GSA Region 8 sets up connectivity for remote users

GSA Region 8 sets up connectivity for remote users

Denver headquarters is studying methods of high-speed access and security before operations begin

By William Jackson

GCN Staff

The General Services Administration's Rocky Mountain Region is setting up virtual private networks for its telecommuting employees.

'We're looking at various solutions for high-speed access and security,'' said Tim Kramer, acting director of network services at Region 8 headquarters in Denver. He said the VPN scheme must balance cost, speed and security.

At the low end of the bandwidth scale is Integrated Services Digital Network, and 'if we could get 128 Kbps through ISDN, that would be workable,'' Kramer said. 'Then you have digital subscriber lines and cable modems, which are higher bandwidth.''

US West Inc. of Englewood, Colo., is assembling a VPN system for GSA that can accommodate ISDN, DSL and cable modem connections, as well as 56-Kbps dial-up analog modems. The nonbranded custom service uses off-the-shelf VPN products for which the telecommunications company provides Internet access.

VPNs make secure connections across public networks, such as the Internet, by authenticating users and encrypting data. Advantages of the Internet are that it is ubiquitous and inexpensive, but a disadvantage is that it is unmanaged.

VPNs have had mixed reviews primarily because of Net latency, said Bill Fahrenkrug, data application sales executive for US West.

By using the regional company's Internet service for VPN traffic, GSA hopes to reduce the number of router hops, sometimes avoiding Internet backbones completely to cut delays.

The pilot is part of GSA's promotion of telecommuting to reduce urban traffic congestion and pollution. Some VPN equipment was installed last summer, and the service will likely be available to the first GSA participants by early next year, Kramer said. 'We're making sure that when the bills come in for this, they make sense,'' Kramer said.

The potential rewards are large if the GSA pilot can extend to other agencies. The Denver area has 100,000 federal workers, the highest such concentration in the nation outside Washington.

Keeping it simple

The VPN service was designed to be simple for both the remote user and GSA, Fahrenkrug said. US West provides the connectivity and transport between IP Security protocol-based VPN devices. IPSec secures connections over the Internet via encryption at the packet level.

The Internet connection will be restricted to VPN traffic and will not be used for GSA's outbound traffic or e-mail.

'This is not hardware-dependent,'' Fahrenkrug said. 'We can use anything that uses IPSec.''

Because GSA Region 8 has equipment from Bay Networks Inc. of Santa Clara, Calif., now part of Northern Telecom Inc., initial installations use Bay equipment including the Contivity Extranet switch on the GSA LAN.

Contivity Extranet supports IPSec and X.509 certificates and can do Data Encryption Standard, Triple DES and RC4 encryption. It accommodates cable and DSL connections and incorporates the Fire Wall-1 firewall from Check Point Software Technologies Inc. of Redwood City, Calif. The Contivity client software runs under Microsoft Windows 9x or NT 4.0.

ISDN connections require a router at the remote end, and GSA will use a Bay Nautica remote ISDN router.

The type of connection a remote user will have depends on what is available over the troublesome last mile to the telecommuter's home.

DSL, the most popular service for the last mile, 'is a leading-edge technology that is not available everywhere,'' Fahrenkrug said.

US West expects half of the local loop connections will qualify for DSL service. ISDN, the second choice, has about a 90 percent qualification rate on the local loop.

Some telecommuters might get cable modem service, but 'they haven't had a lot of luck with that,'' Fahrenkrug said. 'Dial-up is the last resort.'' Analog dial-up connections require 56-Kbps modems at the remote and network ends.

US West will keep tabs on availability of services such as DSL so they can upgrade telecommuters to their preferred service when it becomes available.

The company has relationships with other Internet providers for local telephone access outside its region. Traffic within each local access and transport area will be concentrated on a hub for transport to the Internet point of presence. US West has three T3 Internet connections in the Denver area.

Once the nuts and bolts are worked out, the next step will be to see how successfully the GSA employees adapt to telecommuting.

'The technology is not that difficult,'' Fahrenkrug said. 'The real issue is the people.''

'To what extent it pans out remains to be seen,'' Kramer said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.