Network Computingwww.networkcomputing.com

"Some levels of latency are unavoidable," says Eric Erikssen, director of technology infrastructure for New York-based Deloitte Consulting.

Also, with bandwidth disparities from region to region, there's no way to get equal performance for every site. Deloitte users in South Africa and Thailand, for instance, historically have had lower-bandwidth Internet services than employees in the United States and Europe. "Managing performance is the biggest challenge," says Larry Quinlan, Deloitte Consulting's CIO. "It's difficult and expensive to get bandwidth in some countries, although it is improving."

Deloitte Consulting is adding more Web-based applications, which should relieve the slower network performance at some of its most remote sites. The latest is Microsoft's Outlook Web Access, which will give Deloitte consultants access to corporate e-mail from kiosks or a client's PC over the public Internet. Although the company installed Outlook Web Access as a value-add for Deloitte's consultants, the application also should alleviate latency problems in those locations by freeing up VPN bandwidth, as it will ride over the Internet instead, Erikssen says. Most of Deloitte's main business applications run out of its data center in Spring Valley, Pa.

The remote-access piece of the VPN, meanwhile, is critical for Deloitte Consulting, which has a worldwide work force of about 16,000 mostly mobile consultants who spend much of their time at client sites. Before the remote-access VPN, some workers had to wait until they returned to the home office to do billing and other project tasks. Just getting e-mail over the Internet from a client site was cumbersome. "They had to rummage under the client's desk and unplug the fax machine just to get e-mail," Quinlan says. "Now they download e-mail over high-speed links. It makes life a lot easier."

With the VPN tunneling service, Deloitte consultants can also access other business applications, such as project management and billing. The Aventail VPN tunnels traffic over Deloitte Consulting's VPN with an SSL Layer 7 protocol instead of the standard, lower-layer IPsec that most VPN firewalls use. Aventail's tunneling protocol sets up a proxy over the IP ports. Most companies keep this open for special applications or browsing, so Deloitte consultants don't have to ask their clients to reconfigure their firewalls or to open other ports. Aventail manages the Aventail.Net VPN equipment that sits at five of Deloitte Consulting's sites. Deloitte handles just the software on the consultants' PCs and laptops.

A big draw of the IP VPN, meanwhile, is that it consolidates Deloitte Consulting's WAN and Internet connections into one circuit at each site. The VPN is evolving, too: WorldCom's service-level agreements so far have been enough to ensure that high-priority applications such as SAP R/3 aren't bumped off the VPN by less sensitive applications, Erikssen says, but Deloitte Consulting's IT team is looking at deploying QoS (Quality of Service) on the VPN to ensure these apps always get first dibs on the pipe. Ultimately, the company plans to run fewer homegrown client-server applications and more Internet-based apps, such as e-learning. "Going forward, 80 percent of our traffic will be Internet," Quinlan says, "and some of our applications will be outsourced."