Network-based, value-added services can help your business customers to control costs, improve productivity, and stay competitive. New services also provide an opportunity for you to further differentiate your company from other service providers. As you shift your focus from providing low-margin, basic connectivity to offering a complete range of network-based value-added services, Cisco Systems® can help you succeed by strengthening the value proposition for your business customers and accelerating your time to market.
The managed versions of the value-added services represent your best opportunities for immediate profit growth. Today's business customers recognize a greater need for intense focus on their core competencies to help ensure their survival in the prevailing economic climate. By tapping into your network, value-added services, and network management resources, businesses of all sizes can achieve this focus without the distractions of in-house service design, deployment, and management responsibilities for enabling business operations.
VPNs provide a foundation for a complete portfolio of managed services, and enable you to affordably:
• Extend your managed-services portfolio to offer affordable site-to-site and remote-access solutions
• Appeal to small- and midsized businesses (SMBs), and meet the out-tasking needs of large enterprises
• Establish a foundation for additional value-added services such as IP telephony, managed security, hosted applications, e-commerce, and content delivery
Cisco® offers the experience, technologies, and business expertise that can support a smooth business and technical transition, and can help you make the most of the managed-services opportunity. Cisco will help you quickly capture new revenue streams by creating and deploying scalable, cost-effective, value-added VPN services that address rapidly growing managed-service market demands generated by business customers.
THE VPN OPPORTUNITY
Businesses of all sizes want to differentiate themselves from the competition while they also streamline their business processes. They constantly look for ways to increase productivity and efficiency, control costs, and maximize returns on investments. When it comes to corporate networking, today's businesses want solutions that directly address their business goals and operations. They want networks with built-in intelligence and service adaptability-solutions that are focused on relevancy to business processes and not on the underlying technology or delivery systems.
To achieve their networking goals, companies that formerly handled their own communications requirements are choosing to free up in-house resources by out-tasking or partnering with service providers to develop, enhance, and manage their corporate networks. If a service provider can address the overall needs better and more cost effectively than the in-house options, the service provider will win the business. Services are bought based on business-process improvements.
With these fundamental shifts in corporate network management and operational strategy, the outlook remains positive for continued growth in demand for managed IP VPN services. In a July 2003 forecast, leading market research and consulting company Ovum revealed that the global VPN market is expected to reach US$21.3 billion by 2007, with access application VPNs totaling US$3.5 billion (see Figure 1). Additional value-added services include:
• IP telephony
• Managed security
• Hosted applications
• E-commerce
• Content delivery
• Disaster recovery
• Integrated access
Figure 1
Worldwide VPN Estimates (in $millions, US)
Source: Ovum, July 2003
The exponential growth and ubiquity of the Internet must also be considered when discussing VPN expansion. Acceptance of and reliance on the Internet is expanding the customer base and is a significant factor contributing to the VPN market opportunity. The Internet also helps to enhance your network-by taking advantage of VPNs and extending the service footprint into the Internet or partner networks, you can globally offer a more comprehensive bundle of end-to-end services to business customers.
Managed IP VPN services give you the opportunity to pass along cost savings to your business customers. With a shared infrastructure's economies of scale, you can significantly reduce overall network costs for your business customers that subscribe to your managed-service offerings. The majority of today's business IT decision makers plan to implement network-based business solutions for workforce optimization, customer care, corporate communications, and other functions. Additionally, business and government organizations are moving to enhanced networking services-such as IP PBXs, wireless LANs, e-commerce, and hosting applications-to reduce costs, increase functionality, and improve productivity. Nearly all of these applications, services, and customers can be optimally served with IP VPNs on a shared service provider infrastructure, allowing you to pass along the cost benefits of the flexible, scalable approach to your business customers. The potential for cost savings to business customers is also stimulating demand for edge-managed services and increasing edge-access service revenues.
VPN MARKET DRIVERS
While the ubiquity of the Internet, and thus the possibility of corporate access from anywhere, is the single largest reason companies seek VPN technology, there are many other motives. From a business customer's perspective, demand for VPNs is growing in response to the cost savings, availability, enhanced security features, and access levels made possible with VPNs. VPNs also support the convergence of data, voice, and video on a single infrastructure. The remaining drivers for the VPN market can be split into business and technology drivers.
Business Drivers
The market for VPNs expands as these managed services address business goals including:
• Profitability-Enhanced, managed network services can translate into profitability for today's corporations.
• Globalization-Communication services play a crucial role in business growth and expansion on a national and global scale.
• New business processes-VPN technology simplifies the deployment and use of new applications and business processes, such as e-commerce and supply-chain management.
• Changing business models-Customers no longer want to pay for connection time and distance; demand is pushing business models to a focus on bandwidth and services. Multiple service types provide additional revenue opportunities for service providers, and give customers more solution options for solving their business problems.
• Allowing employees to take on multiple roles-VPN services enable flexibility for a dynamic workplace and workforce.
• Enabling full-service branches-As more and more tasks move from headquarters out to remote offices, VPNs enable the effective deployment and management of fully functional, geographically dispersed workplaces.
VPN market growth is also influenced by several business trends:
• The growth of the SMB-As more of these businesses emerge, the demand for secure, convenient, and cost-effective communications between employees, business partners, and customers also increases. Limited IT resources in this market generate demand for managed services that enable efficient communications.
• Increased numbers of teleworkers-Remote workers require cost-effective, secure, and convenient access of corporate, mission-critical applications and information.
• Out-tasking-The lack of capital budgets for equipment purchases and the rising cost of maintaining a well-staffed IT group have made it expensive for companies to build in-house dedicated communications solutions such as private networks.
Technology Drivers
Many technology advancements are enabling VPN development and also increasing user confidence in VPN solutions. These advancements, combined with ubiquitous user acceptance, are driving the VPN market:
• IPSec-A strong VPN building block, IP Security (IPSec) provides privacy for traffic moving over public networks and also protects traffic in the core network and at the network edge where data can be otherwise exposed.
• QoS-Advancements in network quality-of-service (QoS) mechanisms allow the prioritization of packets traveling over networks, and enable bandwidth allocation for mission-critical information.
• Processing-Cryptographic processing technology advancements improve performance over VPNs and built-in scalability to the networks. Networks and their packets need to be optimized for services instead of just performance.
• "Always-on" broadband communications-Growth and greater availability of broadband connections provide improved convenience and speed of access. Combined with VPN services, broadband connections provide users with secure communications for using corporate resources remotely over the Internet.
IP VPN SERVICES-THE ROAD TO REVENUE
Companies of all sizes have three types of VPNs (see Table 1) to consider for their business needs:
• Site-to-site VPNs-Linking corporate headquarters and branch offices over a shared, prioritized network, and extending services to outside users such as customers and business partners
• Access VPNs-Connecting remote workers and mobile users to the corporate network over dial, DSL, ISDN, wireless, and cable technologies
• Multiservice VPNs-Connecting multisite locations and converging data, voice, and video
Table 1. IP VPN Services and Technology
Service
Targeted Users
Architecture
Technologies
Site-to-site VPNs
Businesses that wish to link branch offices, suppliers, partners, customers, and communities of interest
IP tunnel, virtual circuit, or MPLS
Network-based Multiprotocol Label Switching (MPLS) VPN, customer premises equipment (CPE), and network-based IPSec, generic routing encapsulation (GRE), IP, or IP+ATM
Access VPNs
Mobile workforces and telecommuters
Client-initiated or network access server (NAS)-initiated
Multisite businesses that want converged data, voice, and video
A framework for a converged packet-based VPN service for voice, video, and data
Network-based MPLS VPN, CPE and network-based IPSec, GRE, IP, or IP+ATM
In addition to achieving remote access capability, IT managers are also turning to VPNs to migrate away from large, expensive, inflexible, and difficult-to-manage legacy networks. VPNs let them use the service provider shared infrastructure and the Internet to tie together broad-reaching networks and to link geographically dispersed employees and branch offices with mission-critical corporate applications. This
contributes to a flexible, converged infrastructure that can grow with the business. Network managers are using VPNs to extend mission-critical business applications out to customers and suppliers without sacrificing security-cost effectively and safely managing data moving over the Internet. Managed services leveraging IP VPNs offer many other benefits, including:
• Lowered wide-area corporate networking costs and improved network performance
• More secure networks with reduced vulnerabilities to attacks
• More flexible and easily scaled networks
• Enhanced ability to provide network connectivity, security, telephony, and other IP-based capabilities to geographically dispersed branch offices, remote users, teleworkers, and business partners
• Streamlined IT operations and the ability for the in-house IT staff to gain expertise from the service provider
• Easier deployment of IP-based applications such as enterprise resource planning (ERP), e-learning, and streaming video
Service providers are responding with a portfolio of VPN services targeted at the different user segments (see Table 2) and their respective needs. The basic portfolio of a managed VPN service from a service provider must address the fundamental customer demands for managed CPE solutions, intranets and extranets, remote access, and integrated Internet access. But as this market evolves, customers will demand additional value-added services on top of the basic managed VPN service portfolio. An example of a service provider's phased roll-out of managed VPN services would involve:
• Phase 1-Basic VPN services
• Phase 2-Classes of service, secure off-net access, and site backup and resiliency solutions
• Phase 3-Managed security with firewall and intrusion detection, multiple services over VPN, intranet hosting and colocated services, wireless VPN capabilities, and scalable operations support system (OSS) solutions for deploying VPNs
• Phase 4-Voice, IP telephony, private content services, managed extranets, managed hosted applications, and any access to any services over VPN
Bundling is preferred rather than individual services
Enhanced security
Enables productivity and communications applications
Enhanced security QoS/SLAs
Interest in deploying content over the VPN (for example, e-learning)
Need to be cognizant of industry-specific regulations, such as Health Information and Patient Privacy Act (HIPPA), confidentiality
Similarly, service providers can start with basic managed VPN services and then expand the portfolio to target specific industries in a phased fashion. Table 3 shows the key business concerns for several industries, and the service offerings that could be introduced to target these markets. A third option would be to phase in VPN services specific to small, medium-sized, and large businesses.
Gramm-Leach-Bliley Financial Services Modernization Act, Branch of the Future
Homeland security, declining state budgets, mandated IT outsourcing
eRate, "No Child Left Behind," "safe and secure," university revenue pressure
HIPPA requirements for encrypting traffic and authenticating users
Primary service provider offerings
• IP VPN
• Voice over IP (VoIP)
• IP video
• Storage/content delivery networks (CDNs)
• Mobile wireless
• Wireless LAN (WLAN)
• IP VPN
• Managed IP telephony (IPT)/unified communications (UC)
• WLAN
• Managed hosting
• Network security
• CDNs/storage
• IP VPN
• IPT
• Network security
• IP video
• Storage
• IP VPN
• Network security
• Managed IPT
• Wireless
• IP video
• IP VPN
• Network security
• Mobile wireless
• Remote access
CISCO VPN TECHNOLOGIES AND SOLUTIONS
Virtually all Internet traffic travels on internetworking equipment from Cisco, and many Fortune 1000 companies and global service providers have made Cisco their networking vendor of choice. These factors have contributed to the wealth of Cisco experience relating to internetworking and scaling services in large, mission-critical environments. Cisco is uniquely positioned as a technology leader enabling the deployment of VPNs and associated managed services. Industry-leading Cisco routers, WAN switches, VPN concentrators, access servers, and firewalls-combined with robust Cisco IOS® Software and the carrier-class VPN management and provisioning software suite-are integral to deploying the broadest set of VPN architectures.
The building blocks of Cisco VPN solutions for service providers are provided through industry-leading Cisco IOS Software and hardware features, including:
• Security-Subscribers want assurance that their VPNs are private and that applications and communications are secure and isolated from malicious attacks.
• QoS-QoS addresses two fundamental requirements for applications that run on a VPN-predictable performance and policy implementation. The increasing volume of network traffic, along with application specifics requirements for prioritizing traffic, results in the need for dynamic and flexible bandwidth control and allocation.
• Manageability-Service providers need to transparently manage network and customer-edge devices, meet the terms of customer SLAs, and enable business customers to personalize their access to network services and applications.
• Reliability-Carrier-class reliability reduces the risk of services downtime due to unexpected network component failures.
Cisco IOS Software Technologies
To strengthen the underlying networks, Cisco delivers VPN solutions to service providers through its feature-rich Cisco IOS Software. This software includes leading-edge technologies that Cisco has optimized for provider edge (PE) and customer edge (CE) devices. Cisco IOS Software extends the value proposition of the IP VPN services deployed over the network with:
• Nonstop forwarding (NSF)
• AutoQoS
• Network-based application recognition (NBAR)
• Multi-VPN routing and forwarding (Multi-VRF)
• Broadest support for routing protocols
• Service Assurance Agent (SAA)
Cisco Layer 3 Site-to-Site VPN Solutions
The Cisco site-to-site MPLS VPN solution (see Figure 2) enables secure data, voice, and video communication-with QoS guarantees-between corporate locations. Service providers can offer affordable VPN services to business customers with a wide range of access technologies and speeds to optimize the unique requirements for small, medium, and large sites. Service providers can offer VPN services with managed CPE options by deploying the Cisco site-to-site MPLS VPN solutions. The Cisco site-to-site MPLS VPN solution provides a foundation for additional value-added services such as IP telephony, managed security, hosted applications, e-commerce, and content delivery.
Figure 2
Cisco Layer 3 Site-to-Site VPN Solution
Cisco Network-Based IPSec VPNs
The Cisco Network-Based IPSec VPN solution (see Figure 3) provides centrally managed, end-to-end, secure VPN connectivity and enables service providers to expand their VPN portfolio to businesses of all sizes with secure on-net and off-net remote access and remote site-to-site services. Service providers can take advantage of this Cisco solution to evolve an efficient network-based architecture as a foundation to enable new services, maintain long-term competitive advantages, and progressively increase return on investment (ROI) and reduce operating expenses.
The Cisco Network-Based IPSec VPN solution generates incremental revenue by enabling a more comprehensive bundle of secure VPN services for enterprise, and small and medium-sized business customers. Simultaneously, this Cisco solution helps service providers cost effectively broaden their service portfolio and securely connect users outside the service area, including teleworkers, mobile workers, remote sites, and business partners.
Figure 3
A Cisco Network-Based IPSec VPN
Cisco Site-to-Site CPE-Based IPSec VPN Solutions
The Cisco Site-to-Site CPE-based IPSec VPN architecture (see Figure 4) can be immediately deployed to connect customer branch offices to enterprise networks using IPSec-based VPN tunnels-either over the Internet or over the service provider's core network. Cisco offers a broad set of platforms for the customer premises, with optional hardware accelerators to improve encryption performance and carrier-class management via Cisco IP Solution Center. This scalable solution is applicable for deployment at data centers, corporate offices, regional offices, remote offices, and small office/home office (SOHO) locations. The result is a transparent, end-to-end IPSec VPN service that is tied together cohesively with integrated management.
This Cisco solution provides:
• Improved time to market-Centralized provisioning means that services can be rapidly turned on
• Reduced operational costs-Network and service management processes are centralized
• Reduced total cost of ownership-Avoid custom management solutions and take advantage of Cisco integrated management with this solution in a standalone mode or integrated with a service provider's existing OSS environment
• Consistency and simplicity of VPN service management-Manage firewall, VPN, and routing services with one integrated solution, reducing costs and simplifying administration
Figure 4
Cisco Site-to-Site CPE-Based IPSec VPN Solutions
Cisco Remote Access to MPLS VPN Solution
By extending existing MPLS VPN capabilities such as remote access to the last mile over dial, DSL, or cable, service providers can achieve a higher ROI for an existing MPLS core infrastructure. Once remote access MPLS VPNs (see Figure 5) are in place, the service provider can offer incremental VPN services to remote access VPN customers, including multimedia applications, content delivery, packet telephony, e-commerce, and application hosting. With a strong MPLS-based VPN portfolio, a service provider can meet a customer's total needs, differentiate itself in the marketplace, generate new revenue streams, and strengthen customer loyalty.
Figure 5
A Remote Access-to-MPLS VPN Solution
Cisco Layer 2 Site-to-Site VPN Solution
The Cisco Layer 2 Site-to-Site VPN solution (see Figure 6) supports two distinct architectures-Any Transport over MPLS (AToM) and Layer 2 Tunneling Protocol version 3 (L2TPv3)-both forward Layer 2 frames across a service provider network. Cisco Layer 2 VPN solutions enable service providers to converge their Layer 2 services on an IP- or MPLS-based infrastructure and support any access over a single, converged network. With the Cisco Layer 2 VPN solution and management tools, service providers can leverage and maximize their investment in IP or MPLS infrastructures to tap into the lucrative Layer 2 access market and position themselves to enter emerging markets with new services, such as transparent LAN service (TLS) and virtual leased lines. Service providers can offer "virtual" Frame Relay, ATM, and Ethernet services over the same core network as their other IP/MPLS services, gaining economies of scale.
The Cisco Powered Network Program was created as a means for Cisco to bring its resources and knowledge of network-driven business applications to qualifying service providers. The program has many elements, and Cisco is uniquely positioned to help you broaden your managed VPN service portfolio and create new revenue opportunities. Our knowledge of network-driven business applications can help you:
• Create new services-Cisco can help you envision and define services
• Build services-Providers can take advantage of Cisco assistance for building a new service into your network and your existing operations
• Market and sell services-Cisco programs include sales force training and co-marketing with a service provider
• Generate demand-Build on Cisco managed-services marketing activities with enterprises, SMBs, and partners to drive demand for your services
The Cisco Powered Network Program demonstrates the Cisco commitment to your success. The program gives you a way to reinforce the quality and security of your networks built end to end with Cisco equipment and differentiate the value of your service offerings. Providers that achieve Cisco Powered Network designation benefit from joint sales and marketing activities and from an inside track to Cisco technical networking expertise and training.
As a leading supplier of world-class products and solutions, Cisco is the best partner you can choose to make sure you capitalize on the IP VPN opportunity.
IN STEP WITH TOMORROW
With superior Cisco technology and management solutions as the foundation, you can be confident that your VPN offerings will provide the most advanced and robust business communications solutions available for today's market. The future belongs to service providers that can furnish customers with turnkey solutions for all of their communications needs.
Cisco.com offers a wealth of information about Cisco VPN solutions. You may want to view the introductory tour about the Cisco managed services offerings: http://www.cisco.com/go/managedservicesetour
