Real private networks: virtual routers are a starting point for Cybera to offer enhanced security services - Technologies Work

Don't tell Cybera this is a tough time to be stepping into the service provider business. Since starting operations in mid-2001, Cybera already has 1200 customer connections and is bringing on new locations at a rate of about 150 a month. In fact, this month the company expects to do better--much better--adding 300 new customer connections.

"We expect to be over 5000 lines by mid-2003," predicts Cliff Duffey, president, CEO and co-founder of Cybera, a Nashville, Tenn., start-up. "We've built this company on a very small capex/opex budget and are already turning a strong gross profit that's growing each month. So we know we've got a profitable business model and we expect to show a true net profit in the first half of 2003."

Cybera offers what it calls private network services as well as secure Internet access. All customer locations, including off-net sites and dial users, are interconnected securely via Cybera's private network services. The key enabler is CoSine Communications' IPSX service delivery switch, which in addition to supporting VRs (virtual routers) also provides value-added services such as firewalls, NAT (network address translation) and protection from DOS (denial of service) attacks.

Cybera's founders first got comfortable with a network-based VPN model when prior to starting up Cybera they worked together at BlueStar Communications, another Nashville company that had about 13,000 DSL lines at the time it was bought by Covad in September 2000. At the time of its acquisition, about one-third of the DSL lines were being used to tie together customer sites in a private network by terminating the PVCs (permanent virtual circuits) from customer locations into a CoSine box, which in essence became the hub of the private network.

It is this model Cybera has adopted, with the difference that, unlike BlueStar, Cybera is access technology agnostic. "We realized that if we could virtualize the premises equipment and build it into our network, we could offer a much better service overall with more flexibility, while saving customers a lot of capital cost because they wouldn't have to buy complex router and firewall equipment," Duffey says.

In addition to Covad, Cybera works with a variety of service providers such as AT&T, BellSouth, Qwest and WorldCom and can offer customers a variety of connectivity options such as ADSL/SHDSL, private line, frame relay and Ethernet. Duffey says that using different connectivity schemes doesn't present a problem for Cybera because it has developed its own 055, which does the engineering of each circuit, regardless of its type, and handles order placement with different service provider partners. "We don't have to have a large staff of engineers and network support people to handle orders for services, which is why as a company of only 17 people we're able to serve hundreds of locations," Duffey says.

Although initially Cybera targeted the SMB space, it is also turning its attention to retail chains that might have hundreds of sites using dial-up lines for credit card verification. "Very often we can offer these customers ADSL access to a private network almost as cheaply as what they're paying for the business lines they're using for their dial modems," Duffey says. Cybera, according to Duffey, has also been talking with a large hotel chain that currently uses a VSAT-based network for its reservation system but is interested in rolling out SAP and PeopleSoft applications to each of its hotels. "We could give them broadband connectivity for all their internal applications for less than what they're paying for the VSAT network," Duffey says.

By terminating all customer connections-whether these be PVCs or VLANs (virtual LANs)--at a VR in the CoSine switch, Cybera is able to provide full connectivity between all sites while requiring only a single physical (TI/T3) or logical (Frame Relay/ATM/Ethernet) link from each customer site to the VR. Further, because hundreds and even thousands of VRs can reside within a single physical router, the VRs can be used to keep separate the network traffic of the customer's different business units. This can be clone by dedicating a VR to each business unit and establishing rules on how the VRs communicate with each other for inter-departmental connectivity. "With traditional routers it would be very complicated to set up the filters and policies to do this," notes Duffey.

This same model could be used by a company for communicating with business partners or by an ASP to provide services securely to its customers. "If an ASP has a customer with, say, 10 locations, each of those locations could connect to a VR with the ASP connecting to a separate VR. We would then define how the ASP's VR talks to the customer's VR. This way no customer could see the other customers yet all could see the ASP," Duffey says.

Along with its VR-based private network services, Cybera also provides network-enabled firewall, NAT and IPSec tunnel termination to give subscribers secure access to the Internet. The clear advantage here is that customer with multiple locations don't need to install a firewall at each site; instead they use a central firewall that is monitored and managed by Cybera. Moreover, a remote site, rather than using one port for Internet access and a second for a private network, could instead send all traffic via an IPSec tunnel to the CoSine switch and thus take advantage of the firewall within the switch as a secure gateway to the Internet. Cybera claims it can offer a basic firewall service, which includes NAT and IPSec tunnel termination, at a price that's about one-fifth of competing managed firewall services.

Using a Cybera's firewall does not, however, preclude use of other firewalls. Duffey points out that a company might have a firewall in place to protect its servers yet still use Cybera's firewall to enable its employees to surf the Web. Cybera also claims to have had some interest from companies for Cybera to provide an advanced stateful firewall and proxy firewall functions directly from the CoSine switch. Additionally, some government customers are particularly interested in having Cybera offer a proxy firewall combined with the DOS shield feature that is supported by the CoSine switch. By preventing malicious packets from reaching the subscriber's VR, the DOS shield ensures that the subscriber's routers and servers don't crash and that the access link stays up.

Interestingly, all of Cybera's customers are currently being served from a single POP in Atlanta where the CoSine switch resides. "We've got more lines in California than in any other state. So if we had a facility in California we could get a little better price by terminating the circuits in California," admits Duffey. But he notes the company does plan to a launch additional facilities in the first half of 2003 and link them via a private IP backbone. Even so, Duffey doesn't see Cybera growing to more than about 30 employees in Q1 2003.

Sam Masud, senior technology editor smasud@telecommagazine.com

COPYRIGHT 2002 Horizon House Publications, Inc.
COPYRIGHT 2003 Gale Group