Colt IP VPN Services
© 2010 Colt Technology Services Group Limited. All rights reserved.
Agenda
An introduction to IP VPN
Colt IP VPN
Hybrid Networking
Workforce Mobility
Summary
2
Drivers behind IP VPN adoption
Cost
reduction
Convergence
IP
VPN
Remote
users
3
Rationalisation
Colt IP VPN – Business value
Management: Focus on core business
while Colt manages your network
Agility: Respond rapidly to changes in business
such as mergers, relocation or cost rationalisation
Performance: Enable business applications to run more
efficiently and become better at meeting customer needs
Security:
Keep your data secure and meet compliance regulations
Resilience:
Reduce risk of network failures that harm your business
4
Colt IP VPN
© 2010 Colt Technology Services Group Limited. All rights reserved.
Core technical specifications
Colt IP VPN
Plus
Transport technology
Managed router
MPLS
Yes
Protocols
Service bandwidth
Data encryption
Multi VPN
Customer interface
6
No
IPv4
64kbps to 10Gbps
Class of Service
Routing protocols
Colt IP VPN
Access
5
RIP, BGP, OSPF, EIGRP, Static
3DES (an option if required)
Yes
No
Ethernet 10/100BASE-T, 1000 Base-F, 10G Base-F
or wires only for Colt IP VPN Access
10,000
Bandwidth options
1,000
800
900
• Granular options up to 10Gbps
• Speed to match your business needs
• Easy to upgrade
900
Mbps
1,000
10,000
700
800
600
700
500
600
400
500
300
400
200
100
0
7
256kbps
512kbps
1
1.5
2
3
4
5
6
7
8
9
10
12
15
20
25
30
34
35
40
45
50
60
70
80
90
100
110
120
130
140
150
155
200
300
Network access
Off-Net
(Ethernet or leased lines)
Colt SDH
based fibre rings
Colt SDSL and EFM
(Ethernet in the First Mile)
Wholesale DSL (wDSL)
Colt
network
Fixed and wireless
remote users
Partner
networks
Public
Internet
3G PDA connected to the public Internet
8
Global MPLS NNI indicative coverage
9
Colt countries
Coverage via long-lining
Coverage via Global MPLS NNI
Coverage on individual base
*Indicative coverage only - please check with presales connectivity
Remote fixed access
Where no commercially attractive
access circuits are available,
remote fixed access provides:
Office
• Colt managed CPE router installed
on any public Internet access
• Secure IPsec tunnel setup from Colt
managed remote CPE to Colt network
ingress point
Public
Internet
CPE
IPsec tunnel
CNG IPsec tunnel
terminator
• Includes installation, full management,
peering bandwidth and service
gateway
10
Colt
MPLS
Centralised Network Gateway (CNG)
Multiservice IP infrastructure
from a centralised network
function
Current modules:
• Internet access
• IPsec termination
• Breakout to a dedicated or a
Public
Internet
CPE
Pick and choose CNG
functionality CNG
CPE
virtual Firewall
Colt
MPLS network
CPE
11
End-to-end management*
Customer
LAN
CPE
Colt
managed
CPE router
Customer
LAN
MPLS enabled IP network
Colt or
CPE
partner
network
Colt
network
Colt NOC
Fully pro-actively managed end-to-end network*
* Excludes Colt IP VPN Access which is a service without managed CPE router at your site
12
Colt
managed
CPE router
Security
Separate address space per VPN
Inherent separate routing
instances in MPLS
Label spoofing
MPLS core infrastructure
is invisible to outside world
Intrusions
Denial of Service
(DoS) attacks
Misdirected messages
Customer’s
IP VPN
Firewall to protect the
breakout to Internet
MPLS label spoofing impossible
by filtering on physical ports
IPsec over MPLS
available as an option
13
Tiered Service Level Agreements (SLA)
Service assurance
Target Time to Repair (TTTR)
Service availability
Packet loss
Jitter level
Round trip delay
Service credits





Service delivery
Target lead time for...
Provisioning of initial network
Modifications


Guaranteed Quality of Service (QoS)
14
Enhanced availability
Dual entry
15
Dual fibre entry into buildings with self healing rings
>
ISDN backup
Fully inclusive or partially inclusive ISDN Backup Service
with automatic failover
>
DSL backup
Additional Colt managed CPE router with automatic
failover to DSL backup service
>
Dual access
Two Colt managed CPEs on two access circuits running a Virtual
Router Redundancy Protocol (VRRP) with automatic failover >
Internet backup
Additional Colt managed CPE router with automatic
failover to Internet backup service
Wireless backup
3G wireless backup access to the IP VPN when the primary
Colt IP VPN access circuit is disrupted
>
>
Options
Colt IP VPN
Plus
Global MPLS
Class of Service
Application aware networking
Multi VPN
DHCP server / relay
Multicast
Ingress prioritisation
Private IP address space
LFI for sub 1Mbps
Network-based Internet access
Online reporting
* New feature due May 2010
16


*








Colt IP VPN
Access

*



Class of Service (CoS)
Traffic shaping
Bandwidth
Standard traffic
Premium traffic
Time
Class of Service
Voice
Jitter, latency and packet loss sensitive applications
+/- Business 1
Video
Latency and packet loss sensitive applications
Web access
Internet traffic
File access
Internal file server traffic
Email
None time-sensitive data
+/- Business 2
+/- Business 3
+/-
17
Standard
Priority
Premium
+/-
Colt
network
Traffic classification
Customer
network
Application Aware Networking (AAN)
• Moving towards guaranteed
application performance
• Visualisation of the
applications running over the
IP VPN
• Optimisation by applying
application depending Class of
Service with fine granularity
• Protocol acceleration, including
TCP timer tuning
• Application reporting
18
Application
Aware
Networking
Multi VPN
Multiple extranets over the same
VPN network
VPN A
Implementing separate logical VPNs
over one common physical VPN
infrastructure. Every site can then
participate or not in a logical VPN.
CPE
VPN B
CPE
CPE
Logical circuits
Customer LAN
CPE
19
Colt managed CPE router
VPN B
Colt
MPLS network
CPE
Network based Internet access
• Delivered via the Centralised Network
Gateway (CNG)
• Central delivery of Internet access used
by all sites connected to the IP VPN
• Available to all Colt IP VPN sites
Public
Internet
CPE
irrespective of access circuit or
technology
• Support for either customer or
CNG
Colt managed firewall
CPE
Colt
MPLS network
CPE
20
Enhanced online reporting
Silver
Throughput
Availability
Latency
Packet loss
Jitter
Gold
Router
configuration
Silver +
21
Events log
Service status
Hybrid Networking
© 2010 Colt Technology Services Group Limited. All rights reserved.
Data
Centres
Branches
HQ
Data
Centres
Business-critical Applications
•
Business Critical Applications, e.g. ERP (SAP,
Business-critical Users
•
Oracle), Virtual Desktop (Citrix) and
Collaboration (Sharepoint)
Business Critical users, whose productivity is
critical for the business
•
Strong performance requirements to support the
•
More and more Centralised and Virtualised
business, avoid discomfort among the
•
Strong availability requirements drive the need
employees about the quality experienced and
for data replication and migration of virtual
reduce the complaints to the IT department
machines
•
23
•
Need for a high number of low-speed any-to-any
Need for a few high-speed low-latency point-to-
interconnections, with control and commitment
point interconnections for traffic predictability
over traffic and application performance
Data WAN Evolution: Hybrid Networks
Traffic Prioritization
Customer IP
control
Hundreds of sites
Low-latency
Multi-protocol
Multiple CoS
IP/MPLS VPN
Hybrid
Feature rich
Ethernet
VPN
High bandwidth
Plug and play
Coverage
Build unique IP VPN
Managed IP communications
24 Current
Data Centre interconnection
HQ interconnection
Migration from legacy
Analysis: Global Data WAN Services: Trends and Market Leaders, October 2010
24
Scenario
Branches
HQ
Data
Centre
MPLS based
IP VPN
Data
Centre
25
Example:
• 1 headquarters
• 2 datacentres
• 20 branch sites
Scenario – a hard choice?
Ethernet 1G +
CPE Solutions
26
MPLS based
IP VPN
Scenario – hybrid networking
Ethernet 1G +
CPE Solutions
MPLS based
IP VPN
No need to make a hard choice between
CPE solutions and IP VPN.
27
Workforce Mobility
© 2010 Colt Technology Services Group Limited. All rights reserved.
Workforce Mobility
Workforce Mobility simplifies and manages mobile connectivity and provides:
•
End-user access to the corporate network and applications from virtually
anywhere via WiFi, 3G (UK only), dial-up and home
•
One software application to manage all end-user remote connections
•
Highly customizable service configuration (policies and integration)
•
Unlimited use of global broadband on laptops and handhelds
•
Secured transport of data with user authentication
•
•
•
•
Scalable solution for enterprises with few to thousands of mobile workers
29
Fully integrated with all the benefits of the Colt IP VPN portfolio
Independence of Mobile Network Operators
Fixed monthly charges per user/month (inclusive use of multiple devices)
Workforce Mobility - User Experience
1
Start laptop
with iPass client
30
2
Best access
presented
3
Connect to
Internet
4
Establish
encrypted tunnel
Workforce Mobility - options overview
IP VPN Mobility (Workforce Mobility)
Options for Internet access at end-user location
Access
by Colt using iPass (Full)
Bundle A
by Customer (Partial)
Bundle B
Encryption options
Security
Authentication options
31
Benefits for the enterprise and users at a glance
Higher
productivity
Easy and fast to
use
Secured
transport
Proven and
Reliable
Always access to
corporate
network
Colt provides
complete
solution
End-user
32
One application for
all remote access
Predictable cost
One bill
Integration of
customer 3G
solution
IT department
Admin Portal
Largest WiFi
network in the
world
Business
Thank you
www.Colt.net
© 2010 Colt Technology Services Group Limited. All rights reserved.
Appendix
34
© 2010 Colt Telecom Group Limited. All rights reserved.
Colt IP VPN dual entry
• SDH self-healing rings with 50ms
protection switching
• Dual fibre entry into the building
SDH+ DUAL
fibre entry
SDH+ SINGLE
fibre entry
Colt
MPLS
35
Colt IP VPN ISDN backup
• Fully inclusive or partially inclusive ISDN
backup service
(Colt or customer has responsibility for
ISDN line provision and associated
charges)
• Dial around and through the network
• Automatic switching between primary
access line and ISDN line
CPE
Primary
access
circuit
• Support for BRI/PRIs
(from one BRI up to four BRI and one PRI)
Colt
MPLS
36
ISDN
ISDN
backup
circuit
Colt IP VPN DSL backup
• Two Colt managed CPE routers
provides hardware redundancy
• Automated failover to DSL if primary
access circuit goes down
CPE
CPE
Primary
access
circuit
Colt
MPLS
37
Colt
DSL
DSL
backup
circuit
Colt IP VPN dual access
• Two Colt managed CPEs running
VRRP
• Two access circuits
• Automated failover from primary to
secondary circuits
CPE
Colt
MPLS
38
CPE
VRRP
Colt IP VPN Internet backup
Resiliency outside of Colt countries, or
where ISDN and DSL services are not
feasible
Location of
remote site
Internet access
delivered by:
Colt
country
Colt
Non-Colt
country
Colt
Customer
CPE
Primary
access
circuit
Colt
managed CPE router
IPsec tunnel
Colt
Colt
MPLS
39
CPE
CNG
Public
Internet
Colt IP VPN wireless backup
A truly redundant and resilient
access method for standard wired
services
• One box CPE solution, installed by
Colt
• GPRS, EDGE, HSDPA or UMTS
wireless interfaces
• Based on 3G wireless Internet
CPE
3G wireless
transmission*
Primary
access
circuit
(not a 3G wireless private service)
• IPsec tunnel terminated on the CNG
*Customer provided 3G wireless Internet service
40
Colt
MPLS
CNG
Public
Internet
41
42
43
44
45
46
47