Sabre flies with SSL

Travel services giant Sabre wanted to give customers access to its data center without having to provision, install, manage and maintain remote access gear, and it found the answer in SSL VPNs .

Using standard desktop browsers and an Internet connection, customers can reach Sabre's portal and transact business as if they had site-to-site network layer connection to the data center via an IPSec VPN. The difference is that an IPSec VPN requires separate VPN appliances at each of Sabre's more than 10,000 customer sites, while the SSL VPN requires gear only at the data center. Sabre currently supports 2,000 users on the SSL VPN; when the project is completed it will support 70,000, the company says.

Sabre wouldn't say how much it is saving by transitioning to Nortel SSL VPN technology, but it eliminates the capital cost of devices at customer sites and the ongoing cost of keeping them up and running. "The economies were very attractive," says Lindsay Miller, Sabre's senior principal for end-to-end engineering.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Travel services giant Sabre wanted to give customers access to its data center without having to provision, install, manage and maintain remote access gear, and it found the answer in SSL VPNs .

Using standard desktop browsers and an Internet connection, customers can reach Sabre's portal and transact business as if they had site-to-site network layer connection to the data center via an IPSec VPN. The difference is that an IPSec VPN requires separate VPN appliances at each of Sabre's more than 10,000 customer sites, while the SSL VPN requires gear only at the data center. Sabre currently supports 2,000 users on the SSL VPN; when the project is completed it will support 70,000, the company says.

Sabre wouldn't say how much it is saving by transitioning to Nortel SSL VPN technology, but it eliminates the capital cost of devices at customer sites and the ongoing cost of keeping them up and running. "The economies were very attractive," says Lindsay Miller, Sabre's senior principal for end-to-end engineering.

Saving money

The project came about as part of an overriding plan to cut back on ongoing maintenance of customer connectivity, says Andrew Teel, the company's senior principal in charge of strategic architecture. "We're trying to pull away from giving customers physical equipment and network connections," he says. Historically, Sabre would connect its travel agent customers to its data center and take responsibility for the link from site to site.

To keep the IPSec VPN running, Sabre needed a vendor that handled maintenance and repairs, warehouse space to keep spares, license fees and central servers - all of which ran up the cost. "It's almost like a PC you're maintaining out at the customer site. With the SSL VPN it's really just the capital cost of the equipment and then the license fee on a user basis," Miller says.

The company shifted the bulk of these connections to IPSec VPNs about 10 years ago and is now in the midst of a shift to SSL VPNs. "We're trying for a zero footprint," Teel says.

Sabre enlisted the aid of network consultant EDS to help decide which SSL vendor to choose. Besides Nortel, Sabre considered Aventail, Cisco, F5 and NetScaler. Nortel had a leg up because Sabre uses Nortel Contivity gear for its IPSec access, but Nortel also was able to integrate its gear with Sabre's customer-portal software called MySabre. It was also able to scale to support the 70,000 users Sabre wants to transition to the SSL technology, Teel says.

Nortel did well against the competitors in benchmarking tests performed by EDS, he says. Those results, in conjunction with cost and Nortel's ability to integrate the SSL VPN with the IPSec VPN gear that would remain in the network, carried the day for Nortel.

IPSec doesn't go away

Some Sabre customer sites will remain connected by IPSec because managing a single IPSec device at a large location requires less work than managing a large number of users with SSL, he says. Sabre is considering a site with at least 30 users to be a candidate for IPSec for this reason.