother as lower priority. Thegoal is to have the networkrecognize this and transmitit appropriately.

Dial-based VPNs

The most common IP VPN isdial-based. These are mainly forsingle-user temporal-basedconnections. The two ways to buildIP VPNs are via client-based tunnelsor network access server-based(NAS) tunnels. The client-basedtunnel starts on the client’s PC. Itdials into the network and creates atunnel to the company intranet. Thistunnel is built on the PC. A NAS-initiated tunnel is built by the serviceprovider rather than the client. Inidentifying himself in a certain wayto the ISP, the ISP realizes it needsto create the tunnel for that client.

Client-based VPN.

Here, a client runs a piece ofsoftware, such as IPSec, whichtunnels through the Internet (or anypublic infrastructure), terminatingon a firewall. Privacy is maintainedbecause everyone creates his or herown tunnel. IPSec is an openstandard that establishes theparameters that let two sitescommunicate securely. It uses suchmechanisms as encryption, digitalcertificates, and deviceauthentication.

Four of the main issues are:



• Header information. Thisdescribes everything elsegoing on within theencapsulation. Two methodsof specifying headerinformation are via anauthentication header or anencapsulating securitypayloader (ESP). These areessentially the same—theymake the communicationprivate—but ESP also hideswho you are. Anotherperson cannot tell theendpoints of thecommunication.

• Key exchange. IPSec isbased on a public keyencryption mechanism, so ifyou have someone else’spublic key, you can sendthem data, and only they canopen the message using theirprivate key. The problem isthat you have to know whothe other person really is.Key exchange uses digitalcertificates to exchangepublic keys, and thengenerates a unique sessionkey for just your session.

• Modes. There are severalmechanisms for encryptingthe data, such as DES,Triple DES, amd RC4.IPSec does not care whichyou choose. It simplynegotiates between the twosites.

NAS-initiated VPN

A NAS-initiated VPN—createdby the ISP on the network accessserver—uses two basic protocols:L2F (Layer 2 Forwarding) andL2TP (Layer 2 Tunneling Protocol).Cisco invented L2F; Microsoftinvented PPTP. Both do the samethings, so the indsutry got together

and created L2TP, a combination ofboth.

When you dial in, you areauthenticated at the user site, thetunnel is then created on the server.There are two important pointsabout this structure. One is that thesecurity server is on the corporateintranet, so the enterprise canmaintain all this information,keeping control of it, which theymay wish to do. The other point isthat the remote user is only beingidentified (perhaps based on domain,calling number, or called number),not authenticated. Authenticationtakes place afterward.

Value add is the reason to takethis route. One advantage is that theenterprise does not need to manageall the IPSec software on all theclients. Also, since the serviceprovider is creating the tunnel, theyhave visibility into the tunnel andcan provide more value addedservices, such as premium services.

For example, they can route youto a premium tunnel, or make sure acertain number of dial ports areavailable. Or they could restrict thenumber of dial ports available to youand offer them as a very inexpensivedial-in service. They can alsosupport private addresses.

Dedicated VPN connections.

These connections arepermanently on and are typically formultiple users, such as remoteoffices or supplier firms. It giveshigher performance and capacity.

There are three ways to buildthese dedicated connections: with IPtunnels, virtual circuits, and VPN-aware networks.

IP tunnels. An IP tunneltraverses an IP network using asecurity appliance or a router using

a protocol. Dedicated networks canbe build using IPSec, creatingpermanent tunnels rather than dial-up ones.

Virtual circuits. The secondmethod to build a VPN is to create avirtual circuit network and then puta router underneath a frame relay orATM connection. Although mostpeople do not think of this as aVPN, it meets the definition. Thepublic portion is the frame relay orATM connection; the private portionis the router, which the ISP can thenmanage it. Privacy is beingmaintained by the virtual circuitsunder the router.

Generic Router Encapsulation(GRE) tunnels let you put IP packetsinside another IP packet to send itacross a network. This allows you tohide address spaces and hide routingprotocols. In fact, an GRE tunnellooks like a point-to-pointconnection, and therefore getprivacy. This is the standard way anISP would build a VPN because it iseasy to do with an IP infrastructure.

With a frame relay or cell relaynetwork, an ISP can create a VPNby putting a router at the end of theconnections, managing the routersand supply IP to the user. Theadvantage is that the ISP does notneed to encrypt to create privacy.

VPN-aware networks. A newway to build them is VPN-awareprivate networks. Here, the networkitself is aware of VPNs andmanipulates them as part of thenetwork fabric itself. This isimportant for an ISP.

When you are tunneling, the ISPcannot see the VPN. But an ISPneeds to be able to see a VPN inorder to add value to it. So this is thedistinction in this new type ofnetwork. There is a lot of talk about



QoS. The only reason you need QoSis to implement your policies.Different data has different valueand you want the ISP to handle itthat way.

Getting differentiated servicesrequires being able to have themdelivered privately. This is whatISPs are aiming to do. A VPN-aware network is a connectionlessnetwork, like your own privateInternet. it is not a point-to-pointnetwork. It also works much thesame as a WAN, so it is easy tomigrate to.

To really be efficient, the VPNhas to built into the infrastructure sothat all of the services can bedelivered privately in a scalableway.

For more information, pleasesee: http://www.cisco.com/vpn

Kurt Bauer, AscendCommunications

Deploying a VPN over theInternet: the hardware and softwareview. There are three types of VPN:

• Enterprise tunnels (eitherclear channel of securechannels)

• Frame relay and ATMVPNs (not IP but uses VPNconcepts within the serviceprovider infrastructure todeliver high value

• IP-based VPNs, a super setof Internet-based VPNs,designed to embrace framerelay and ATM to leveragethe public and private IPsectors in the market today,as well as create privaterouting domains anddelivery quality of service.

The first tunneling protocol wasATMP (Ascend Tunnel

Management Protocol). It is a layer3 protocol, which is a GRE-typeprotocol so it can deliver IP andIPX. With ATMP there is theconcept of a foreign agent—the nodewith dedicated bandwidth from aregional site or is the dial-intermination. A home agent canreside in an enterprise, and be undertheir control.

ATMP has been deployed in twoways. One is router mode, whereonce a connection has been initiatedfrom a regional office—dial ordedicated—the session is terminatedand translated into a set of IPpackets, creating connectivity to thehome agent. This is how theyestablish simple VPNs via GRE,with inherent security. Typically,router mode is used by enterprises,for intranet/Internet/extranetapplications.

The second option is gatewaymode, which has a slightly differenttopology. Here, the home agent ismoved from the enterprise into theISP infrastructure, so they arecontrolling the home agent. Thehome agent can thus switch thetraffic over frame relay or X.25 dialleased lines. The gateway mode isused primarily by ISPs to delivermulti-protocol VPN types ofservices to enterprise clients or forporthole sailing, to create very largesubordinate networks from whichother providers can buy services.

While all protocols seem to beconverging into the L2TP protocol,it is important to understand how itcompares with ATMP. Thecomponent of a network accessswitch (NAS) are LNS and LACmay be placed in different places. IfNAS is within the serviceinfrastructure. When the call comesin, whereas ATMP terminates thesession, L2TP encapsulates the

session to forward it through thenetwork. A tunnel is created.

When the LNS is placed in theservice infrastructure, the ISP canmanage all the addressing. If it is inthe enterprise, the customer dictatesthe addressing to be used. These areall important considerations fornetwork design.

The clear advantages of L2TP isthe consolidation toward it from allvendors because it allows multi-vendor interoperability.Encapsulation allows supportingmultiple protocols (although it addsoverhead). There are also inherentcongestion control mechanisms builtin, and there is tunnel authorizationnot just user authentication. Itsupports Network AddressTranslation, and can add gatewaymode possibilities, making it moreflexible. Most importantly, there isbuilt-in extension to support IPSec.

IPSec deployments so far haveconcentrated on the enterprise,creating secure tunnel environmentsoriginating within enterprises.However, there is huge growthopportunities for enterprises to leanon ISPs to provide secure services.

But several issues need to beresolved first. One is multi-vendorinteroperability. In IPSec, this is notas common as it will be within sixmonths. Progress is being made.Another issue is dynamic keymanagement. Many multi-vnedorimplementations of IPSec orienttoward static keys, which do notscale well. The third issue is thenumber of CPU cycles consumed increating secure tunnels usingdynamic key management. A greatdeal of scaling needs to happen, toscale up from enterprises to ISPs.

ISPs are expanding theirInternet VPN offerings. Most of



them are happening outside the U.S.today. But it is a short hop to retreadcorporate networks (as companiesdid from X.25 to X.75) to makethem Internet-based. It is wellunderstood outside the U.S. andthere is rapid growth within the U.S.

Most VPN implementations areaimed at offering value-addedservices. So they are being used foroutsourcing and systems integrationopportunities. There are manysuccess stories about broadeningservices in this arena. It is a naturalleap to get into new business areas.

Pilot projects are the norm forenterprise work in this area;although a few are “going for broke”and assuming their networks will bebuilt on VPN technologies. Thefuture is not wholesale changeoverto ISP-run networks, but ratherhybrid VPNs in certain regions, withspecialized services offered. Thehybrid approach is the most prudentapproach.

David Kamm, CabletronSystems

Information management forVPNs. The relevant issues: arenetwork management for dial VPNs,LAN-to-LAN VPNs, and extranets(which actually may be a subset ofthe other two).

The following information isneeded by a service providerdepending on which VPN modelthey offer:

• Phone book services,especially for dial VPN.Enterprises have thousandsof users, who have point-of-access numbers that need tobe maintained anddistributed via phone books.Much of this is in placetoday, but as dial VPN

becomes more prevalent, itwill be a larger hurdle.

• Connection and tunnelstatistics for dial VPN.These are needed by ISPs todo adequate billing. Thisdata is important if theirrevenues are based on whois connecting and for howlong. ISPs might possiblyalso need authenticationinformation; a subset of itmight be held by the serviceprovider.

• Metrics to support servicelevel agreement audits.Customers may questionservice. ISPs need totherefore collect connectionsuccess rates for VPNs,connection bandwidth, andother such data.

• Management of encryptionparameters. This isespecially true if clientstrust you with encryptionkey management, as well asset-up and tear-down ofencrypted tunnels.

• Cross ISP charging,especially in theinternational coverage,where there could besettlements between ISPs.This is more prevalent indial-up VPNs.

The following information isneeded by enterprises for managingtheir VPN connections:

• End user policies,authentication informationand encryption parameters.Most enterprises are goingto want to retain controlover this information. IfISPs have indeed offloadedthis work, then they cancharge to take it over.

• Update and distribution ofphone book styleinformation for dial VPN.This could be a sharedresponsibility, or totallyoffloaded to a serviceprovider, at least formanagement.

• Connection and tunnelstatistics for both directdial and tunneledconnections. Hybrid remoteaccess is occurring, wheretraditional dialed remoteaccess with some collectedaccounting data is beingmigrated to a VPNenvironment where there arelogical PPP sessions. Itwould be nice to managethis seamlessly and with asingle user interface.

• Accounting information fordepartmental chargebacks.

• SLA metrics, to ensure thatthe enterprise is getting theservices contracted for.

If you compare what ISPs andenterprises need to know about dialVPNs vs. LAN-to-LAN VPNs, dialVP is more complicated. The mainissues deal with whether companiesare worried about authentication,initiating the tunnel, seeing tunnels,collecting tunnel statistics, andencryption.

There are a number of kinds ofequipment used to house informationabout networks. These include

• Connection managementsystems—They all haveseparate pieces of thepuzzle, and because they areisolated from one another, itis difficult to get an overallview. Most need extensionsto handle tunnelinformation.



• Directory servers—In theremote access environment,enterprises want integrationinto the back-end systemsfor authentication and policywork in the dial VPN arena.

• Firewalls—of the firewallsaugmented with encryptionand tunneling, theCheckpoint product is themost visible today.

• Client-end systems—Windows (used by 90percent of end users) needsVPN extensions, mostnotably the BaseCampinitiative. There are alsothird-party VPN products.

• Dedicated VPN devices—These are the most recententrees. They combine all ofthe above, integratingfirewall, routing, remoteaccess, etc.

Integrating traditional and dialVPN access information intocohesive management systems is achallenge. People are interested inmigrating to VPN technologies.They want an evolutionaryapproach, not a revolutionaryapproach. So we are hoping to see acommon management environmentto see dedicated WAN managementalong with tunneled (dial-up ordedicated) VPN WAN management.

We will see monitoring ofSLAs, tracking what metrics areavailable. Not all SLAs will havereadily available metrics and rawdata.

Tunneling adds complexity totroubleshooting, because there is justa logical connection not the physicalconnection as in most PPPconnections. This could lead to morefingerpointing among serviceproviders. Expect to see traditional

network management systems—suchas OpenView—be enhanced withVPN management capabilities.There will also be sharedmanagement devices which give theenterprise manager visibility intosome parts and the ISP managervisibility into other parts.

We will see MIBs in support oftunneling and VPNs. In fact, there isa draft L2TV MIB in existence. Thesooner this happens, the better,because you can import those MIBsinto standard NMS tools and havevisibility and accessibility intomulti-vendor VPN environments.Hardware vendors and VPN vendorsare going to partner to haveofferings.

Information management in aVPN environment is new andchallenging, for ISP providers aswell as enterprise network managers.Today’s information repositoriesneed extensions and betterintegration among them. We will seethis as VPNs merge intomainstream. It is a fertileenvironment for ISPs.

If you can manage the VPNenvironment, you will have a leg upon competitors. In fact, you couldeven manage your customers’infrastructures.

Joyce Hervey, 3ComCorporation

Success factors in takingadvantage of all this technology.ISPs first need to ask themselveswhat kinds of classes they will offer.Enterprise customers want to be ableto prioritize the level of service theywill get for each kind of traffic viapolicy management. Thus, servicelevel guarantees need to takeadvantage of policy managementand prioritize kinds of traffic.Service guarantees need to go

beyond network availability toprovide value added.

Enterprise customers are lookingfor network management tools thatact as if they were operating thenetwork themselves. They want theirown workstation and they want tomonitor what you are doing forthem. They want live traffic data, sothat they can see the number ofusers, the tunnels, and the amount oftraffic throughput, so that they canhelp manage the SLAs themselves.They add value themselves bydemonstrating that they are actuallymanaging the vendors. So a CIO,when outsourcing their network,wants to know what kinds of hooksare in the tools and how those can bemanaged. The successful ISPs willhave these.

Enterprise customers also wanta valuable reporting structure thathooks into the service levelagreement and guarantee. This is thesame thing that happened with framerelay eight years ago. ISPs need toinclude this information to besuccessful.

Enterprise customers wantscalability and shared control in thesecurity arena. They do not want toendure a lengthy period of time todisconnect an employee when theyleave the company. They want toknow how soon they can turn off aconnection. A huge value add isallowing an enterprise customer toterminate a specific user’s ID, andother appropriate access, themoment that employee leaves thecompany. Enterprise customers alsowant the ability to create ademilitarized zone, as well as doquick adds and changes.

Billing settlement factors hasbecome a sticky area. ISPs will havegreat success if they create eitherVPN billing settlement agreements



or partnership agreements with otherISPs—and ensure that thosepartners give the same level ofguarantee as you.

Enterprise customers need tomake sure that when providing theirusers with worldwide coverage, andfor extranets and electroniccommerce, that the network serviceproviders have agreements in place.Customer want to be able to initiatea call anywhere in the world andknow that the company applicationswill be available. This is the samething that happened with X.25 withX.75 gateways, or more recently,with cellular phones—whereroaming agreements wereestablished so the users could callfrom anywhere. Prices may beoutrageous, but the agreements doexist.

VPNs appear complicated to alot of enterprise customers. Theywant to know how to tie in all thenew kinds of equipment. ISPs are ina good competitive postion if theycan quickly arrange a bundledoffering that not only includes thecustomer premise equipment butalso system integration and networkmanagement. To outsource,enterprise users want acomprehensive offering.

When going to a VPN, it turnsout that some applications need to bechanged at the customer premisesbecause there are changes in suchthings as latency. If network serviceproviders (NSP) can offer systemsintegration and value added services,they have a huge value propositionto offer customers. And it is anextremely high-margin business.Enterprise customers need this kindof help to get their systems installedbecause they have downsized theirorganization.

Industry success factors includeusing standard space platforms andinteroperability among vendors. Tohelp propel the technology forward,there is a move in the industry tohave a VPN forum comprised oftechnology and enterprise leaders,not unlike what happened in theframe relay arena.

To be successful, enterprisesneed to understand a technology aswell as their applications and thebenefits of the technology. Once theyunderstand these, they are in anattractive position to ask theappropriate questions of vendors.Enterprise staff will have to askdetailed questions of ISPs aboutQoS, hooks in their contracts,classes of services, and volumediscounts for other kinds ofcommunications. And they need tounderstand their corporation’s levelof risk and trust because outsourcingterrifies people. They also need toassess realistic expectations of whatthe vendors can actually achieve. Todo this, trials using less criticalapplications are essential.

Editorial Analysis

If there is a single theme that ranthrough John Kay's talk aboutChrysler's extensive e-commerce/extranet effort (see page10), it would probably be successthrough careful planning andconsistent execution.

As any developer will tell you,building a wired presence is easy.Building an effective presence thatsuccessfully links up thousands ofbusinesses and tens of thousands ofindividual users is somethingentirely different.

Kay's talk reads like how-tomanual on e-commerce. From thevery beginning, the Chrysler systemwas built from a user, not developer,standpoint. This is crucial. All ofthe R&D in the world won't help youif your users are unable makebusiness-critical applications work.Go right to the source. Yourcustomers can be a provide a wealthof information on ways to improvethe way you do business online.

His advice on design is right onas well. Keep it simple. A clean,straight-forward interface withcommon navigation is far moreeffective that flashy graphics andun-firewall-friendly Java applets. Inaddition, extensive tutorials help getusers up to speed quickly. And onceup to speed, it makes your job thatmuch easier when you launch newfeatures and applications becausethe users already know what toexpect.

He also noted that the Big Threeautomakers are collaborating onways to make their respectiveextranets consistent with oneanother. While this might seem tofall into the strange bedfellowscategory, it makes sense with Kay'suser-focused development. If thesethree companies all use the samesuppliers, a consistent look and feelacross the various extranets wouldmake their users' online experienceseven easier. And for the lesstechnically-inclined, this is critical.

This just underscores his moreimportant point, that you absolutelymust strive nothing less thanperfection in all of yourapplications. Thanks to softwarepatches and automatic updates,some vendors think that launchinghalf-baked apps is okay. Perhaps



they are right—or not. But on theextranet, business-critical appscannot have the same kind oftouchy-feely period to work out allof the kinks. Just as they wouldn'trelease a car with an engine thatdidn't function, they cannot unleashan application on thousands ofassociates that wasn't up to snuff.

Interesting idea: build a systemthat is user-friendly, comprehesive,and actually works. As a user, thatsounds good to me. In fact, I thinkyou would be hard-pressed to findany computer user who was againstsomething that would make his/herlife easier. Perhaps some ofsoftware vendors could learnsomething from Chrysler. Just athought. (Contributed by EricRich)



GIGA INFORMATION GROUP WORLDWIDE CONTACTS

UNITED STATES

MASSACHUSETTS

Giga Information GroupOne Kendall SquareBuilding 1400WCambridge MA 02139Tel: 617.577.9595Fax: 617.577.1649

Giga Information GroupOne Longwater CircleNorwell MA 02061Tel: 781.982.9500Fax: 781.878.6650

CALIFORNIA

Giga Information Group3945 Freedom CircleSuite 720Santa Clara CA 95054Tel: 408.987.2765Fax: 408.492.9823

CONNECTICUT

Giga Information Group125 Main Street, Suite 475Westport CT 06880Tel: 203.221.1199Fax: 203.221.1252

ILLINOIS

Giga Information Group1300 West Higgins Rd.Suite 116Park Ridge, IL 60068Tel: 847.823.2393Fax: 847.823.2394

FRANCE

Giga Information Group98 Route de La Reine92100 BoulogneFranceTel (33) 1 48 25 32 00Fax (33) 1 48 25 41 93

GERMANY

Giga Information Group GmbHCarl-Zeiss-Ring 19-2185737 Ismaning bei MeunchenGermanyTel (49) 89 9607 8302Fax (49) 89 9607 8330

Giga Information Group GmbHKonigsallee 60FD-40212 DeusseldorfGermanyTel (49) 211.8903.272Fax (49) 211.8903.288

ITALY

Giga Information GroupVia Mario Pagano, 1220145 MilanoItalyTel (39) 2 3310 0365Fax (39) 2 3310 1750

NETHERLANDS

Giga Information GroupTranspolis Schiphol AirportPolaris Avenue 532132 JH HoofddorpThe NetherlandsTel (31) 23 568 59 52Fax (61) 23 568 57 01

UNITED KINGDOM

Giga Information GroupArliss Court24 Clarendon RoadWatford, Herts, WD1 1GGUKTel (44) 1923 354444Fax (44) 1923 354433

Giga Information GroupCastle Hill House12 Castle HillWindsor, Berkshire SL4 1PDTel: (44) 1753 831721Fax: (44) 1753 831999


Subscription Order Form

Please sign me up for a subscription to the Conference Analysis Newsletter. I understand that I will receive a minimumof 20 issues per year.

q 1 Year—$497.00 U.S./$552.00 elsewhere q 2 Years—$749.00 U.S./$849.00 elsewhere

Name: Title:

Company: Address:

City: _______ ________ State: _______ Zip:______________

Phone: ________________________________ Fax: _________________________________

Please charge my: q Master Card q Visa q Diners Club qAmerican Express

# ________ Expiration Date (Month/Year)

__ ________________Signature

q Check enclosed Bill My Company - P.O.#

Please make checks payable to: Giga Information Group.

Mail to: Giga Information Group, One Longwater Circle, Norwell MA 02061, or call: 800.874.9980, FAX:781.982.1724. All checks must be drawn on a U.S. bank. Please add applicable state sales tax.

conference analysis - csudhsom.csudh.edu/fac/lpress/articles/giga/ni981.pdf · on streaming media,...

Documents