The advantages promised by broadband connections may prove to be the undoing for virtual private network technology, according to some industry observers. One company thinks it has the right preventative measures.
One of the great advantages of virtual private network technology is that it allows remote users to securely access corporate networks via broadband connections.
Ideally, this should provide much faster access than dial-up modems. But as telecommuters and other remote workers upgrade to faster connections, the aggregate bandwidth is threatening to overflow corporate Internet gateways.
It's a looming mess that some industry watchers have dubbed "the reverse Internet bandwidth tsunami." As more remote users connect over Digital Subscriber Line (DSL) and other links speedier than 56-kilobit-per-second modems, bottlenecks are expected to become increasingly acute.
"Specifically for [virtual private networks], it's absolutely a problem," says Brett Kelley, an analyst at Network Strategy Partners, a network management consulting firm in Boston. "If you're going to be productive at all as a remote worker, you need guaranteed access to the corporate network."
Companies that provide bandwidth management products, such as Centricity, have identified the coming virtual private network bandwidth explosion as a fertile marketing opportunity. "One of the best ways to scale your VPN network is to acquire DSL or cable modem services to let users get back into corporate resources," says Paul Cunningham, director of product management at Centricity. "But the corporate data centre can't scale to meet the absolute bandwidth demand. A couple of DSL users can easily swamp a T1 [1.5-megabit-per-second] link."
As you might expect, Cunningham says Centricity has exactly the right product for this situation. Its Centrewise software sits on end users' desktops and controls the rate at which Internet applications transmit data, based on the constraints of the network. That means the system can put a cap on the amount of bandwidth individual users - or specific applications - are consuming so that the network doesn't get congested.
Because the Centrewise software resides on client desktops, it is able to apply bandwidth usage policy - providing what is known as quality of service - before it gets encrypted by the VPN. "Most vendors can't handle this, because they have very little visibility into the data stream once it's encrypted," he says.
Other companies are latching onto the theme, including Sitara Networks, which makes a quality-of-service networking device. Sitara's approach is to assign bandwidth management policies to traffic before it hits a VPN tunnel server, says Manickam Sridhar, chief technology officer at Sitara.
Some VPN equipment makers are incorporating bandwidth-throttling features directly into their systems.
Nortel Networks, for example, is beta testing version 3.0 of the software for its Contivity VPN remote access concentrator, which can guarantee a minimum amount of bandwidth for each user or for groups of users. The upgrade, due next month, will let customers apply bandwidth rules to each VPN tunnel, says Bob Reason, senior manager of product marketing for the Contivity line. Similarly, Check Point Software Technologies sells a bandwidth management server, FloodGate-1, in conjunction with its firewall and VPN products.
Nevertheless, not all VPN product vendors are convinced broadband users are overwhelming corporate networks - at least, not yet. Lori Sylvia, senior product manager at VPN supplier Indus River Networks, which was recently acquired by Enterasys Networks, says network managers can avoid a reverse-bandwidth wallop through adequate capacity planning.
"We have customers who are operating VPNs that support thousands of users, and they're a mix of dial-up [modems], DSL and cable," she says. "They aren't having to do any sort of traffic shaping for this user or that user."
What's more, according to Nortel's Reason, the aggregate bandwidth of a company's remote-access users will never be needed all at once.
It may be true that most VPNs in use today aren't suffering from a bandwidth crunch, says Suketu Pandya, chief technology officer at Centricity, but once VPNs are more widely deployed, companies will have to figure out a way to manage the tidal wave of in-bound traffic. "You can't just throw bandwidth at it forever," he says.
