Of the 21 vendors we invited to participate, the ones that were confident enough to take us up were AT&T, GTE Internetworking, Infonet Corp., PSINet, Qwest Communications Corp. and Uunet. Concert Communications sent us details of its pending service. We've included it in a sidebar since it offers some exciting features, but won't be available till later this year (see "On the Horizon: A Classy Service From Concert," page 49).

The results? Uunet's UUsecure VPN and GTE Internetworking's VPN Advantage led the pack. Both offer robust security and provide customer-specific measurements of SLA (service-level agreement) performance. The two vendors have strong product offerings, each with its own strengths. UUsecure VPN offers more attractive SLA terms and came in at a much lower price for the scenario we presented. But GTE Internetworking's security features and significantly broader geographic coverage meant it just beat out Uunet for the top spot.

Meanwhile, two other providers with broad geographic coverage--Infonet and Concert--are worth watching. Beginning in April, Infonet's already strong Global Intranet offering will combine MPLS (Multiprotocol Label Switching), IPsec and PKI (public key infrastructure) capabilities. At about the same time, Concert will start offering its managed IP service with CoS (Class of Service) support. PSINet has broad geographic coverage too, but if you're interested primarily in the domestic coverage, both AT&T and Qwest provide solid, cost-effective solutions.

Networking Simplified
If you use a managed frame relay service, you'll probably find that the prices for private IP services are higher in the United States and less expensive internationally (see "Private IP Services: A Cost Comparison," page 46). But the real story, as John Morency from Sage Research points out, is that a managed private IP service is less complex. "Only 35 percent of networking cost is spent on bandwidth," he says. The rest goes to staff (42 percent) and capital spending (23 percent).

Corporate networks are already overcomplicated. That's not about to change; in fact, with ever-increasing availability of new access options (DSL, cable modems, fixed wireless and third-generation wireless, to name a few) the level of complexity is increasing. Corporate networks must now support a variety of access requirements. Not only will the number of mobile workers and telecommuters continue to increase, these employees also expect to access the network from an increasing array of nontraditional devices, including wireless PDAs and Web phones. Many of the different access techniques and pervasive computing devices will utilize new data-link-layer technologies. The only sensible way to manage that increasing underlying complexity is to hide it--and the sensible place to hide it is underneath IP.

For remote access, the most effective solution is to combine IP VPN (virtual private networking) technology with a service provider's dial-in facilities. This combination is easy to implement and cost effective, and its underlying complexity is hidden from users.

Similar arguments apply to sites where dedicated connections are required. For example, if you operate an IP network with sites interconnected by frame relay, you probably spend a lot of time setting up PVCs (permanent virtual circuits) to other sites. If you wanted to provide full meshing among, say, 50 sites, you'd need 1,225 PVCs. The formula for determining full meshing of n sites is n(n-1)/2.

That's a heck of a lot of complexity, both for you and your routers--not to mention cost if you're paying on a per-PVC basis. In reality, you might not provision all those PVCs. Instead, you'd attempt to figure out what the traffic flows really are and match PVCs appropriately--necessary from a cost-performance perspective, but an even more complex undertaking.

Contrast that with an IP-based service offering: Only one PVC is required for each site. The carrier's IP network does all the hard work, and in the case of all the offerings reviewed here, you don't even need to manage the router. As with other managed services (such as managed frame relay), that gets done for you. What's more, most vendors offer an aligned dial service so that you can use a single service for all access and backbone needs, further reducing complexity.

Opening Your Options Reducing complexity is only half the equation. Private IP networking also opens up a new set of service options--particularly in the areas of application hosting and IP telephony. Many organizations outsource hosting of their corporate Web sites, often to companies like those featured in this article. With a private IP networking approach, your carrier also can host some of your internal systems. Such outsourcing might make sense for many reasons: cost effectiveness, a skills shortage in a particular area or simply a desire to integrate external and internal systems more tightly.

That flexibility is not just limited to application hosting. In fact, IP telephony presents one of the most compelling areas for this type of arrangement. Most corporations' data networking folks don't have strong telephony credentials, and enterprise-scale PSTN (public switched telephone network)-integrated IP telephony is a complex area. Because telephony requirements are similar from organization to organization, it is practical for carriers to host PSTN gateways and IP telephony gatekeepers on customers' behalf. Over the next two years, as demand increases for tighter integration between call center and Web-site infrastructures, collocation of Web and IP telephony servers will become more prevalent. However, for private IP networking services to support IP telephony they'll have to support appropriate QoS (Quality of Service) mechanisms, such as differentiated CoS. Most vendors still have a way to go in that area.