Enterprise telecommuters and mobile workers require secure, remote access to corporate resources from any location. In parallel to the increase of remote users, service provider offerings for broadband access over cable, DSL, and wireless technologies are becoming increasingly available. Combined with the use of VPN, these broadband services provide telecommuters and mobile workers with high-speed access (including wireless) to corporate networks from airports, hotel rooms, coffee shops, and small offices previously limited to low-speed dialup lines. Two market factors can be attributed to the growth of remote access VPN services: the geographical diversity of the workplace and the mobility of the worker. These factors drive the requirement for secure, reliable, and ubiquitous access to corporate intranets. From a service provider's perspective, a remote access service must operate "on-net," (over the service provider's share network) and "off-net" (over the Internet or a third-party partner's network). The second market factor is due to the availability, affordability, and capability of broadband cable, DSL, and wireless technologies that motivate both enterprise customers and service providers to adopt a remote access deployment that operates over the Internet. Some reasons for such an adoption are faster network performance; increased productivity; and improved access to value-added corporate applications, such as Voice over IP (VoIP), managed security, workforce collaboration, distance learning, enterprise resource planning (ERP), videoconferencing, multicast, and secure content delivery. Applications, such as Citrix, which enables critical enterprise applications to be accessed via any enterprise device, drive a requirement for remote access capabilities with low latency to ensure effective communicationsparticularly for remote workers. ERP is used for a majority of business functions, such as financial planning, order management, manufacturing processes, and procurement planning deployed across various enterprise departments. Examples of remote access to Layer 3 MPLS VPN include dial, IPSec to Layer 3 MPLS VPN, and ISDN backup. Wireless access to VPNs via Wireless Fidelity (Wi-Fi) using Secure Socket Layer (SSL) or IPSec is also growing rapidly. In terms of target market positioning, a managed low-end VPN leverages access for DSL cost-efficiency with a target market of small to medium enterprises. Figure 2-6 depicts on-net remote access via PSTN, ISDN, cable, and DSL. Remote access details are further discussed in Chapter 6. Figure 2-6. On-Net Remote Access: PSTN, ISDN, ADSL, and CableNote To provide a secure off-net service via the Internet or a third-party partner network, the connection is encrypted to the corporate VPN for security. Figure 2-7 shows an off-net service construct. Figure 2-7. Secure Off-Net Access to the Corporate VPNFinally, an enterprise customer can select site backup and resilience options from a service provider using Layer 3 MPLS VPN technology and select the appropriate service level agreement (for example, dual-leased lines to different provider edge devices with a backup for resiliency) via dial or DSL. Figure 2-8 portrays some examples of such options. Additionally, customers are also requesting the use of the Internet for backup and are willing to risk performance for the low cost of the service because they assume that the backup will be in operation for short and infrequent durations. Figure 2-8. Site Backup and Resilience Options |