By SALVATORE SALAMONE

With all of the current hoopla about virtual private networks, you may be asking yourself, why should I suddenly use VPN? And why now?

To understand why VPNs are needed, it is best to step back a minute and look at some connectivity and business trends. A number of events that are occurring in the corporate world are changing basic connectivity requirements.

The first major trend is the growth in telecommuting. Industry experts estimate that there were about 7.5 million full-time telecommuters in 1997. And there were probably several million more if you counted those people who work at home a couple of days a week.

Social factors are driving this number up. Many people want to work at home for personal reasons such as taking care of their children or eliminating time commuting to and from work.

In today's competitive business climate, companies are catering to employee demands and often will let skilled employees telecommute in order to retain their services. Additionally, many companies will now hire the best candidate for a job regardless of where that person is located. To do this, companies let these people telecommute full time rather than move them closer to the office.

Additionally, there is a different kind of mobile work force today than in the past. People have always traveled, but today's traveler needs frequent access to the corporate network. For example, access to e-mail is now considered essential by most travelers.

On top of that, more employees work extended hours. It is common for professionals to require access to e-mail and network applications at night and on the weekends. All of this is increasing the demand for connectivity.

Further driving the connectivity needs of a corporation are other major business changes. Decentralization of corporations is on the rise. Rather than having a corporate headquarters where the majority of employees are located, most companies today spread their operations across the country or even the world.

Pushing connectivity requirements even further is the fact that more companies now have business applications that require sites to share information frequently. For instance, in the past, a bank branch office might only need to check a customer's account balance on a mainframe in the bank's headquarters. Nowadays, associates in a branch office might need to look up the current rate on a money market certificate and check a customer's investments that are man-aged by the bank.

In other words, the number of applications that require small sites to have access to information keeps growing. And this trend is forcing companies to change the way they connect sites.

The bottom line is that IT managers find they must support an increasing number of dial-access users, and at the same time, they must link more offices together.

Why Change?
Of course, remote and branch office connectivity has been a staple of most IT managers for many years. So why are VPNs even necessary?

The answer is that the costs of using traditional remote access technology is skyrocketing and will only get higher as more users and sites need to be connected.

To understand why costs are in-creasing, it is necessary to look at the total cost of ownership for remote access. During the past few years, several market research firms have done remote-access costs studies. Consistent findings have revealed that equipment costs are only about 15 percent to 20 percent of the total cost of ownership when connecting users and sites. The bulk of the cost to support remote access for a three- to five-year period (depending on the particular study) comes from two areas: recur-ring telecommunications costs and the operational costs to support the users and manage the equipment.

It turns out that remote access--both dial access for individual users and dedicated lines to link sites--combines the worst of the voice and data worlds.

On the data side, traditional remote access incurs the high management costs of supporting users. Typically, the equipment is complex and there are many kinds of devices--including remote-access servers, access routers and WAN switches--that must be installed, maintained and managed. Frequently, each type of equipment requires a different set of management skills, which adds to the total cost of ownership.

Traditional remote-access connections also suffer from the worst the voice world has to offer. Typically, companies pay a per-minute charge for connect time and long distance fees for both dedicated and dial access.

Long distance charges for dial access start at about 10 cents per minute--about $240 per month per person for two hours of connect time a day. Those costs can become astronomical if the user makes a long distance call from a hotel in an international location.

Companies also often have additional hidden costs when supporting large numbers of sites or users. For instance, some businesses simply have telecommuters or travelers submit their phone expenses with their normal expense reports.

This is a productivity buster since the user must take the time to photocopy each phone bill and the accounting department must deal with the submissions.

A number of companies use 800 services to avoid such hassles and to make it much easier for their users to connect when on the road. Even the best rates on 800 services--about 5 cents per minute--amount to phone bills of $120 per month per user for about two hours of connect time each day. That adds up to $144,000 a year for 100 users.

Enter VPNs
The hidden management and recurring telecommunications costs of traditional access technologies will only grow as more users and more sites are added. Telecommunications costs are simply proportional to the number of users. If you double the number of people dialing in, you also double the phone charges.

VPNs offer a way to keep costs in check. First, they can reduce the recurring communications charges. VPNs use the relatively free band-width of the Internet or a service provider's network to connect a user to a corporate network or carry traffic between sites.

For dial access, the basic idea is to replace that long distance phone call to the company with a local call into a service provider's point of presence. If a flat monthly rate Internet account is used, the cost savings can be significant. It would cost $19.95 per month vs. $120 a month when using the 5-cent-per-minute 800 service for two hours a day every business day.

Flat monthly rate ISP accounts are fine for some applications, but increasingly, IT managers want more than a flat-rate account can deliver.

That is leading some IT managers to look at usage-based services that may cost more than a flat-rate account, but guarantee network availability and latency across that provider's network.

Typically, quality ISP services that offer service-level guarantees range in price from about $1.50 to $3.50 per hour of connect time. That amount is still substantially lower than using an 800 service that typically charges between $4 and $10 per hour to connect users to an in-house modem pool or remote-access server.

The accompanying chart shows the annual cost for connecting 500 users for various levels of connect time and prices for an 800 service and using a VPN.

As the chart on this page shows, it would cost $119,700 per year for 500 flat-rate ISP accounts, where each account costs $19.95 per month. A VPN connection that runs over a usage-based ISP service costing $2.50 per hour would amount to $300,000 a year for 500 users, where each of these users averages 20 hours of connect time a month (an average of one hour per business day).

By comparison, the direct-dial approach would cost an annual average of $360,000 to support 500 dial-in users over an 800 number service that charges 5 cents per minute and where users connect for an average of 20 hours per month.

In other words, a company sup-porting 500 dial-up users could save $240,300 or $60,000 a year by shifting its 500 dial-access users to VPN access using, respectively, a flat-rate ISP or usage-based ISP account.

Another way VPNs can save communications costs and possibly reduce management costs is by reducing the amount of access gear required.

In the dial-access scenario, a company would typically have one or more dedicated T1 lines that connect to a remote-access server and that are only used for the dial-access users to get into the company network. Additionally, the company would have a high-speed Internet-access line.

If every one of the dial-access users switched from direct dial to VPN access, the T1 lines used for dial access could be eliminated since the user would enter the network over the existing high-speed Internet-access lines. This would also eliminate the cost of the T1 lines to headquarters for dial access.

Moving all users over to VPN access also eliminates the need for a remote-access server. So that piece of equipment could be removed, thus freeing up whoever had to manage it from these duties.

Similar savings can occur in site-to-site connectivity scenarios. Many sites have multiple access lines--one for traditional data connections, such as frame relay or T1 lines, and another for Internet access.

If branch offices are linked to a corporate headquarters over a VPN connection, it might be possible to reduce the number of traditional data lines companywide. And the WAN-access equipment might be able to be consolidated.

Marrying Emerging Technologies
VPNs are also getting attention because they have the potential to integrate a new class of user--the high-speed access telecommuter--into the corporate network.

Traditionally, the full time telecommuter used analog modems or, if they were lucky, ISDN service to connect to the corporate network. Basically, these workers were limited to 128 Kbps at best. And that meant they were, in a sense, second-class citizens when compared with their network-attached counterparts back in the office who were used to 10-Mbps LANs and T1 speed or better Internet access.

Until now, telecommuters had to make do with the speeds afford by these traditional dial access services. For most, there was no economical alter-native. Frame relay, fractional T1, T1 and other high-speed data services were simply too expensive to run out to every telecommuter's home.

However, within the past year, there has been noticeable progress in the deployment of high-speed access services based on cable modems and Digital Subscriber Line technologies.

The problem with these services from a business standpoint has been that they really only provided high-speed Internet access and did not offer any way to get back to the corporate network.

That's precisely where a VPN comes in. Marrying the security and network access features of a VPN to these high-speed access services seems like a match made in heaven.

Telecommuters and small remote offices need high-speed access to the Internet and to their corporate networks. And they need this connectivity to be priced economically.

DSL, particularly symmetrical versions of the service, seems to fit the bill for corporate users giving them T1 or better access speeds at a fraction of the cost of a traditional T1 line. And cable modem services typically offer between 1 Mbps and 2 Mbps connection speeds for between $40 and $100 per month.

As DSL and cable modems service deployment heats up in the coming year, IT managers should be looking at the combination of VPNs and these high-speed services for their remote users.

A small number of service providers are already combining VPN and high-speed services. These providers have targeted the connectivity needs of small to medium businesses and seem to be carving out a nice niche market.

However, many providers do not combine the two services for you. In most cases that means IT managers will be left to do VPN-enabled high-speed connections on their own.

VPN security applied to cable modems seems to have a particular appeal. Cable modem services are being aggressively rolled out in certain parts of the country.

However, the service has primarily been seen as a consumer Internet access service. One reason for this perception is that many cable net-works are architected so that all homes served from the same neighborhood equipment pedestal essentially share a single LAN segment. This will not do for most business users.

VPNs solve this problem since the traffic is encrypted before it is sent through the cable modem box.

One potential obstacle to implementing a VPN-enabled high-speed telecommuting system is that cable and DSL modems do not typically support VPN technology. But then again, neither do analog modems. However, there is a difference between the analog and high-speed access worlds that needs to be taken into account.

With analog modems, the amount of data streaming from and toward a telecommuter is fairly modest. And any PC running VPN client software can easily handle the encryption, decryption and tunneling tasks associated with using a VPN.

The situation could be radically different with a high-speed connection. Commercially available cable modem and DSL services tout transmission speeds in the range of 1 Mbps to 2 Mbps. Before setting up a VPN, the question that needs to be answered is: Can a PC with VPN client software perform the necessary encryption and tunneling tasks at these rates?

And if the PC can handle these tasks, does it do so at the expense of other applications? It makes no sense to give telecommuters a connection to the corporate network if their PCs are going to lock up under the load.

Early indications seem to offer some assuring news. Users who have experimented with running VPNs over a DSL link say that a Pentium-class computer has enough processing power to handle these tasks.

So software-based VPN approaches in the telecommuter's home seem to be viable. And hardware-based VPN solutions that are designed primarily to link branch offices over T1 lines can easily be used in a telecommuter application. In this scenario, the VPN device would be placed between the user's PC and the cable or DSL modem.

If companies start using VPNs to connect large numbers of DSL and cable modem telecommuters, there might be implications with respect to the equipment used in the main office.

Traffic from these high-speed access users then needs to be aggregated. For main offices, companies will likely have to use some form of packet processor dedicated to VPNs on the LAN side of a router. These devices will handle VPN security along with a substantial number of other functions such as bandwidth management.

For the most part, it looks like IT managers are going to have to roll their own solutions.

This entire area of marrying VPN security services to high-speed access is just beginning to emerge. If the combination proves popular, it has the potential of increasing telecommuter productivity, and will allow companies to let more people telecommute. This might let companies keep highly skilled people thus saving the costs of replacing a worker who might have left otherwise.

Outsourcing Benefits
Outsourcing remote communications is all the rage these days.

That's because IT managers are trying to find ways to reduce the total cost of supporting ever-increasing numbers of remote users be they telecommuters, travelers or just users in other sites.

Exactly how prevalent is outsourcing you ask?

The Cahners In-Stat Group, a consultancy that tracks the communications industry, has projected that by the end of next year 49 percent of large and midsized enterprises will outsource some or all of their remote access.

Another consulting firm, the Gartner Group, has a similar message. According to Gartner, enterprises are increasingly turning to service providers to configure, own and manage their remote communications infrastructures.

Outsourcing remote access to a VPN reduces the total cost of ownership of remote access. It means no more modem pools to maintain, no more remote access servers to manage and no more WAN equipment such as Channel Service Units/Data Service Units associated with these devices.

An IT staff that does not have to maintain this equipment can be used to manage other tasks. Some companies have found that outsourcing remote access has allowed them to bring in-house other services that have previously been outsourced. For instance, one manufacturing company headquartered in the Northeast outsourced its remote access and was then able to take back the management of its e-mail gateways, which had been outsourced to the tune of approximately $6,000 per month.

Using a VPN for remote access or site-to-site connectivity means never having to upgrade access equipment again. This can represent a considerable savings since access technology is rapidly evolving. Just look at the past year: Many companies have needed to upgrade with remote access servers and concentrators in order to support emerging 56-Kbps modem technology.

Staffing Issues
One component of the total cost of owner for remote access is staff training. Using a VPN approach, a company could out-source its remote access communications to a service provider. And this can help reduce training costs.

Essentially, the service provider is responsible for the management of the equipment. As a result, there is no need to train staff in the use of the equipment.

Thus, a VPN can solve three training problems. The first issue most managers come up against is getting staffers up to speed about the workings of a new piece of remote access gear. Typically, companies will send the person who will be in charge of managing a new remote access server or WAN router to a seminar run by the equipment vendor. Typically, these classes are free, but they still take the employee away from work for the time of the course.

Having a service provider oversee and manage remote access equipment saves all the time that the employee would be away from the job.

A second problem in this area is that equipment is frequently upgraded, thus requiring more training classes for employees. Just look at what has happened in the remote-access market over the past year. Anyone with a remote-access server most likely had to deal with a move to the 56-Kbps modem standard.

And the management tasks become more complicated when we're talking about site-to-site connections. Here, the need to change equipment has escalated as new data services have been rolled out. And IT managers will likely find they have to support even more services in the next year as Digital Subscriber Line and even fixed high-speed wireless services become more available.

A third area in which outsourcing remote access to a service provider-based VPN has an impact on staffing issues is retention. A number of IT managers have found that once they train staffers on a new technology or a vendor's new line of equipment, the employees leave. From the employee's perspective, he or she has acquired a new skill, so it makes sense to for them to seek compensation to match.

And in today's job market, where IT professionals are in incredible demand, it is not very hard for them to find new jobs.

Outsourcing remote access to a VPN eliminates the staff churn problem. The service provider is responsible for managing the equipment and for training its own people on the equipment. If there is a churn problem, it is with the providers and not the IT managers.

IT managers also may find that when outsourcing a VPN to a provider, they can off-load other management tasks, again freeing up staffers' time for other projects.

For example, some IT managers are facing a crisis with Year 2000 compliance for their WAN equipment. One clever way to work around this situation is to outsource the remote access to a service provider and make Year 2000 compliance part of the provider's job.

IT managers who have done this say it works well for their companies. They do not need to become experts at Year 2000 issues for their WAN equipment. They also do not need to bring in high-priced consultants just to make sure their WAN equipment meets company Year 2000 compliance standards. And their staffs do not have to spend endless hours tracking down manufacturers' fixes (if they even have them) to old equipment.

When you take all of these factors into account, it becomes very easy to see why VPNs are attracting so much attention.