The painful reality of today's global IP VPNs is that traffic often is at the mercy of the public Internet's routing infrastructure. Much of Deloitte Consulting's Asia-Pacific traffic, for instance, gets routed through the West Coast of the United States, so when a user in the Hong Kong office messages a user in Sydney, the packets take a roundabout route through San Francisco.
"Some levels of latency are unavoidable," says Eric Erikssen, director of technology infrastructure for New York-based Deloitte Consulting.
Also, with bandwidth disparities from region to region, there's no way to get equal performance for every site. Deloitte users in South Africa and Thailand, for instance, historically have had lower-bandwidth Internet services than employees in the United States and Europe. "Managing performance is the biggest challenge," says Larry Quinlan, Deloitte Consulting's CIO. "It's difficult and expensive to get bandwidth in some countries, although it is improving."
Deloitte Consulting is adding more Web-based applications, which should relieve the slower network performance at some of its most remote sites. The latest is Microsoft's Outlook Web Access, which will give Deloitte consultants access to corporate e-mail from kiosks or a client's PC over the public Internet. Although the company installed Outlook Web Access as a value-add for Deloitte's consultants, the application also should alleviate latency problems in those locations by freeing up VPN bandwidth, as it will ride over the Internet instead, Erikssen says. Most of Deloitte's main business applications run out of its data center in Spring Valley, Pa.
The remote-access piece of the VPN, meanwhile, is critical for Deloitte Consulting, which has a worldwide work force of about 16,000 mostly mobile consultants who spend much of their time at client sites. Before the remote-access VPN, some workers had to wait until they returned to the home office to do billing and other project tasks. Just getting e-mail over the Internet from a client site was cumbersome. "They had to rummage under the client's desk and unplug the fax machine just to get e-mail," Quinlan says. "Now they download e-mail over high-speed links. It makes life a lot easier."
With the VPN tunneling service, Deloitte consultants can also access other business applications, such as project management and billing. The Aventail VPN tunnels traffic over Deloitte Consulting's VPN with an SSL Layer 7 protocol instead of the standard, lower-layer IPsec that most VPN firewalls use. Aventail's tunneling protocol sets up a proxy over the IP ports. Most companies keep this open for special applications or browsing, so Deloitte consultants don't have to ask their clients to reconfigure their firewalls or to open other ports. Aventail manages the Aventail.Net VPN equipment that sits at five of Deloitte Consulting's sites. Deloitte handles just the software on the consultants' PCs and laptops.
A big draw of the IP VPN, meanwhile, is that it consolidates Deloitte Consulting's WAN and Internet connections into one circuit at each site. The VPN is evolving, too: WorldCom's service-level agreements so far have been enough to ensure that high-priority applications such as SAP R/3 aren't bumped off the VPN by less sensitive applications, Erikssen says, but Deloitte Consulting's IT team is looking at deploying QoS (Quality of Service) on the VPN to ensure these apps always get first dibs on the pipe. Ultimately, the company plans to run fewer homegrown client-server applications and more Internet-based apps, such as e-learning. "Going forward, 80 percent of our traffic will be Internet," Quinlan says, "and some of our applications will be outsourced."
|
On the Job
- Quinlan's Main Challenge of Managing the Backbone VPN: Ensuring performance in Bangkok and Shanghai without disrupting performance in Boston and New York.
- Main Challenge of managing the Remote-Access VPN: Managing expectations. ... You miss all the fun in computing when your access to the network is a ridiculously small modem pipe.
- Next Time I Build a VPN I Would: Not build one. At some point soon we're going to have to get to where the network is a public utility ... and we simply plug into it without having to build VPNs and other kinds of networks. ... The ubiquity inherent in that concept would allow our people access to resources in ways they cannot imagine today.
- Most Exciting Part of the Job: Working with team members coming from many different countries, and the ambiance of a World Cup.
- Next Career: A university professor--there is a much higher rate of end-user compliance with reasonable requests.
|
REPORTS
ANALYTICS
Follow 
