Having touched on the MVPN overall value proposition and its significance in the wireless market, let's now turn to MVPN market segments. The MVPN market, like any other market, consists of buyers (private network access customers) and sellers (wireless carriers and other service providers) who engage in transactions concerning a particular product or product category (private network access in mobile environment in our case) [Kotlerl999]. Let's now look at each group, taking into account the benefits of MVPN and different deployment strategies more suitable to different customers and providers.
MVPN service providers can be loosely classified into three major groups:
Mobile Virtual Private Operators (MVNOs) and other subcontractors and resellers
Wireline Internet service providers (surprise!)
The wireless operators group includes carriers, offering both actual network-based MVPN services as well as the business-quality Internet access with properties suitable for stable end-to-end VPN to be created between the customer's mobile equipment and the customer's VPN gateways. (See Chapter 5 for details on the difference between end-to-end and network-based VPN types.) Wireless carriers are by far the largest MVPN service provider group. This is not surprising, since the wireless carriers own both the spectrum licenses and the radio infrastructure. For network-based MVPN offerings, wireless carriers would have to establish proper agreements with the enterprises and institutions defining trust relationships, legal liabilities, quality of services, availability, and other parameters. If the enterprise chooses an end-to-end VPN method, the role of wireless carriers would be to support an end-to-end MVPN-compatible IP addressing scheme based on the use of publicly routable IP addresses or appropriately designed private address translation mechanisms. Of course, in the case of end-to-end VPN, wireless carriers might be bypassed altogether and might not even be aware of private communication taking place over their infrastructure, since by the nature of end-to-end VPN, packets transmitted between tunnel endpoints are encrypted and bear only end-to-end significance. This makes network-based service more attractive to wireless carriers; they can introduce a multitude of offerings with high revenue-generating potentials and institute more control over the mobile subscribers.
The second category of potential MVPN providers includes Mobile Virtual Network Operators (MVNOs) and other wireless service subcontractors, such as those engaged in infrastructure-sharing agreements (the radio access network and the spectrum license normally belong to their business partners). This group should be especially interested in network-based VPN services for the same reasons as regular wireless carriers. In addition, when the end-to-end VPN option is selected by the MVNO's corporate customers, MVNO's role would be much restricted and revenues would be likely marginal, since the middle-man role the MVNO targets would be quite limited. So MVNOs are even more likely to strive to add as much value as possible by implementing intelligent services in the network. (More discussion on MVNOs is provided in Chapter 9.)
The last service provider group, which might be considered unlikely by some, includes traditional wireline Internet service providers. This group can participate in providing network-based MVPN service through agreements with wireless operators, which often allow the latter to use highly developed IP infrastructures of the former. The benefits of offering MVPN service for this group mostly lies not in new revenue-generating capabilities but in product line extension—that is, in augmenting their traditional wireline offerings with newly available MVPN options. This allows wireline ISPs to become one-stop service providers for their traditional customers regardless of the network access method (wireless or wireline). We also need to stress that wireline service providers in some countries are starting to drive the deployment of a WLAN-based hot-spot coverage infrastructure, thus seeking as much independence as possible from cellular wireless operators and at the same time trying to compete with them in wireless high-speed data services.
The benefits of deploying Mobile VPNs are as significant for customers as they are for service providers. MVPNs provide remote workers with constant, media-independent connectivity to corporate networks or to the ISPs and ASPs of their choice. MVPNs enable corporations to outsource mobile remote access, and in some cases can completely replace wireline remote access infrastructures—thereby eliminating the costs of purchasing and supporting the remote access equipment while allowing private networks to maintain full control over user address assignments, authentication, and security (see Chapter 5).
Let's take a closer look at the potential MVPN users and their requirements. Generally, they can be classified into the following main categories:
Institutions, both government and academic
Applications service providers (ASPs)
The following sections look at each user category in more depth.
The main motivation for small businesses to use MVPN is primarily convenience and its cost-cutting abilities. MVPN is generally used by small businesses for remote access to centralize information resources, email access, and the monitoring of certain events, such as medical monitoring and utility billing. MVPN service for small business is more likely to be achieved via end-to-end connectivity, which does not require the establishment of complex agreements with wireless carriers. Instead, the responsible personnel must make sure that employees and partners are provided with the business class wireless Internet access with proper qualities to support end-to-end MVPN service.
Another reason why end-to-end VPN is more likely to be utilized within this segment is its relative ease of implementation and low price. To support this service, the remote workers must be provided with mobile devices equipped with off-the-shelf or proprietary VPN clients and security software and equipment such as IPSec protocol stacks and RSA SecureID cards. Often clients are bundled with operating systems—for example, IPSec clients are bundled with Microsoft Windows 2000 used with laptop computers (more in Chapter 8).
The main reason larger enterprises would be interested in MVPN is the potential productivity gains and increased personnel reachability. Cost cutting and ease of deployment will remain secondary issues. In an enterprise, MVPN services are most likely outsourced via an agreement or a number of agreements with wireless carriers, which are responsible for providing remote employees and partners of an enterprise with specific types and classes of MVPN services. In this situation, all types of MVPN can be used with equally good results as long as they satisfy cost, security, convenience, ease of support, and other requirements of an enterprise.
Generally, large enterprises are not as cost-sensitive as small businesses or government institutions. They often desire state-of-the-art services for their remote mobile workers—such as high-speed mobile data access and special security arrangements—which require a variety of MVPN technologies; network-based ones often being the most suitable. Usually, enterprise IT departments require to be involved in many aspects of the services provided by carriers, which, for instance, would allow them to retain control over policy provisioning, authentication, or IP address assignment. In these situations, open management interfaces, as well as carefully structured provisioning arrangements, are critical.
Government and other public institutions might be interested in MVPN services for reasons different from those motivating the private sector. For example, telecommuting is encouraged by the US government primarily not for cost-cutting reasons but to reduce pollution by eliminating daily travel to work. Home offices are becoming more and more popular with many public institutions. This trend, however, requires large-scale remote access mechanisms such as landline IP VPN combined with MVPN for workers on the road.
Service requirements of a government institution often can be rather unpredictable and unexpected (anyone in the private sector who has dealt with government customers can attest to this), often for a good reason or at least with good intentions. For that reason, flexibility in MVPN offerings and technologies should be the key when dealing with public institutions of various sizes and functions. For example, security requirements can often be very strong and far exceed those customary for private sector.
On the other hand, government institutions are often required to be especially cost-conscious and must structure their spending according to yearly plans. This prompts the use of very detailed service level agreements between government institutions and wireless carriers defining all the up-front prices and the services these prices would buy. Offering compulsory VPN service also relieves an institution from the responsibility of participating in VPN setup, provisioning, and maintenance—all of which can be outsourced to wireless carriers and their partners.
Academic and medical institutions are usually bound by similar goals of careful use of often substantial resources and the desire to use the latest technology available to achieve certain unique objectives such as support for telecommunications research projects or remote patient diagnostics. MVPN requirements for this group often have the attributes of both large enterprises and public institutions. For this reason, the approach that should be taken by wireless carriers should be one of diversity. Often the service presenting the right features might consist of a combination of offerings and unique arrangements, such as a combination of end-to-end and network-based VPN services, use of granular per-flow policies, and unique arrangements for traffic differentiation and service bundling.
This class of MVPN customers will grow as the wireless carriers take advantage of application packages offered by their wireline partners or content providers. These players must rely on dedicated private virtual networks so that the control of access to the services they offer can be easily enforced, and business class and predictable network access makes the user experience in accessing the services they offer uniform. ASP VPN offerings also come with advanced accounting features, so that the wireless provider and the partners can mutually exchange correlated traffic and content usage data and apply to these discounting policies and offer services like trend analysis and customer-behavior monitoring. These MVPNs allow members to access ASP services and offer subscription-based access to a host of services in a service bundle without forcing customers to perform individual authentication procedures.
5-year plans were used in some countries in the past without much success.