/

Reviews /

Response to RFP: IBM

Network World Fusion, 05/10/99

Powell Electrical Manufacturing Co.
Houston

Reference: Request for Proposal for Remote Access Solution

Dear Sirs,

Thank you for the opportunity to offer IBM's solution for Powell Electrical Manufacturing's Remote Access needs.

After having studied the profile of remote users, we propose a RAS that handles a combination of ISDN and analog modem access.

ISDN BRI at the home office offers a cost-effective solution and, when combined with offered multi-link PPP support and IP/IPX virtual network (IP and IPX spoofing), provides an excellent high bandwidth solution for telecommuters accessing CAD applications.

For mobile users and executives, a 56Kbps (V.90) modem connection may be used, since analog facilities are generally available and modems are affordably implemented in today's laptop computers. We assume that a number of these users have ISDN BRI attachments in their homes and they use analog modems when traveling.

Our Proposal is to implement IBM's 2212 Access Utility at the Central Site in Houston. We propose connecting the 2212 to your service provider using two PRI ISDN connections. These will offer a total of 46 dial-in connections of either 56Kbps (analog) or 64 Kbps (ISDN). IBM's 2212 Access Utility is connected to these lines using two Digital Modem Adapters. These Adapters offer connectivity for both ISDN-based home users and traveling users using analog modems. In this way, the ISDN and analog modem users share the same pool of connections. This cost-effective solution will allow for the maximum usage of ports.

Normal router-to-router PPP connections can be initiated with these ports, and in frame relay failure situations, these 46 connections can be used for switched backup for the frame relay network. Similarly, subsidiaries can be connected to Houston using ISDN or analog modem connections.

At the smaller subsidiaries, we offer the IBM 2210 family of multiprotocol routers. These routers use the same software as the IBM 2212 Access Utility and offer identical functions and management capabilities in smaller hardware. The 2210 router can be configured for up to 12 WAN ports (max T1) or 4 WAN T1 ports combined with ISDN (PRI or 4 x BRI). IBM's 2210 supports RLAN with PRI ISDN adapters but does not offer Digital Modem Adapters. We consider combined ISDN and Analog Modem support to be an important function. For those subsidiaries where the number of users justifies 23 connections, we propose a smaller configuration of IBM's 2212 Access Utility.

The proposed solution, as priced, includes full software for Virtual Private Networking, an integrated predefined firewall and extensive routing software. For this reason, the equipment fulfills all of Powell Electrical Manufacturing's wide area communication needs, not just the RLAN server function. Virtual Private Networking can also be used for additional bandwidth or frame relay backup to connect Houston with subsidiaries.

Distributed local RLANs, VPNs as RLAN extensions and VPNs as backbones/backup require effective, centralized management. Our solution enables Policy Based Networking by offering LDAP clients for the central site and subsidiaries. By using Directory Enabled Networking for storing management policies of IKE/encryption, RSVP, Differentiated Services (DiffServ) and tunneling, the network can be managed from a central directory. When a VPN is used for mobile user support, the number of required VPN secure connections increases. Policies can also be used as firewall by specifying that all traffic not covered by policy will be dropped.

Key RLAN functions for the proposed solution include:

Virtual Connections and IP Protocol Spoofing - Virtual connections suspend and resume a physical dial-up connection. When combined with IP spoofing and applications that do not require a single continuous link (i.e. e-mail and web browsers), virtual connections save on line tariffs. Spoofing maintains the protocol connection by providing basic knowledge that a virtual connection exists. A virtual connection is initiated by the DIALs client that supports SPAP, and only the client has the ability to drop and resume the connection. When the physical link is down, any traffic destined for the client is discarded. The allocated IP address is used throughout the virtual suspension and resumption.

PPP Multilink Protocol - This feature allows more than one type of PPP circuit to be bundled into one virtual PPP circuit. By managing multiple independent links between two routers, the total bandwidth of one virtual PPP circuit comes close to the bandwidth of the member links. The type of PPP circuit used may be leased, ISDN dial-circuits, V.34 dial-circuits, V.25bis dial-circuits or Layer-2 tunneled circuits.

Microsoft Dial-Up Networking (DUN) Client Support - Extensions to MS-CHAP enable the 2212 Remote Access Servers to use additional authentication features available in MS DUN clients including authenticator controlled authentication retries and specific reason for failure. In addition, support for Microsoft PPP Encryption (MPPE) protocol and Callback Control Protocol (CBCP) are available.

Caller ID Authentication and Callback - This feature supports single-user call charge reversal for digital ISDN connections. When the user initiates a digital ISDN connection with the Callback feature, the remote access server rejects the original outgoing call and calls back the caller using the Caller ID. This should be used when billing originates from only one end of an ISDN connection or it can be used for added security. This function may be used by IBM DIALs clients for Windows 95, Windows 98, or OS/2, and for connections between 2210's, 2212's and 2216's. ISDN call blocking is also supported. Authentication servers, TACACS, TACACS+ and RADIUS can be used so that names and passwords don't have to be configured at each router. In addition, remote authentication protocols TACACS+ or RADIUS support authorization and accounting. The function allows unique authentication, authorization and accounting servers to be specified for all PPP connections to the 2212. Each server may also have a unique backup server.

DIALs Client:

IBM provides DIALs Clients for remote access users at no additional cost. The DIALs Server allows remote users to dial-in to a LAN and access the resources of the LAN as if they were locally attached with a LAN adapter. This facilitates full multiprotocol capability for RLAN users, including IPX. DIAls Client offers IBM's LLC2 interface for the application. This minimizes the changes in the application parameters when user travels daily between home office and the company office.

Proxy Dynamic Host Configuration Protocol (DHCP) allows for dynamic allocation of IP addresses from a pool located on a server assessable by the router.
Microsoft Point to Point Compression (MPPC) support for PPP link enables performance increases for low speed links.
SecureID to protect serial ports from unauthorized, dial-in access.
Dial-in address pooling to assign an IP address for a specific user for the duration of the session.

The IBM DIALs Dial-In Client runs on the remote workstation. Before using Dial-In Access, you need:

A workstation running IBM DIALs Client or another PPP dial-in client.
ISDN interfaces, modems or Digital Modem Adapter connected to the WAN ports of the 2212.

For DIALs clients using OS/2, Windows 95, Windows 98, Windows 3.11 and DIALs LLC, support for Windows NT is available on the 2212 Internet server. Microsoft Dial-Up Networking (DUN) Client support - Extensions to MS-CHAP enable the 2212 Remote Access Servers to use additional authentication features available in MS DUN clients. These include: - Authenticator controlled authentication retries.

In addition, support for Microsoft PPP Encryption (MPPE) protocol and for Callback Control Protocol (CBCP) is available. MPPE can be used to encrypt PPP connections with Microsoft DUN clients.

The Windows NT 4.0 Dial-Up Networking (DUN) facility does not directly support SNA/LLC. The DIALs LLC support for Windows NT supplements the existing Windows NT DUN facility by adding direct support for Microsoft's MSDLC and IBM's LLC2. The DIALs LLC support for Windows NT is not a new client nor does it replace the Windows NT DUN, but it provides a way of supplementing the existing Windows NT 4.0 DUN facility for limited SNA/LLC support.

Powell Electrical Manufacturing Co.

Proposal Pricing, US list prices


85H4664	IBM 2212 mod 40F with SW  $6400
85H4722	10/100 Eth PMC Adapter     $700	
85H8812	T1 24-Channel Digital 
        Modem adapt.              $6600
85H8812	T1 24-Channel Digital 
        Modem adapt.              $6600
---------------------------------------
Total System with Software       $20300

Cables:
Frame Relay:
60G3902 V.35 cable                 $100
Leased Internet Connection:
60G3902	V.35 cable                 $100
10/100 Ethernet:
41H9082	RJ-45 Category 5 Cable      $50
RLAN connections:
30L6571	Digital Modem T1 
        Cat 5 Cable                $100
30L6571	Digital Modem T1 
        Cat 5 Cable                $100
---------------------------------------
Total System 
including all cables             $20750

Network diagram

RELATED LINKS

Additional responses
Plus the original RFP and a sample RFP from The Gartner Group.

Review: VPNs
We test 15 products. Network World, 5/10/99.

Interactive VPN buyer's guide
Find a VPN that best matches your critieria.