WorldCom is looking to expand its VPN services through a partnership with upstart service vendor SmartPipes, offering enterprise customers a potentially powerful alternative to frame relay as a way to connect corporate offices.
With such a partnership, WorldCom could offer its customers the ability to add and drop business partners and make other VPN changes quickly through a central policy engine based in SmartPipes' network. This offering would be an add-on to the fully meshed, flat-fee, site-to-site VPN services WorldCom already offers called IP VPN Total Access.
The advantage over frame relay and other VPN services is that end users could make VPN changes immediately through a secure Web site, without calling on WorldCom to do anything. With a frame relay network, such changes would take weeks or even months to implement.
Both companies say that for now they are testing the SmartPipes service with WorldCom's, and that they are seeking beta customers. Neither would say when WorldCom will decide whether to add SmartPipes to its service.
SmartPipes' technology lifts the burden of having to configure VPN policy changes device-by-device via command line interfaces, reducing errors and saving valuable staff time. Such individual configuration can amount to a half hour per device, says Dennis Brouwer, a SmartPipes vice president. Because the Policy Engine interface is graphical, it also requires less-skilled technicians than the alternative, he says.
Customers access the engine via a secure Web site and set policies using a browser. Policy changes are translated to configuration commands for each VPN device in the customer network, then downloaded via the VPN.
So far, the Policy Engine supports only Cisco routers and Microsoft Windows 2000 servers. SmartPipes says about 80% of firms have sites equipped with one or the other.
WorldCom's current IP VPN Total Access service calls for Lucent Access Point routers at each corporate site, so a WorldCom service would require Cisco or Microsoft gear, or SmartPipes would have to extend support to Lucent boxes. SmartPipes plans eventually to expand its support to gear made by Lucent and Nortel, but has no target date, Brouwer says. The company also plans to produce a developer's kit for equipment makers so they can customize their VPN equipment to be configured by SmartPipes Policy Engine, he says.
SmartPipes' business model calls for selling its service through ISP partners, as well as directly to firms.
Customers that own Cisco routers and Win 2000 servers and an Internet connection to each site can set up their service by logging their VPN devices into SmartPipes' directories. Alternatively, an ISP selling a SmartPipes service could set up the service for them. The ISP could also ship preconfigured Cisco and Microsoft boxes to customers that don't have that gear.
In addition to making automated policy changes, the service would monitor and maintain the state of routers and send alarms to the ISPs' support centers. SmartPipes also supplies a record of any policy changes.
"They have a very sophisticated Active Directory architecture," says Raymond Keneipp, an analyst with The Burton Group. The directories maintain records of the configurations of thousands of customer devices and any changes customers make to them, he says.
SmartPipes plans to sell its policy automation services through other service providers, although so far WorldCom is the only company to publicly acknowledge interest. According to SmartPipes' model, these partner-providers would then sell the policy automation service to corporations under their brand name, bundled with an Internet access service. Such a service would also bear a "Powered by SmartPipes" logo, Brouwer says.
SmartPipes says it has not determined yet how to charge for its service, but says it will likely be linked to the size of the Internet connection each customer site has -- the larger the pipe, the more the customer pays.
This story, "WorldCom eyes a 'smarter' VPN service " was originally published by Network World.