Extranets and VPNs: enabling e-commerce

Last week, we looked at how the intranet could transform business. But what if you want to give somebody (say, a vendor) acces to your intranet ? Wouldn't that defeat the entire idea of an intranet by introducing security holes in your model ?

Not really. It is possible to securely give access to outsiders (that is, people not physically on your local network) and, in fact, an arrangement of this nature is sometimes referred to as an extranet.

Extranets use existing TCP/IP internetworking and connectivity technologies, combined with distributed computing technologies, to foster secure interorganisational communication through the open, global Internet.

The key technologies that make extranets viable offer nothing new except the way they're put together: strong authentication and strong cryptography (see the cryptography article in the infotech page on August 24, 1998), the deployment of virtual private networks (VPNs), and the use of distributed-computing architectures and special-purpose products that permit electronic commerce on top of the extranet infrastructure.

So what's a Virtual Private Network ? A VPN gives users a secure way to access corporate network resources over the internet or other public or private networks. Thus, it gives you the opportunity to open up information and systems on your intranet to outsiders without putting confidential data and mission-critical applications at risk.

How it works - the Elements of the VPN :

* Encryption
* Authentication
* Tunneling

To put it in simpler terms, a VPN works by creating a private stream of data ( a second, "virtual", connection hidden inside the first -- this is called "tunneling" ) over, say, a regular dialup internet connection, and securing it by means of encryption and authentication. It can be readily seen that this offers compelling advantages to corporates who had perhaps been discouraged by the high cost of a dedicated network link.

Security comes in the form of standards-based authentication, encryption, and digital signatures. Many vendors are also adopting the Internet Engineering Task Force's (IETF's) Secure IP (IPSEC) standard for virtual private networking. IPSEC is expected to allow interoperable VPNs by giving VPNs standard tunneling, encryption, and public-key-certification technology.

Usage of VPNs

* Replaces traditional dialup connections for remote users and telecommuters
* Connects LANs in different sites instead of using PSTN or leased lines
* Gives customers, clients and consultants secure access to corporate resources

VPN products encrypt and authenticate traffic among networks and between individuals and remote networks. Formerly a specialty product often bundled into firewalls, VPN capabilities are now available wrapped inside products as mainstream as Compaq's remote-access concentrators, Intel's routers, and Microsoft's Windows 95 / 98.

Why VPNs ?

* Save telecom costs by using the internet to carry traffic (instead of long distance)
* Save telecom costs by reducing number of access lines into a corporate site
* Save operational costs by outsourcing remote access management to a service provider

One main advantage of an intranet is the fact that the interface remains the same whether the person using it is looking at it from a Windows PC, a Mac, or a Unix workstation. VPNs allow you to build on that advantage by enabling true distributed computing -- putting most of the program logic on the server end and let the client concentrate on interface issues.

As the extranet / VPN infrastructure becomes ubiquitous in corporates, it should drive the growth of electronic commerce. Similarly, from the other side, the rise in companies trying out electronic commerce should increase the number of VPN installations. Such a feedback loop can only be beneficial to the networked economy.

Udhay Shankar N <udhay@pobox.com> is a Random Networking Enthusiast who collects interesting people.