Just like home from: anywhere they travel

As Internet roaming technology improves, more service providers are able to offer their customers access to the World Wide Web

At first blush, the phrase "Internet roaming" conjures up images of a traveler's utopia, one where users communicate freely using the World Wide Web from anywhere in the world at any time. Today, it has become a necessity for corporate employees to remotely access corporate files, e-mail and the Internet while out of the office. Certainly, accessing files over the Internet represents huge cost savings compared with faxing or overnight couriers.

Considering that charges for accessing "home" ISP servers - say, from a foreign hotel room - can cost as much as several hundred dollars per hour, it obviously is worth an organization's while to develop relationships with Internet roaming service providers. Service providers have had great success selling Internet and virtual private network (VPN) customers connections to the Web by specializing in Internet roaming offerings.

And while such service offerings appear to be "no-brainers" to home or small business PC users, who have come to expect as many free or low-cost services as possible, telecom managers at Fortune 1000 companies know that making Internet roaming a cost-effective proposition is not necessarily an easy matter.

Concentric Network, for one, has emerged as a leading e-business solutions provider, specializing in easy-to-use Internet networking solutions for small and medium-sized businesses, including high-speed dedicated and DSL access, Web hosting and e-commerce services and customized VPN solutions. The provider faces two major issues regarding Internet roaming: reliability of individual user authentication and reliability of the system and point of presence (POP).

User authentication is important because "an end user needs to have the same experience as when dialing into the mother network," says Jan Sysmans, product manager of international services for Concentric. "It shouldn't matter whether they're dialing into a POP in Germany or the U.S. - it should be the same process, the same interface, the same experience, every time."

Second, the overall reliability of the system and the POP the user dials into are critical because "the chances of not being authenticated should be minimized," says Sysmans.

Customers who use roaming services to access the Internet want to be assured that their access method is easy to use, supports multiple types of modems, transmits data at the highest possible speed and provides them with secure access to the Internet or their corporate data, says a spokesman for PSINet.

"PSINet has set up local authentication databases in many regions throughout the world, but not all PSINet customers are enabled for Internet roaming," the spokesman says, adding that "PSINet users also have the choice of which regions they require roaming to. This architecture requires PSINet to propagate any additions or updates to a user's account to the region or regions to which the user is enabled to roam."

Internet roaming is an extremely important service to the Internet access market because companies of all sizes use remote access services to ensure that their employees can remain connected to the Internet when traveling outside the office. Thus, Internet roaming technology developers are doing their best to help make Internet access as painless as possible for business users and ISPs. Solutions providers such as iPass and GRIC Communications are working to provide the cheapest, fastest and easiest access to the Internet.

How it works

In some cases, Internet roaming is relatively easy for users to execute. Priority No. 1 for Internet roaming providers is to establish affiliations with top-tier ISPs that agree to sell their POPs (through bilateral agreements) for use to subscribers of other ISPs in the alliance. The second step is for the Internet roaming provider to enable subscribers of its affiliate ISPs to be authenticated as valid users.

This is accomplished by installing a modified Radius server at each alliance member's site. This server authenticates the roaming user and generates the accounting records of the roaming user's activities. The Internet roaming provider then collects these accounting records and feeds them into a settlement system so all ISPs involved in the transaction can be properly invoiced.

In the case of iPass, remote subscribers dial into a local iPass access point through an iPass network provider, one of a network of ISPs around the world (Figure 1). iPass securely routes the user authentication request to the ISP's server for authorization and then monitors and bills for service used, says senior product manager Rich Mironov. The server at the iPass network provider encrypts the user name and password and forwards it to an iPass transaction center. The center then routes the encrypted user information to the ISP's authentication server, which then sends back a "yes" or "no" authorization response to the iPass network provider. After receiving authorization, the iPass network provider connects the user to the Internet.

iPass' product offerings are "incredibly attractive to modern global businesses worldwide," says Jeff Leveroni, director of information technology at leading "e-store" front-end software developer Intershop Communications, which is an iPass customer. "They are integrating several technologies to provide their one-stop service."

iPass' global dialer, iPassConnect, offers features that simplify the dial-in for remote users. The dialer's phone book is constantly updated, and new information is transmitted to the remote user each time he connects. iPass maintains up-to-the-minute information on the entire global network. If outages or technical difficulties occur anywhere in the network, the phone book ensures that users will automatically be directed to working numbers. Users never have to decide which numbers to try or guess which ones will work. And the dialer can be configured to dial without user input until a successful connection is made, Mironov says.

GRIC's Internet roaming service works in a similar manner. A GRIC-affiliated ISP subscriber, or "alliance member," that wants to access the Internet uses GRIC's Internet roaming dialer software, called GRICdial (Figure 2). GRICdial contains a listing of valid POPs in the GRIC network. The user selects a country, city or state in the dialer, and a list of available POPs is presented. The user selects a POP closest to his location, enters a user name and password, and the software dials the POP.

>From there, the local GRIC alliance ISP receives a request for Internet >access. The local ISP does not recognize the user as a local user and >forwards the request to the GRIC Radius server. The server starts the >authentication process, which involves locating the "home" ISP to validate >the user. Once the home ISP validates the end user, it sends an >acknowledgment to the local ISP to grant that user Internet access.

GRIC lays claim to a convergence services platform that enables an ISP to offer multiple IP-based products and services such as voice over IP, fax over IP and e-commerce, allowing subscribers to access multiple IP-based services using the same user name and password.

Concentric's Sysmans describes the GRIC dialer as "a phone book that is dynamically updated every time you dial in."

"Every time you log in, you get the latest information on POPs, so you can simply select a country, then a city," Sysmans says. "This brings up a window where you enter your I.D. and password. There's quite a bit happening on the back end that the user never sees."

While GRIC offers one price around the world, with access to 3000 POPs in 81 countries, iPass offers different pricing schedules, which makes it very difficult to make cost comparisons, Sysmans says.

Carrier options

International Internet roaming seems to be a growing service option. iPass claims more than 650 partners worldwide, including many of the largest domestic and international ISPs: PSINet, Deutsche Telekom, France Telecom, VSNL (India) and many others.

While some ISPs or telcos have arrangements with providers in their regions to share POPs, they typically do not offer worldwide Internet roaming. So those ISPs that do not have a global POP network often borrow POPs from more established service providers. For example, many newer ISPs use Sprint or UUNet POPs and backbone to provide their Internet roaming services.

Winstar Communications cites several advantages to Internet roaming, especially as a complementary service to high-speed access in general. "As the Internet market matures, customers will procure as many of their Internet services from a single vendor rather than deal with multiple sources," says Roger Pilc, vice president and general manager of Internet and hosting services at Winstar. "Customers will want to procure all of their communications services including local, long-distance, Internet access, roaming and Web hosting - from a single service provider, which is something Winstar says it can do today."

In fact, Winstar launched a global Internet roaming service in April 1999 using GRIC, which provides Winstar dial-up customers with worldwide access to the Internet via local connections in more than 140 countries.

The new national and international roaming service provides secure, cost-effective access to the Internet or corporate intranets from more than 4000 local POPs worldwide.

PSINet does not use co-location agreements and POP sharing to provide remote access services. The service provider offers remote access through its own POPs and has a partnership with iPass to provide additional coverage throughout the U.S. and the rest of the world. PSINet provides access to approximately 430 private peering arrangements in the U.S., and more than 60 internationally. And although PSINet selected iPass for Internet roaming because of its extensive worldwide coverage and competitive pricing, PSINet has offered remote access on its own PSINet network since 1994.

Although international traffic is a relatively small portion of its business, Concentric offers an international capability through its secure remote access product, which uses "shims" - software that resides on a user's laptop that talks to an encryption box at customer's headquarters and establishes a firewall.

Concentric has used both GRIC and iPass alliances, even though each uses different protocols, Sysmans says. Concentric is, in general, "pretty happy with GRIC. We had to install a GRIC authentication server GRIC's network in order to interface within our authentication server," he says.

"We don't co-locate any service for GRIC or any other GRIC alliance members; we just use the authentication server from GRIC," Sysmans adds. Regarding POP sharing, when other GRIC alliance members' users come to the U.S., they have the option of using Concentric's nationwide dial network. In effect, people from all over the world are using the Concentric network, he says. Being part of the GRIC alliance not only gives Concentric customers global roaming capabilities, it also gives Concentric better name recognition worldwide, Sysmans says.

In general, becoming part of an Internet roaming alliance doesn't involve much in the way of new technologies or major adjustments, says Ken Stasi, director of business and channel development at GRIC. Most ISPs already are using a Radius server and can easily proxy Internet roaming requests to the Internet roaming server/network, Stasi says. Costs associated with becoming part of an Internet roaming alliance are minimal and include the cost of the server hardware, server software and any additional network access equipment if needed, he says.

Additional servers were installed on PSINet's network to handle authentication requests originating from a remote access server on the iPass or GRIC network, which in turn forwards the request to a PSINet Radius server, a PSINet spokesman says. PSINet Global Roaming requires a database that controls users who are enabled for Internet roaming and ensures that any additions or updates are distributed to the necessary region or regions in which the user is enabled to roam.

Billing and business issues

While there appear to be relatively few major technical issues for Internet roaming, ISP concerns include integration and customer billing, or "clearinghouse" issues, plus pricing and promotion. For user organizations, issues include security, scalability and cost.

General technical issues surrounding Internet roaming include establishing reliable and accessible authentication servers in different strategic locations worldwide; providing top-notch customer service; designing solid integration mechanism with various VPN vendors; developing authentication software for different platforms at the same time; and constantly improving phone books and establishing automatic updates to clients, says Intershop's Leveroni.

Business issues include signing up as many ISPs as possible worldwide; forming strategic alliances with primary VPN vendors; providing integrated software and services; creating and facilitating attractive corporate solutions based on Internet roaming and VPN services; and continuously growing and developing systems integration and reseller channels, Leveroni says.

At iPass, billing is handled by the company's clearinghouse and network integration technologies and services. Security is assured by corporate VPN firewalls through which business users must pass prior to logging onto the iPass network. iPass works with Cisco Systems, Nortel Networks, Checkpoint, Novell and others on firewall and security issues, Mironov says.

Typically, users log onto the network access server with a full user name, which includes domain name and password. Once the authentication request has been passed to the Internet roaming server, stronger security approaches such as secure sockets layer (SSL) are used to secure communications between Internet roaming servers. iPass uses SSL to transfer user information from the POP to the authentication server and back. Other VPN-related security protocols such as PPTP, IPSec or L2TP can be implemented to connect users to the corporate WAN. The Internet roaming provider thus can bill via Radius accounting records generated for each user account at the local ISP.

GRIC uses one of its servers to collect accounting records from ISPs in the GRIC alliance to provide settlement services and properly bill each ISP involved in the transaction, Stasi says.

Future perfect

Once service providers have mastered the basic art of Internet roaming, how will they offer it for advanced services such as DSL and other broadband technologies?

iPass is in the process of developing high-bandwidth services as part of its global offering. iPass has been offering ISDN roaming "for more than a year now," says Intershop's Leveroni.

Meanwhile, these technologies "are obviously the next logical access mechanism where roaming will be in high demand" and GRIC "will probably see wireless Internet roaming first, followed by DSL roaming, GRIC's Stasi says.

But doesn't the end-user's desire for "cheaper, faster and easier" eventually conflict with the profitability goals of a telco? iPass' Mironov claims to resolve this apparent conflict: "ISPs can increase their appeal to customers through an enhanced value proposition, one that offers reliable global coverage at a cost far below what businesses could achieve with an in-house solution. Users (ISP or corporate) get a robust, secure, simple, reliable solution to their global roaming needs."

Users do prefer Internet roaming to be offered by their home ISP "but are willing to sign up with another provider who offers worldwide Internet access if that provider can offer better access backed by quality of service, Stasi says.

"There will always be end users who sign up with multiple ISPs to get the cheapest, fastest and easiest access without encountering busy signals or dropped connections," Stasi says. "But others are content to stick with one provider that enables worldwide access backed by superior customer service and support."

Although GRIC considers itself and iPass to be the only true Internet roaming vendors, iPass includes GTE and MCI WorldCom as major players.

Internet roaming runs counter to telecom providers' profitability goals to some extent, Leveroni says. "That's why traditional ISPs are hurt so badly nowadays and have to look for other markets in order to make money," he says. "However, Internet roaming solutions surely must be attractive to ISPs: They allow them to make pure profit without investing anything into additional marketing campaigns. All they need to ensure is the quality of their POPs."

As such, marketing the Internet roaming service becomes supremely important, iPass's Mironov says. "The iPass network is customarily marketed by ISPs as a `value-added' service to their customers," he says. Touted benefits include reliable, redundant global coverage, the simplest possible user interface and a cost savings over an in-house roaming solution. ISPs typically market a new service such as Internet roaming directly to their subscriber base through e-mail communication, direct mail promotions and Web advertising, Mironov says.

And, as GRIC's Stasi points out, free Internet access may appeal to residential Internet users, who will put up with annoying advertising banners, busy signals or dropped connections. However, business travelers absolutely need to access a high-quality Internet service to send and receive e-mail or gain access to an application on the corporate intranet. Those are the customers who will pay accordingly for quality worldwide Internet access.

"Right now, organizations are enjoying tremendous savings by using paid Internet roaming services," Leveroni says. "For example, we've saved more than 75% off our remote access total cost of ownership for the first year of usage by introducing iPass."

"At the same time," he adds, "I do not see a lot of other moneymaking opportunities for companies like iPass besides corporate [Internet roaming] services. So it would be really hard, if not impossible, for [Internet roaming] vendors to switch to the `free-ISP' mode."

Indeed, Internet roaming may be entering the realm of "taken-for-granted" services. But because such services should ultimately remain transparent to the end user anyway, that may be an inevitable evolution.