BellSouth® Managed Network VPN Service

1
BellSouth Managed Network VPN Service

• Next-Generation Network Services for Todays
  Business Needs

2
Presentation Overview

• Traditional WAN Solutions
• VPN Overview
• MPLS Overview
• BellSouth Network VPN
• Value Added Services
• SLA and CNM
• Customer Scenario
• Summary

3
Traditional WAN Solutions
4
The Case for Change Its Complicated and
Expensive for Both of Us

• Historically
• Separate edge and core networks built for each
  service offering
• Services and networks that address single
  applications well but do not individually address
  a broad range of customer needs
• Individually highly scalable, robust and stable
  network platforms
• Forcing Customers to
• Invest time, money and resources into different
  platforms
• Purchase disparate networks based on service need
• Perform network integration and their own access
  aggregation
• Split applications based on networking
  capabilities
• Prioritize investments across applications

5
Data Network Migration Strategy
Desired State Network IP VPN Environment
Current Environment
Internet Access
Internet Access
Internet Access
Access Frame Relay, DSL, Private Line
Access Frame Relay, DSL, Private Line
Migration Path
Ethernet
Managed IP Connectivity Services
Internet Access
Private Lines
Access Frame Relay, DSL, Private Line
Frame Relay
Access Frame Relay, DSL, Private Line
ATM

• Solutions
• Management simplification one platform
• Enables network and applications convergence
• Shifts complexity/investments to
  the provider
• Connectionless architecture more
  efficient
• Inter-LATA, limitless reach

• Challenges
• Integrating disparate networks
• Managing disparate networks
• Capacity planning, extending connectivity
• Costly, complex CPE
• Multiple WAN connections cost and complexity

6
Evolving Network Solutions
Market Assessment

• MPLS IP VPN
• Class of Service for IP
• Simplified connectivity (easy any-to-any
  connectivity)
• Simplified addressing
• Simplified network topology
• Simplified L2 and L3 administration
• Increased flexibility (more access options)
• IP-based network recovery
• Simple migration from Frame Relay
• Lower cost
• Improved scalability
• Quality of service
• High performance
• High security

MPLS IP VPNs build upon traditional Layer 2
technologies, promising a higher order of service
capabilities
Functionality

• Frame Relay/ATM
• Lower cost
• Improved scalability
• Quality of service
• High performance
• High security

• Private Line
• High performance
• High security

Time
7
VPN Overview
8
A VPN By Any Other Name

• Routers
• Firewalls
• VPN Concentrators
• IPSec Client Software

CPE Based VPNs (IPSec)
VPN Types
Network Based VPNs
Layer 2 VPNs (Point-to-Point)

• ATM
• Frame Relay

Layer 3 (IP-VPNs)

• Managed Network VPN Service
• MPLS/BGP (RFC 2547)

9
IP VPN Models CPE vs. Network
Network-based VPN
CPE-based VPN
Branches
Branches
Carriers Backbone
Internet
IP Partitioning/Tunnel
IP Tunnel
Headquarters
Headquarters

• First Generation IP VPN network
• Implemented over the public Internet
• Security is provided via IPSec
• Can be difficult to scale
• May require expensive CPE
• Difficult to control QoS

• Next Generation MPLS network
• Implemented over a private IP backbone
• Intelligence resides in the cloud
• Provides Any-to-Any connectivity
• Designed for converged IP services
• Provides QoS/CoS capabilities

10
Network VPN Drivers
11
MPLS Overview
12
What is MPLS?
MPLS Core Network

• Multiprotocol Label Switching
• A standard for switching packets over an IP
  Network using labels or tags that contain
  forwarding information attached to IP packets

CE
VRF
VRF
PE
PE
LSR
LSR
CE
PE
VRF
LSR
LSR
LSR Label Switch Router PE Provider Edge
Device CE Customer Edge Device VRF Virtual
Route Forwarding

• How Does It Work?
• Combines the security and reliability of
  traditional Layer 2 services (i.e. frame relay,
  ATM) with the efficiencies of IP networking
• Forwards packets based on labels
• Packets are switched, not routed
• Labels represent destination and may carry
  service attributes (CoS, Privacy-VPNs, traffic
  engineering)

13
What Does MPLS Provide?
14
BellSouth Managed Network VPN Services
15
The BellSouth Regional IP Backbone

• Customer Benefits
• Redundancy for high reliability
• Overcomes LATA boundaries
• Cornerstone for future information service
  capabilities
• Moves routing complexity into the BellSouth
  network

• Attributes
• 3 high speed IPOPs provide diversity and
  redundancy (Atlanta, Miami, and New Orleans)
• Consolidation of multiple IntraLATA IP networks
  into 1 core IP network enables BellSouth to
  maintain control of network traffic from
  end-to-end

16
Network VPN Nationwide Availability

• Network VPN is
• Available across the continental United States
  via close to 1200 access POPs
• A BellSouth Managed Network Services (MNS)
  offering on a single contract and single bill for
  ALL customer locations

17
BellSouth Managed Network VPN
Connecting the Entire Organization

• Customer benefits
• Consolidated remote user access and site-to-site
  networking
• Flexibility to aggregate multiple access types
  (i.e. Private Line, Frame Relay, DSL, Metro E)
• Off-Net capabilities for connecting remote
  users and Extranet partners via the BellSouth
  IPSec Gateway
• Integrated Internet access via network-based
  firewall

18
Site-to-Site Service

• Site-to-Site Service Access Options
• Frame Relay, Private Line, DSL, Metro Ethernet
  (2Q06), ATM (limited availability)
• IPSec Access via BellSouth IPSec gateway
• Optional Services
• eMRS Complementary Managed Router Service
  (soft-bundle) option
• Internet access with firewall feature
• Equipment purchase, installation and maintenance
  services

19
Access Types Site-to-Site
20
Remote User Service (Off-Net IPSec)

• Remote User Service
• Available via any Internet connection (BellSouth
  or third party ISP) using BellSouth provided
  IPSec client software
• AAA User Authentication required customer
  provided (AAA Proxy) or BellSouth hosted
• Tiered pricing based on minimum number of unique
  users per month
• Optional network-based Internet access with
  managed firewall feature

21
Class of Service

• CoS is an optional service that allows for
  prioritization of traffic on a per application
  basis
• Real-Time Suitable for IP voice applications
• Interactive Suitable for IP video applications
• Priority Business Suitable for business critical
  data applications
• Best Effort Suitable for non-critical data (e.g.
  email, general web surfing)
• BellSouth Network VPN offers Three levels of
  service to meet your CoS needs
• Standard Single class (Best Effort)
• CoS Basic Two classes (Best Effort and Business
  Priority)
• CoS Premium Four classes (Best Effort, Business
  Priority, Interactive, Real-Time)

22
Class of Service
23
Value-Added Services
24
Secure Internet Access

• Secure Internet Access via Network-based Firewall
  
• Internet access is provided via the Network VPN
  cloud
• Two levels of firewall service are available
  Basic and Advanced
• Subscription to a firewall service is required
  for Internet access

• Basic Internet Access Features
• Outbound Only Rule Set
• DNS Caching
• (1) Public IP address
• Advanced Internet Access Features
• Inbound and Outbound Rule Sets
• DNS Caching or DNS hosting
• Support for inbound NAT translation
• Support for physical DMZ
• Up to (15) Public IP addresses

• Firewall Features
• Provisioning and configuration
• Initial design and implementation of rule base
• Support for Network Address Translation (NAT)
• 24X7 Monitoring of the firewall platform
• Firewall administration and backup
• Help desk support
• Firewall logging
• Service level agreements

25
Additional Value Added Services

• Equipment and Professional Services
• Equipment Cisco, Nortel, Telco, Adtran
• Professional Services
• Staging, Configuration, Installation and Project
  Management
• Equipment Maintenance
• Managed Router Service
• Real-time Monitoring and Management of Customer
  Routers
• For all On-Net site-to-site transport types
  (Private Line, frame relay, and DSL)

26
SLAs and CNM
27
Network VPN SLAs/SLOs
Core SLAs - Regional (In-Franchise) National
"On-Net" S2S Services
Access SLAs - Regional (In-Franchise) "On-Net"
S2S Services

• Core SLAs apply from edge to edge of the MPLS
  network. This summarized information is outlined
  in the actual SLA and is subject to the
  limitations set forth in the Network VPN Service
  Description.
• SLAs Exclude Private IP Site-to-Site DSL

28
Network VPN SLAs/SLOs (Cont.)
29
Customer Network Management (CNM)

• CNM is a secure Internet-based portal that allows
  customers to view their BellSouth Network VPN
  service functionality Including
• Remote User Management Reporting
• IPSec Client Download
• Security Management
• Network Performance Reporting
• Trouble Management
• Order Status

30
Example Customer Scenario Pre/Post Network VPN
31
Example Company Acme, Inc.
Scenario New network deployment, extending
current network to other locations or overhaul of
existing network

• Customer Network Needs
• LAN to LAN connectivity
• 5 sites growing to 10
• 1HQ, 2 branch offices and 2 remote offices
• Remote access connectivity
• 20 Users growing to 200
• Mix of both company provided and end user
  provided transport
• Secure Internet access for all sites and remote
  users
• DS1 growing to Fractional DS3

• Key Network Decision Drivers
• Utilize most cost effective access method to
  connect sites
• Minimize complexity in order to minimize
  management costs
• Scaleable solution without requiring significant
  upgrade costs
• Minimize capital expenditures
• Long term, Acme would like to migrate to one
  network for voice, video and data
• Will require a fully meshed network

32
Pre-Network VPN Solution
Branch /Remote Sites
Remote Users
Frame Relay (128K)
Frame Relay (128K)
IPSec Client
DSL, dial, ISDN or cable access
Router
Customer IP Network
Internet
Frame Relay Network Layer 2 Only
Branch Offices
Frame Relay (128K)
Frame Relay (DS1)
Frame Relay (128K)
Customer Premise Router
(1) DS1 with (2) PVCs
VPN Device
Headquarters
33
Network VPN Solution
Remote Users On-Net
Remote Users Off-Net
Branch /Remote Sites
Frame Relay (128K)
BellSouth FastAccess DSL/ FastAccess
Telecommute DSL
IPSec Client
DSL, dial, ISDN or cable access
Private Line
Internet
BellSouth MPLS Network
BellSouth IPSec Gateway
S2S Private IP DSL
Branch Offices
Frame Relay (DS1)
S2S Private IP DSL
Customer Premise Router
Headquarters
34
BellSouth Managed Network VPN Summary
35
Network VPN Summary - BellSouth Delivers
36
Back-up Materials
37
Traditional Approach Using Frame Relay
Desired State
Typical Deployment

• Cost and complexity typically result in less than
  optimal network topologies (i.e. hub and
  spoke with multiple PVCs, overbuilt hubs, costly
  NNI arrangements)
• Potential bottlenecks and single points of
  failure
• Responsibility for functional integration and
  network management typically falls on the
  customer
• Does not address remote access needs
• Access aggregation and integration further
  increases cost and complexity

38
Who Benefits from the BellSouth Managed Network
VPN Service?

• Organizations that need wide area connectivity
• Organizations seeking cost-effective
  backup/disaster recovery solutions for their
  existing legacy WANs
• Organizations forming extranets with highly
  dynamic and meshed network traffic requirements
• Organizations with strong telecommuting
  initiatives
• Organizations deploying new IP-based
  applications
• Supply Chain Management (SCM)
• Enterprise Resource Planning (ERP)
• Customer Relationship Management (CRM)

39
BellSouth Managed Network VPN Service

• Summary of Benefits
• Reduced complexity in your network operations
• BellSouth provides all necessary equipment,
  facilities and support one fixed monthly fee
  (includes ongoing network monitoring and
  administration)
• Fully meshed networks can be easily deployed
  without the cost and complexity associated with
  traditional Layer 2 networking services
• SLAs assure service quality
• Greater flexibility to support a wide range of
  applications
• Extended reach to branch offices, remote workers,
  customers, suppliers and partners
• New sites and users can be quickly and easily
  deployed
• Class of Service capabilities allow application
  specific prioritization
• Lower total cost of ownership
• Shift complexity from customer premise to
  providers network
• Reduce capital investments (All customers need is
  a basic router at their premise)
• Enables future convergence of voice and data
  services via a robust integrated
  IP/MPLS-based network

Companies can leverage the capabilities of a
carrier class, shared IP infrastructure while
maintaining the "look and feel" of their own
private network.
40
WAN Technologies Comparison
Source TeleChoice (March 2002) Content Source
BellSouth Inite
41
CNM Back-up Materials
42
Remote User Management and Reports

• Types of Reports
• Audit Report
• By date
• By user
• Average Session Length Trend
• Hosted Usage
• Hosted User Session
• Session Graph Trend
• Top 15 Usage
• Usage Graph Trend

  Note Ability to export to excel
43
Example SLA Report
Phase I Sent via e-mail
44
CNM User Administration
Add New User to a Department
Step 1 Select Department
Step 3 Save New User
45
CNM Remote User Client Download
46
CNM Firewall Policy Change Request
47
CNM Submit Trouble Ticket
48
Network VPN CNM User Administration Tool
Types Of Users
Role/Capabilities

• Set up new departments
• Assign department administrator
• Add/delete users by department
• Password reset
• Generate Usage Reports

• Company Administrator

• Add/delete users by department
• Password reset
• Generate Usage Reports

End User
Department Administrator

• Download IPSec Client
• Password reset

49
BellSouth is Listening
Your needs are our concerns
50
Private Lines Coverage for Out of Region Sites

• Private Line
• Nationwide Network VPN service has 100 PL
  coverage of the Continental US
• Nationwide Network VPN service can be accessed
  from close to 1200 domestic POPs, including 50
  in BellSouth territory
• Initially Continental US locations supported only
• Can support International sites via IPSec access
  to MPLS network

51
Nationwide DSL Coverage for Out of Region Sites

• Coverage in 60 markets
• DSL access requires specific supported CPE make
  and models