Articles

The following article is from the August 16, 1999 online issue of PC Week:

Perot's VPN path to the virtual enterprise

The company boldly steps up to a VPN platform -- and rises to greater challenges, opportunities

By Anne Chen, PC Week Online
August 16, 1999

Think launching a new dot-com enterprise from scratch would be a big job? That's nothing compared with the challenges of turning a large, established corporation into a virtual business by moving all of its core systems onto the Internet.

That's the long-term goal of Perot Systems Corp., in Dallas. Over the next five years, the IT services company, founded by Ross Perot, plans to move the entire company-back-end applications and all--from private leased lines onto the public Internet using VPN (virtual private network) technologies. Perot officials believe the move will not only cut networking costs but will also allow for tighter relationships with partners and suppliers, which will be able to easily tap into Perot's systems to share information and do business online.

"The ultimate goal is the virtual company based on an infrastructure-type model," said Richard Karon, Perot's network security business developer, in Plano, Texas. "We're trying to use our VPN as an enterprise tool, not just for business-to-business purposes."

Such an undertaking is far from simple. For one thing, the project is large. Karon is building server-to-server VPN connectivity between 20 remote domestic and international sites and Perot's corporate network, based in Plano. Eventually, 6,000 employees will be on the network. Karon is also giving 400 users remote access to the VPN. So far, five Perot sites are using the VPN. Deployment of the VPN's infrastructure--being handled by a staff of 12--will be finished by the end of the year.

Big savings

Perot began to look into VPN technology more than three years ago. The idea was to save money by moving corporate systems and standard Web and e-mail applications off a frame relay running on leased lines and onto the public Internet. Perot was paying as much as $1,500 per month for domestic frame circuits and T-1 lines and as much as $15,000 per month to connect its India and United Kingdom offices. Employees at remote customer sites were also racking up huge phone bills, trying to access Perot's data center in Plano for client files.

But the reasons to move Perot to a VPN didn't stop there. Karon and other IT managers saw a VPN as a platform both to elevate awareness among end users about the importance of security and for important new technologies such as directories.

"Security doesn't necessarily sell on its own, and VPNs are really the first type of technology that has the potential for return on investment in terms of security," Karon said. "When you talk about actually having the potential to get some value out of security and bring in technologies that will secure an infrastructure, that, in my mind, is a boon."

Karon admits that the business his company is in played a large part in his getting approval for the VPN. After all, Perot will eventually offer VPN solutions to its Fortune 500 customers. But if anyone is to push the envelope, it's going to be consulting companies, said Jody Patilla, vice president for the Centers of Excellence at Meta Security Group, in Alpharetta, Ga.

"A consulting company like Perot is more likely to make good on the idea of putting itself onto a [VPN] than, say, an airline or financial institution," Patilla said. "The people who are going completely onto VPNs and doing it well are the midsized companies with a dozen or so remote offices."

At Perot, each VPN user is assigned a security policy, which outlines what he or she can--and cannot--access. When users at Perot's remote offices access the company network, Check Point Software Technologies Ltd.'s VPN-1 encrypts all communications. Check Point's VPN-1 Gateway then authenticates users, and Entrust Technologies Inc.'s Entrust/Access gives users permission to handle client files in the data center, access PeopleSoft Inc.'s financials and human resources applications, and use IT help desk and ticketing applications. Eventually, business partners will access applications and information in the same way.

Remote client users use Check Point's VPN-1 SecuRemote, installed on their laptops, to access the corporate network via dial-up Internet connections and establish secure VPN sessions. Token certificate authentication is provided by SecurID cards from Security Dynamics Inc., of Bedford, Mass.

While Karon has not had any real problems deploying his VPN, he admits it's not yet ready to support mission-critical enterprise applications. That's because VPN products lack some features available on frame relay. He hopes, for example, that companies such as Cisco Systems Inc. will come through with Dynamic Host Configuration Protocol capabilities that will improve VPN manageability and availability by automatically assigning IP addresses to the end users.

"VPNs are a developing technology today," Karon said. "That means that you can play with the technology, but to really run an enterprise-level VPN requires some additional advancement in the technology."

For the future, Karon is looking to put voice over IP and video over IP onto the VPN. Currently, however, Karon does not see his VPN as stable enough to handle voice yet--at least partly because there is also no guarantee of any level of service over the Internet, he said.

"The technology and the bandwidth just aren't ready yet, but it's definitely in the future," Karon said. "You get a double win when it comes to running voice over a VPN. We'll continue to push until it's possible."

Read the full PC WEEK VPN Report

Read about the Check Point VPN-1 Product Family