Overview of Nortels Enterprise IP VPN Business Solution
Overview of Nortel’s Enterprise IP VPN Business Solution Jose Flores October 2 nd, 2001
IPVPN Technology Fundamentals 1
What’s a VPN? A Virtual Private Network Is the Emulation of a Private Network Over a Shared Infrastructure Business Partner Service Provider Network Corporate Headquarters Internet Remote Office Mobile Access 2 Telecommuter & Home Office Regional Office Presentation name - 2
VPN Basic Terminology • L 2 TP (L 2 Tunneling Protocols) … used commonly in “Network based” VPNs – Provides basic connectivity at L 2 – Well suited for dialup … does not always provide security – Transparent to end users – built into Windows desktop • IPSec (IP Security) … used commonly in “CPE based” VPNs – Provides tunneling/encryption/authentication framework for IP – Gives best security for non trusted networks – Site and RAS – Leverages reach of the Internet • MPLS (Multi-Protocol Label Switching) – – 3 Enables IP to be more deterministic like ATM Provides a tunneling mechanism Label Switched Paths (LSPs) are like VCs Enables traffic engineering & QOS Can be used in conjunction with IPSec on access Presentation name - 3
IP VPN Applications Business Partner Service Provider Network Corporate Headquarters Internet Remote Office Mobile Access Telecommuter & Home Office Remote Access VPN • Client to Site Services • Secure, scalable, access from client software • Leverage new low-cost, high-speed consumer access (DSL, Cable) • Cost savings over toll-free numbers 4 Extranet VPN • Private or Public access to business partners • Dedicated access (on-net or off-net) • Proper level of authorized access (firewall) • Supports private addressing (NAT) Regional Office Site-to-Site VPN • Low cost site connectivity with IPSec security option • Routed connection for any-to-any connectivity • Cost savings over traditional leased-line or frame relay • Optional Internet access on single connection Presentation name - 4
Revolution at the Premise Expanding our leadership in IP Services for the CPE From VPN appliance… Branch Internet …to integrated, secure IP services switch Router Firewall Client Contivity Enterprise trend WAN From separate devices for separate functions… (tunneling, encryption, authentication, routing, WANs and firewalls) 5 WAN Branch Internet … to integrated security, IP services and Internet access! Presentation name - 5
IP Services CPE Market Opportunity Equipment Market ($ Millions) Emerging/Converging Market – Growing at expense of traditional dedicated CPE devices (firewalls, routers etc …) 6 Presentation name - 6
Traditional Enterprise Data Communication Network Enterprise Intranet Remote Access Modem Banks PSTN Dial “ 1 -800 -4 -Access” T 1/E 1 Directories Firewall Private WAN Lease Line/FR Router Branch EDI Router Internet Application Servers Web Servers • Costly RAS Dial-in network (1 -800, ISDN, LD) – Access Technology Restrictions >56 K – what about broadband? • Costly dedicated Private Line or Frame Services • Very difficult to manage -Complex and disparate networks • Lack of Access Flexibility and Network Scalability 7 Presentation name - 7
VPN’s Provide an Excellent Alternative Enterprise Intranet Supplier CES 600 Internet Directories Partner CES 4500 • IPRouting • VPN/Security • Firewalling Application Servers • Reduced TCO Dial-in User Home User DSL/Cable CES 2600 Branch Office • Simplified Management- Ubiquitous Infrastructure • Highly Secure • Strategic (IP based) • Enterprise Driven or Provider Offered 8 Presentation name - 8
Key Factors Driving IPVPN Service in the Enterprise… Enterprise Customer • Financial Pressures – High Cost and Inflexibility of Leased Lines – Access to Greater Infrastructure Value at Lower Costs • Customer (& Employee) Pressures – Globalization - Decentralization and the rise of a Dispersed and Mobile Workforce – The Need to Access Emerging IP Services and Applications – B 2 B E-Commerce • Competition Pressures – Globalization and the Availability of Technologies for Increased Efficiencies • Operational Pressures – The Growing Need for Security, Performance, Agility, and Efficiency – Greater Need for Outsourcing to Focus on Core Business – Web-Enabled Internal Processes for Bottom Line Savings • Business Partners’ Pressures – Secure the Internet to Connect Sites, Partners, and Suppliers • Suppliers’ Pressures – Vendor decisions are made or being made now! Presentation name - 9
Who benefits from VPNs • Any organization with remote access requirements: – – Virtual Workplace applications (Telecommuters/SOHO) Mobile, widely dispersed personnel Outsourcing/out tasking initiatives (SI’s, Consultants, Contractors) Compelling economics at 20 hours per month per user of dial access • Any organization with multiple sites/locations • Any organization implementing: – ERP/Supply Chain Management/E-Procurement Systems – E-Commerce Applications – Business/Interagency Collaboration programs Any organization which needs to securely extend access to its network 10 Presentation name - 10
Key Enterprise Business Initiatives Critical Success Factors of Alternative Networks Example 1 Example 2 Business Drivers • High Cost and inflexibility of Leased Lines • Globalization and a Dispersed Workforce Business Initiatives Explore More Cost. Effective Alternatives to Existing WAN Infrastructure Explore Flexible Alternatives that can support a mobile workforce and real-time access to suppliers • Must Leverage existing Investment • Must be Agile, Dynamic, & Scalable Critical Success Factors • B 2 B e-commerce • Must Support Seamless • Must Support Access Flexibility and Scalability Access to Suppliers There are Many More- Customize CSF’s to Your Customer’s Business Drivers! 11 Presentation name - 11
Compelling Events Revenue and Productivity Opportunities: • By 2001, 85% of Corporations will use Remote Access • Enhanced productivity stems from telecommuters working longer hours and successfully juggling personal and professional demands while at home -often decreasing overall absenteeism. –Source: IDC • e. Business activity is expected to reach $1. 3 trillion by 2003 – As businesses increase their dependence on Corporate B 2 B Networks- VPNs will be the predominant networking technology Cost-Saving Opportunities: • IPVPNs can provide savings of 30 -80% over Traditional Private WANs – See Cost Savings Example Major Events: Political / Environmental Factors • • 12 Federal Regulation: Environment and Employee Tax Benefits State Regulation: Telework Programs and Business Tax Credits Security Concerns HIPAA Targeting IPVPN Value to Your Customer’s Drivers Presentation name - 12
Value Statement IPVPN Market Value Statements Targeted to your Audience: L 1, L 2, L 3 • Features/Benefits – Level 1 (Operations) – Common IP Services Framework that offers integrated VPN, Firewall and Routing Services – Deploys Seamlessly in a Heterogeneous, Multi-Vendor Environment – Internet VPN Connectivity for RAS employee and e-Business/partner access – IP VPN Branch Connectivity as a private line or frame relay replacement – Turning up policy / security as needed across the Enterprise – Comprehensive IP Routing Services – RIP, OSPF, QOS, NAT, DHCP and LDAP 13 Presentation name - 13
Value Statement IPVPN Market Value Statements (con’t) Targeted to your Audience: L 1, L 2, L 3 • Solutions to Problem – Level 2 -(Management) – IP VPN Provides a Migration Strategy for Implementing a More Integrated, Efficient, and Intelligent Network – IP VPN Branch Connectivity as a private line or frame relay replacement – Service delivery shortened from months to minutes – Ensures higher productivity through equal and consistent access for all employees 14 Presentation name - 14
Value Statement IPVPN Market Value Statements (con’t) Targeted to your Audience: L 1, L 2, L 3 • Value – Level 3 (CXO) – 30%-80% lower cost to traditional private networking models (customize to customer) – Supports services outsourcing trend through partner extranet VPNs – Improve business practices by encouraging connections to suppliers and customers – Enabling connectivity while insuring a high level of security 15 Presentation name - 15
VPN Qualification Questions for the Enterprise How is your organization doing Remote Access today … what are you spending monthly? Dial-up, ISDN, 1 -800, Long Distance - - $1, 000 - $10, 000’s of dollars Would you like to begin exploiting broadband technologies like Cable and DSL to make your remote employees more productive? VPNs can make this happen and provide bullet proof security over the Internet What is your strategy for connecting remote offices and partners to your network? IP VPNs can provide this connectivity in minutes at very little expense Did you know that IP VPNs offer a great alternative to Private Lines and Frame? Many companies are beginning to migrate to a ubiquitous low cost VPN How are you addressing security in your network? Do you have a Security Policy? VPNs provide a centralized policy enforcement point for your security policy 16 Presentation name - 16
Annual VPN Remote Access Savings Example: VPN Savings = $1, 800, 000 Traditional Remote Access $3, 000 Internet Remote Access $1, 200, 000 Remote user population: 2, 000 T 1 lines Routers, servers Phone, ISP charges Equip Mgt and User support $48, 000 $208, 000 $2, 100, 000 $68, 400 $44, 800 $1, 080, 000 $0 Tele. Choice, Inc. - Source Forrester Research ROI Calculation Tool is an Excellent Resource: http: //www. nortelnetworks. com/products/01/contivity/vpn_calculator. html 17 Presentation name - 17
Contivity IPVPN Solution Composition • • 18 Solution Description - Capabilities Application Examples Contivity Customers VPN Channel Partner Value Presentation name - 18
Nortel’s Solution – IP Service Appliance • Start with an architecture designed for a specific function – Leverage highest performance hardware • Integrate all necessary functions and technologies – Firewall/ NAT – Tunneling – Data encryption – Authentication – Directory Services (LDAP) – WAN Services – IP Routing • Compliments existing infrastructure 19 Presentation name - 19
Contivity Product Family The Ultimate in Scalability & Price Contivity VPN Switch 4500 5, 000 tunnels Priced from >$995 to $50, 000 Contivity VPN Switch 2600 1, 000 tunnels Contivity VPN Switch 15 xx 100 tunnels Contivity VPN Switch 600 Contivity IPSEC Client 30 tunnels Contivity VPN Switch 100 5 tunnels 20 • Hooked into MS DUN • One Click dial/tunnel connection • Global Roaming Support • Supports Split-tunneling • Server Side Control - Profiles • Support Personal Firewall The popular choice • Easy to use • Fully featured • Proven stability • Mature • Free Presentation name - 20
Contivity Stateful Firewall Services Toolkit Queuing • Single vendor, single box solution – – Firewalling VPN, Firewall, NAT, Routing, WAN, QOS & Policies Nortel built firewall Important for responding to new security advisories Enables Nortel to access third party applications Accounting Policing Encryption Diff-Serv • Unified Nortel Firewall VPNs – X-LOB initiative with unified Framework Security 21 Traffic Management Accounting Shaping VPN Traffic Shaping Presentation name - 21
Contivity VPN Solution Enabling connectivity & insuring security - Internet VPN Connectivity for RAS employee and e-Business/partner access - IP VPN Branch Connectivity as a private line or frame relay replacement - Turning up policy / security as needed across the Enterprise - Local Area & Optical Metro - Comprehensive IP Routing Services – RIP, OSPF, QOS, NAT, DHCP and LDAP BPS 2000 Secure Apps Internet RAS, Business Partner, Branch VPN Nortel Secure IPSEC Client for employees, partners Internet Router or Contivity Passport Contivity Partner Passport Branch Site Metro Branch 22 Secure Servers/Apps Metro Optical MAN RPR/DWDM/TDM 10/100/Gigabit Contivity HA Contivity Rack • IPSEC encryption (VPN) • Authentication • IP Firewalling • IP Routing Services Alteon Secure Servers/Apps End-to-End IPSEC Security Presentation name - 22
Contivity as an e-Business Enabler Secure Hosting Services RAS IPSEC Connections Remote Partners, Customers and Employees i 2 Ariba Nortel Secure IPSEC Client for Internet Data Center Dial, Broadband, Wireless VPN access B 2 B Hosting Site Contivity Alteon/8600’s SSL for B 2 C Nortel Hitachi Contivity IPSEC ESP/AH 128 bit VPN for IP BB Contivity VPN Switches Server Farm Contivity • Provides secure, private connectivity between remote locations and the content of the servers in the hosting centers • VPN B 2 B Hosting offering based on IPSec • Cost-effective VPN access for Hosted Applications & Administrative Access 23 Internet Routers i 2 Trade Matrix Policy Servers • Firewalling • Authentication • Access • LDAP/PKI Ariba Dynamic Trade IBM Web. Sphere Presentation name - 23
Wireless (VPN) Security Services Wireless Boom in Tech Helps Hackers, Too “With a fin-shaped antenna and a laptop computer, Peter Shipley has tapped into thousands of databases operated by some of the biggest technology companies in the world, all while sitting in his car. ” Transmission The Atlanta Journal-Constitution The wireless boom coupled with it’s inherent lack of security presents a tremendous VPN/Security opportunity for Contivity currently adds value with several types of wireless applications/deployments Wireless PDAs • Providing VPN/Security for 802. 11 wireless LAN deployments • Providing VPN/Security for wireless PDA’s (Windows CE and Palm) – Certicom 3 rd Party 802. 11 • Providing VPN/Security for wireless PC communications • Contivity provides a common VPN framework across both wireless and wireline 24 CDMA/TDMA or GSM NIC or Cell Phone Presentation name - 24
Contivity – Nortel’s IP Services CPE 3 rd. Party Relationships Integrated Routing * * * RIP v 2 OSPF VRRP Failover BGP 4 Frame Relay ATM Preside/Optivity Net. ID BSAC Policy Management Qo. S/DEN/BWM Interoperability with other Nortel Applications * * * Entrust Verisign MS Intel ISS Hi. Fn * Netscape * i. Pass * Network Ice * RSA * Certicom * Microsoft Contivity * Passport * Bay. Rs * PP 8600 * Shasta * Alteon * Optical *Cisco *Lucent *Checkpoint *Clients * Wireless Unified Management Integrated Firewall * Packet Filter * Stateful Inspection * Proxy * * * * * Qo. S/BWM/SLA Authentication VDPN B -to- B Firewall Security Vo. IP Frame Relay ATM IP/WAN Services Interoperability with Nortel/Other Products 25 Presentation name - 25
Enterprise installed base accounts • Alltel Communications Products Inc. • Alstom Power Inc. • American General Finance • Bear Stearns • Becton, Dickinson and Company Inc. • Bertelsmann Media Systems • Cable and Wireless HKT CSL Ltd. • Campbell Soup Company • Charles Schwab Corporation • Chubb Computer Services Inc. • Cigna 26 • Citicorp • Comdisco, Inc. • Computer Sciences Corporation • CVS Corporation • Dayton Hudson Corporation • Deere and Company • Diageo • Duke Energy - IM Bus. Connect • Estee Lauder Inc. • Gateway 2000 Inc. • Intel K K • • • Kmart Corporation LG International America Inc. NCR Prudential Insurance Safeco Insurance Company Solectron Corporation Starwood Hotels and Resorts Trust Sunlife Of Canada Times Mirror Magazines Inc. Verizon Wireless Xerox Presentation name - 26
VPN, Service and Partners • Contivity provides tremendous value added services potential for our partners – IP/Frame/VPN Network Assessment Services and Network Design – Global Network Deployment, Break/Fix and Technical Support – Customer Support/Help Desk 7 x 24 x 365 – Network Monitoring & Problem Management (VPN, Firewall) – Configuration, Change and Security Management – Professional Services • Security/Firewall Policy, Authentication, LDAP, Radius, PKI, DHCP/DNS Directories, Routing, Remotes Access, 800 & Private Line Migration • Partners can increase their revenue by 5: 1 by selling their services with a Contivity sale 27 Presentation name - 27
Unique Business Value • Business Case Summary • Value Statements • Competition • Key Differentiating Factors 28 Presentation name - 28
Enterprise IPVPN High-Level Business Case Example HQ Partners/Vendors Customer: Major US Investment Bank Business Objective: Internet Integrate dispersed workforce (brokers), partners and business customers into value chain through online secure access to internal corporate systems Business Drivers Performance and Security: Informationbased Financial products demand tightly integrated online distribution and service channels without compromising security Agility and Efficiency: High cost and inflexibility of leased lines/Toll Free numbers Solution: Nortel’s Contivity solutions Value: Enhanced remote access flexibility for over 10, 000 business customers and employees by deploying Contivity extranet solution – with a payback in less than six months 29 Branch Office Mobile User Business Customers VPN Business Case: City Distance NY - Chicago 807 Chicago - Denver 1023 Denver - LA 1026 LA - Dallas 1450 Dallas - Miami 1322 Miami - NY 1346 Chicago - Dallas 937 Total per Month T 1 Fees FR Fees VPN Fee $52, 220 $3, 753 $1, 900 $60, 020 $3, 753 $1, 900 $65, 360 $3, 753 $1, 900 $90, 800 $3, 753 $1, 900 $83, 120 $3, 753 $1, 900 $84, 560 $3, 753 $1, 900 $60, 020 $501, 260 $22, 518 $11, 400 Significant cost savings with Nortel’s VPN solutions. … Presentation name - 29
The IPVPN Value Proposition Customize This Format to Support Your Proposals… Product / Solution Statements Enterprise IPVPN Value Proposition Source Audience 30 Feature Benefit The Contivity Product Family provides support for the widest variety of tunneling (L 2 TP, PPTP, IPSec, L 2 F), authentication (hard and soft tokens, Radius, X. 509, internal/external LDAP, NT domain) and security standards (DES, 3 DES, RC 4) in the industry; and offers Role-Based Management via the Web. Integrates all necessary functions and technologies: PLM User Firewall, Tunneling, Data encryption, Authentication, Directory Services (LDAP), Data compression, IP Routing, and Management Value Statement Value Proposition Businesses can now support their full range of Network Needs while: Migrating to a Contivity IPVPN Solution can Provide: 30%-80% Lower Cost compared to Traditional Private Networking Models Reducing Monthly Support for Managed Charges Services Outsourcing Trend Eliminating Improved Business Modem Banks Practices by Encouraging and Remote Connections to Suppliers Access Server and Customers Software Access to Global Simplifying Connectivity while insuring Network Absolute Security Management Product / Solution Marketing Account Marketing / Sales Influencer Decision Maker Presentation name - 30
Enterprise VPN Sales Strategy: Fragment: Niche, then Flanking: Acknowledge & Expand 3. Extending Beyond Core Solution Firewall 2. Augmenting the Customer’s Core Solution Site to Site • Low cost site connectivity with IPSec security option • Routed connection for any-toany connectivity • Cost savings over traditional leased-line or frame relay • Optional Internet access on single connection Extranet Services • Private or Public access to business partners • Dedicated access (on-net or off-net) • Proper level of authorized access (firewall) • Supports private addressing 31 Extended Augmented Core Solution • Absolute Network Security Professional Services • Management of Security Functions • Full Network Security Evaluation 1. Identify Your Customer’s Core Solution: Remote Access Services • Client to Site Services • Secure, scalable, access from client software • Leverage new low-cost, high-speed consumer access (DSL, Cable) • Cost savings over toll-free numbers Presentation name - 31
Cisco VPN Competitive Competitors SALES STRATEGY: Frontal on Solution Contivity provides a superior VPN solution – solve the customers VPN solution first , then sell them all the IP Services they want … Routing, Firewalling, QOS, WAN Services etc … • IOS Routers - 800, 1700, 2600, 3600 for branch offices and small companies, 7100 for central sites … Adding CPU intensive firewall and VPN functionality to inherently weak routers requires extensive upgrading of processing, memory and software images, which is neither inexpensive nor trivial. • Cisco 3000 - main Enterprise RAS solution, due to limited site-to-site capabilities, no integrated firewall, no Qo. S, and no small branch office device • Cisco 5000 - RAS solution for service providers or very large enterprises due to high capacity/high price, minimal downward scalability (no small or medium branch office device), no integrated firewall, and no Qo. S • PIX - poor price/performance compared to Contivity at low end - PIX 506 vs. CES 400 / PIX 515 vs. CES 600 … Needed encryption card is EXPENSIVE ($ 7, 500) vs. $2 K for Contivity • IPSEC RAS Client – currently trying to consolidate 3 disparate IPSEC clients (Altiga, Compatible, IRE) to inter-work across disparate platforms with very limited success 32 Presentation name - 32
Checkpoint / Nokia - Overview Competitors Sales Strategy – Fragment: Peaceful Coexistence. Don’t compete against Checkpoint on the firewall front … Make VPN a separate issue to solve 1 st – Contivity can solve this the best and co-exist with Checkpoint providing internet FW services … Start with RAS and evolve to Site-Site VPN solutions where a VPN CPE device is needed (SOHO, WAN I/O, Routing, and Security Services) Sales Strategy – Flanking: Acknowledge and Expand. Position an Alteon/Contivity design for customers who require extreme VPN High Availability, Performance and Load Balancing … Nokia has made attempts to make this the biggest single issue with many customers … Contivity combined with Alteon provides a superior solution with much broader e-business applications (servers, content ect …) • Nokia – makes great wireless phones – not such a great IP Datacom equipment OEM • Checkpoint – good firewall company … attempting to parlay FW-1 installed based to VPN-1 … Checkpoint makes software only - looks to partner with any hardware vendor to license their FW-1/VPN-1 (e. g. , Compaq) • Their combined solution is a bolted together disjointed non-dedicated VPN offering • Key knock-offs include; IPSec only, limited function and buggy IPSEC client, cumbersome installation and licensing, slow performance, multiple management interfaces that cause 33 confusion, and terrible technical support Presentation name - 33
Nortel Contivity VPN Competitive Matrix Nortel Contivity Cisco 3000 Cisco IOS Nokia/Checkpoint Robust IPSEC Client YES NO NO NO Integrated Firewall YES 2 nd box needed 2 Vendor Solution 100 Mbps 85 Mbps 10 Mbps 45 Mbps Robust PKI Support YES NO NO Fair LDAP Directory Services YES NO NO YES Product Breadth Excellent No Low end Disjointed Multi-Vendor Ease of use /Management Excellent Fair Disjointed FIPS Certified YES NO NO NO ICSA Certified YES NO NO YES Overall Security Integrity Excellent Suspect Low High 3 DES Throughput Overall Cost 34 Presentation name - 34
Contivity Address the Enterprises Evolution Globalization and hyper-competitive markets Decentralization and the rise of telecommuting and mobile workers The increasing ubiquity of IP in the network Web-enabled internal processes for bottom line savings Growing desire to outsource and focus on the core business More infrastructure value for less expense 35 Presentation name - 35
What makes Contivity Better? Industry Leadership - Contivity is a best of breed VPN appliance that is currently deployed over ½ of the Fortune 500 and offered as a lead VPN solution by virtually all the worlds Service Providers. All-in-one IP Services CPE Solution – Contivity is the first purpose built IP Services appliance to offer VPN capabilities, Stateful Firewalling, LDAP Directory Services and robust IP Routing/WAN/QOS services in a tightly integrated/managed and low cost platform for enterprise CPE deployment. Lowest Cost of Ownership – Contivity’s IP Services capabilities allow customers to “turn-up” IP services (VPN, Firewall, Routing/QOS) as they are needed. Performance and Scalability - Contivity provides high encryption, routing and compression with add on upgradeable hardware acceleration allowing for the highest levels of performance and scalability with excellent user response times. Many of our customers are supporting in excess of 50 -100 K VPN users/tunnels. IPSEC Client Maturity and Reliability - With over 35 million clients deployed globally our customers can feel confident that the Contivity IPSEC client will work flawlessly when deployed in their specific VPN application. Our client offers the following: Ease of Use – Little or no user intervention is required. Advanced security features – Centralized client security policies prevent flexible security. A true “Unified” IPSEC Client - The industry’s ACKNOWLEDGED VPN leader with the broadest client support providing a common user/subscriber experience across many platforms. 36 Presentation name - 36
- Slides: 38