As a real estate company, Old Republic Title knows a thing or two about moving. But IS Manager Robert Matanane acknowledges that the company's move from a dial-up modem-based network to a virtual private network (VPN) has had its share of surprises.
For example, the firm has had to rely on more site visits from its hardware suppliers than anticipated. And some of Old Republic's assumptions about ease of use for end users have proven to be overly optimistic.
But overall, Matanane says the VPN is a vast improvement over the company's dial-up WAN in terms of speed, security and flexibility. And the company, which uses its network to exchange documents and other data, has already used the VPN to close transactions in the U.S. and abroad.
Before the VPN, Old Republic offices in Arizona, California, Hawaii, Nevada and Washington about once per hour dialed out to a hub site in their respective states to dump accounting data from real estate transactions. Those hub sites would then dial the Santa Clara, Calif., office to transfer the data to a Windows NT server.
But this network proved difficult to maintain and keep secure.
"I don't want modems on the network for security reasons,"Matanane says. "I want to be able to authenticate and shore up one pipe rather than have to deal with many different holes in the network."
Old Republic decided to link the regional hubs to the Santa Clara site via a VPN comprising secure links over the Internet. The company also upgraded connections into the state hubs from dial-up to 128K bit/sec frame relay.
The Internet acts as the VPN's backbone and costs less than half as much as the alternative Matanane considered -- interstate T-1 frame relay.
To prepare for the frame relay circuits that feed into the hub sites, Old Republic replaced NT remote access servers at the five state hub sites with 3Com Netbuilder II routers.
Matanane then installed a 3Com Pathbuilder 500 VPN tunnel switch in Santa Clara to terminate the Internet connections from the hub sites.
Those sessions are secured using encryption and packet encapsulation via point-to-point tunneling protocol (PPTP). Similar secure tunnels are used by about 40 Old Republic employees who want to access the corporate network from home.
Before buying the tunnel switch, Old Republic considered VPN gear from Cisco and Cabletron, but opted to go with 3Com because the firm's IS staff was familiar with 3Com gear.
Matanane says the documentation for the tunnel switch was a little thin, so Old Republic has relied heavily on 3Com technicians to set up the VPN. "It definitely helps to have someone who has actually done this before," he says.
While the VPN has provided benefits for the company, Matanane acknowledges that some of his expectations for the VPN were unrealistic.
For instance, he thought that when a user logged on to the tunnel server, that user authentication could be extended to corporate LANs. But it turns out that the remote user must utilize a separate user name and password to reach a corporate LAN.
Another surprise was that if, for some reason, the tunnel switch goes down and needs to be rebooted, a network manager also has to reboot the routers at the hub sites before they can re-establish links to the switch.
However, with an uninterruptible power supply backing up the switch, Matanane expects this will not be a big problem.
In addition to connecting the hub sites to headquarters, the VPN supports e-mail for 1,700 Old Republic workers wwho never had it before.
An added benefit of the new network is the possibility of using surplus capacity on the frame relay links to carry voice traffic within states.
The lines from satellite offices to the hub sites run at only 128K bit/sec today but could handle up to 1.5M bit/sec.
Old Republic is also considering access methods for home users that are faster than dial-up. These might include digital subscriber line technology and cable modems.
For now, the Internet offers fast enough service across the VPN backbone, Matanane says. He figures the Internet will mature and get faster to support Old Republic's network demands as they increase.