With so many providers and product options, many enterprises find that developing an IP Virtual Private Network (VPN) deployment strategy to suit their specific requirements can be confusing. Each IP VPN option comes with its own advantages and disadvantages as well as several interlocking factors such as site location, capacity and security requirements. Rather than simply listing some of the issues surrounding IP VPN selection, this IP VPN decision model will highlight the key factors and their impact on the decision process. This model includes any IP VPN deployment strategy that could be used for the majority of a company’s backbone. We do not include specialty VPN products such as secure socket layer (SSL) VPNs, remote desktop control, and portal-based remote access.
IP VPN Selection Criteria Model Description
We make several assumptions about the types of enterprises that would be considering an IP VPN and that would find this selection criteria model helpful. First, these enterprises are generally using wide-area networking (WAN) technology, such as frame relay, private line or ATM. Second, the enterprise’s data needs between branches are growing in capacity and application complexity. Last, these enterprises have in-house IT staff that has the skills to either manage the IP VPN or support a carrier-managed service.
The selection criteria model uses a flow chart broken into three end results: roll your own (RYO) IP VPN; managed customer premise equipment (CPE) IP VPN; and network-based IP VPN.
The enterprise staff deploys and manages RYO IP VPNs, which use CPE equipment bought from a vendor and connectivity bought from a carrier. Managed-CPE IP VPN services from a service provider include installing the equipment, CPE management, and connectivity. The provider fully manages a network-based IP VPN and it does not include specialized customer CPE. However, it has the drawback of not offering end-to-end encryption.
It is important to note that few companies are going to choose only one of these options. Many companies have implemented hybrid solutions using two or three of these options.
The goal of this model is to demonstrate the IP VPN choice that would best support the bulk of corporate sites. An enterprise that chooses to deploy a network-based IP VPN may choose to install a managed-CPE solution in smaller, off-net locations. As another example, an enterprise may be slowly migrating to an IP VPN solution from a traditional data service and may only roll over a few sites in the short term. This selection criteria model is designed to help this kind of company choose the general direction best suited for its long-term WAN requirements.
- Carefully choose the right flavor of IP VPN for the majority of your corporate locations and then choose the best carrier and vendor for the job, and not the other way around. Many enterprises are simply going with the limited options available from their current carrier and vendor, which may not be the best solution.
- Do not limit your options only to domestic carriers. There are a wide variety of service providers that offer IP VPN services, including managed service providers, international carriers, CLECs and independent ISPs. Be sure to weigh all the options.
- Calculate your return on investment for each IP VPN option. Enterprises need to understand the economic impact of switching to a new service by comparing their current network costs to the available options. An effective ROI analysis should take into consideration installation costs for new equipment, time and expense of removing the old network, staffing considerations, improvements in network resiliency and connectivity charges, among others.
Maynard and Kerravala are analysts at The Yankee Group.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.