Buy or Rent

New technology may change the network market

Its the bare shadow of a trend, but a new generation of service-creation switches may convince enterprises to lease equipment from providers, rather than own their own networks.

Control and trust are the watchwords. New software and hardware technology is the driving force.

I-managers wouldnt dream of giving third parties power over security, billing, traffic engineering and quality of service (QOS). But farming out the headaches is tempting: Now in trials are new switches that rest on the public network, but grant control to the enterprises chief information officer.

Service-creation switches provide IP services — from firewalls and storage to instant bandwidth and QOS guarantees — for companies of all sizes.

"IT managers have a tremendous need for visibility and control," says Hugh Kelly, senior vice president of marketing and business development of Celox Networks, one of a handful of companies deploying service- creation switches. "If Im tempted to outsource, I would want to have some mechanism to validate performance."

More Outsourcing

"There is a general slow, but steady, trend toward outsourcing of networks," says Jeff Wilson, co-writer of a recent Infonetics Research survey of 240 IT decisionmakers in the U.S. and Canada. The researchers say spending worldwide on end-user products and services — which might include design, installation and management of virtual private networks (VPNs) and customer premises equipment — will grow 275 percent, from $12.8 billion this year to $48 billion in 2005.

If that trend accelerates, I-managers are going to want "more control over the ongoing functions of the network, although they may not care about owning the physical assets," Kelly says.

Celoxs service switch lets the customer change the settings on the firewall or VPN, as long as the carrier has built some kind of portal to allow such access. Every change or upgrade is connected to the billing system, so extra revenue is captured from the second the service is turned up.

"The customer can look at who is getting how much bandwidth, at the applications that are running and the bill-back," says Vineet Sachdev, product manager of Network Equipment Technologies, commonly called, another of the new generation of aggressive service-creation switch companies. "It lets you have your cake and eat it, too.

"Any information services department will feel very nervous about outsourcing if they have no control. They have their customers to satisfy, from their CEOs to the secretaries, and they cant treat all their customers alike," Sachdev says.

The Yankee Group estimates that spending on network-based VPNs will grow from less than $1 billion this year to $7.5 billion in 2005. But the real money will come from add-on IP services, estimated at $18 billion in 2005.

Challenging the Giants

When telecom was all about voice and the chances of a competitor hearing private conversations was low, few corporations owned their own networks.

With the advent of the data network, there was a rush toward owning your own network, complete with routers, switches and firewalls, to make sure that your own people had control over who could and could not gain access to information.

Now, companies including Celox, CoSine Communications, Ellacoya Networks, and Quarry Technologies are introducing service-creation switches, challenging giants Cisco Systems, Lucent Technologies and Nortel Networks for dominance.

They are learning lessons from the voice world: Incumbent carriers barely make any money on basic local service, but earn nice profits on the little add-ons, such as voice-mail and caller ID.

Every carrier wants to increase its revenue per subscriber. "You cant do that by raising rates on bandwidth, because no ones bandwidth is better than anyone elses," says Zeus Kerravala, a director of The Yankee Group.

The way to increase revenue is to sell services such as e-mail, storage and backup capabilities. "Traffic engineering, antivirus protection, firewall access, Internet access — all that is offered through the carrier network, as opposed to having to manage it all yourself," Kerravala says.

Celoxs network processor inspects every packet for where it is going and what applications it serves. It can give each packet a Multiprotocol Label Switching tag, which eases the job for the other routers and switches in the network that then only have to read the MPLS headers and route the packets in the right direction. It lets the carrier add a lot of services for a very large number of subscribers.

MPLS also lets the service provider offer solid security at the transport level — Layer 2. The end user would need a Layer 3 IP security device only when a packet leaves the VPN to, say, communicate with customers. "The immediate benefit to the service provider is that it is not as complicated," Celoxs Kelly says. has a suite of products that allow the customers to go to Web sites to see what kind of services they are receiving and how much more it will cost them to boost service-level agreements. They can amend rules so that, for example, anyone in the company running Oracle applications gets a certain guaranteed premium experience, but employees running real-time audio in the daytime only get best-effort service.

"IT managers are extremely territorial," says Chris Aronis, Ellacoyas marketing solutions director. "You can offer them a great number of applications, but if they cant feel theyre in control, the likelihood that theyll adopt them is slim."

Ellacoya prequalifies best-of-breed service applications, such as unified messaging, enhanced e-mail and Webconferencing, and offers them from a Web portal. "The service provider makes money on hosting and integration, and on turning over the keys to the enterprise manager," Aronis says. With keys in hand, the enterprise manager can add, change and create new services — and pay the service provider for them each month. "It eases one of the largest mental barriers there is. This is more psychology than technology."

Most vendors have technology-agnostic switches so they can help customers move toward an all-IP world, or can offer services in the still-more-prevalent Asynchronous Transfer Mode. Similarly, high-end edge-router players such as Cisco, Juniper Networks and Unisphere Networks, can push frame-relay traffic over an MPLS infrastructure. Service-creation switches sit next to or behind the edge routers from Cisco, Juniper or Unisphere, massaging the information to add value.

A service provider using MPLS can carve up the Layer 3 IP network to make it look and behave like what the customer is used to with a Layer 2 frame-relay network, says Judy Beningson, Unispheres director of product management. "Its a way of recreating the frame-relay network while giving the customer the benefits of Internet Protocol services. Were starting to see carriers get serious about deploying it as a technology they can give to customers," she says.

Spy vs. Spy

If Reebok International is concerned that Nike can get hold of its traffic on an IP network, MPLS and virtual routers can give a robust guarantee that traffic will stay secure and separate. "Its not something an IT manager can ask for today, but they should be asking their service providers what their plans are for keeping traffic secure and for using MPLS. They can start educating themselves on the technology," Beningson says.

In the meantime, high-end edge-router players such as Cisco, Juniper and Unisphere can push frame-relay traffic over an MPLS infrastructure for service providers that are slower to move away from older technology.

Service providers need to better market the IP services they are now offering, The Yankee Groups Kerravala says. If they think they can hold off on the new services and still keep their customers, they are wrong. Pressure will come from cable operators in the residential market and from next-generation players such as Qwest Communications International and ANXeBusiness, one of the worlds largest multiprovider VPNs.

Last month, Mitsubishi International acquired one-fifth of ANXeBusiness, infusing life into the ANX Network, which lets automakers and others move engineering and purchasing data over the Internet in a secure manner. It also lowers the cost of communicating with customers. "Instead of Mitsubishi needing lines to hundreds of different customers, ANX can set them up with one pipe," Kerravala says. "They dont have to worry about XML or anything else. They can worry about their own business."

Service providers "typically have been pretty poor at thinking these things up themselves," he says. The onus has fallen on the hardware vendors to pitch the products to the carriers "and make sure the value of a VPN network is relayed down to the enterprises. If the chain breaks down, no one is going to be successful."