Automakers look to strengthen struggling VPN –

DETROIT -- For a year now, the Automotive Network Exchange (ANX) has been the U.S. auto industry's high-security IP network for sharing data among trading partners. But now the ANX is starting to open its doors to the insurance and steel industries as well.

The ANX is also reaching out to overseas companies, including Toyota, which just joined the network. New network installations are also planned in Europe, Japan and Latin America.

The Big Three car companies -- General Motors, Ford and Chrysler (now DaimlerChrysler) -- originally built the ANX with their trade association, the Automotive Industry Action Group (AIAG), to secure data communications within the busy Detroit/ Windsor car manufacturing zone. These organizations are now looking to expand their electronic commerce circle and bring more network users into the ANX, which is losing money and struggling to bring down costs.

"We believe ANX is entering a new era of acceptance . . . with new capabilities," Ford's ANX development leader, Dennis Kirchoff, recently told the thousands of auto suppliers attending the AutoTech show in Detroit. "We claim ANX is an open virtual private network, while most VPNs you learn about are proprietary. But ANX needs to grow by penetrating other industries."

The ANX has a lot of things going for it to entice new participants. However, the network still needs to overcome some problems, including high prices and a lack of interoperability among security technologies.

The managed 56K bit/sec to T-3 IP links for the ANX are provided exclusively by a set of Certified Service Providers (CSP) - EDS, AT&T, MCI WorldCom, BCE Emergis and Ameritech. Frontier Technologies appears set to join their ranks soon. These CSPs must meet technical requirements enforced by the ANX's official overseer, Telcordia Technologies (formerly Bellcore).

Auto suppliers that want to use the VPN have to install ANX-approved IP Security (IPSec) firewalls, gateways or routers for authentication and encryption. Because of the difficulty in getting IPSec-based equipment to work together, the ANX has limited users to security products from Axent, Check Point, Cisco, Radguard and TimeStep, says Karl Schohl, AIAG's network manager.

"We're still having interoperability problems, so we're choosing IPSec equipment that the CSPs use," Schohl says. This way, ANX users can opt to have CSPs offer IPSec as an encryption service if users can't manage the equipment themselves.

The AIAG's original plan called for ANX users to have digital certificates for gateway and client-side authentication. But ANX-approved equipment still can't reliably swap digital certificates from Entrust, the sole vendor chosen. So ANX users -- there are now 200 of them -- have to manually input long text strings called 'shared secrets' instead of using digital certificates.

Without digital certificates, it will be even more difficult for the network to support the more than 10,000 suppliers to the Big Three auto makers.

The Big Three want the ANX to replace value-added networks currently used for electronic data interchange (EDI) and private links used for mainframe and CAD/CAM transfer.

GM executive Grenell Jones ssays his company is calling up suppliers that make use of certain types of CAD/CAM and requiring them to use the ANX. In addition, GM will test EDI applications on the ANX later this fall.

Ford is planning a similar EDI migration to the ANX.

The Big Three have also issued a joint letter to 300 suppliers requesting that they each do a price evaluation to compare costs of maintaining multiple network links vs. going with the ANX. Suppliers have traditionally been obligated to do what the Big Three want.

The problem is, ANX services still cost two to three times what Internet-based ones cost, and Telcordia charges ANX users an additional 10% fee each year. "We are working with the CSPs to try and bring down costs," acknowledges Terry Schade, DaimlerChrysler's ANX project manager.

According to several sources, Ideal Technologies of Royal Oak, Mich., will soon be ANX-certified to offer a 56K bit/sec Internet dial-up service. But even this service will cost $140 per month, far more than the typical IP service costs. Ideal's founders, brothers Mike and Robert Skinner, say their service will require users to have IRE Corp.'s IPSec client and the VeriSign digital certificate to authenticate and encrypt ANX traffic.

While ANX users say such a dial-up service is needed, one current ANX user with an IPSec gateway expresses exasperation. The VeriSign certificates are going to raise yet more interoperability issues for the ANX, which can't get the Entrust certificate situation straightened out, says the user, who requested anonymity.

But AIAG is under pressure to get more users on the ANX. As a result, AIAG has handed the ANX management reins to Telcordia's parent company, SAIC. According to SAIC official Tracy Trent, the company snagged the deal by agreeing to donate technical expertise and money toward making the ANX work on a global scale. While SAIC will be on the hot seat, the company should be in a good position take advantage of new business opportunities if the ANX catches on.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon