Seeing Through the Intranet Smoke

October saw an interesting on-line discussion held to synchronize with UNIX Expo, the New York-based open systems show. A panel of IS managers was holding forth on the wonders of the Internet, intranets, and how to set up a modern network for large corporations. Prompted by a question, 75% of the IS managers said they either already had or intended to implement an intranet in the next two years. What was much more telling was when another question asked for the IS managers’ definition of an intranet. With much humming and hawing, we received about ten different answers, few consistent, all with buzzwords embedded in them about "Web-centric networks", "firewalls", "information servers", and "a new computing paradigm". Finally, when one participant asked how an intranet differed from a local or wide area network, the obfuscation reached new heights, with not a single answer that clearly explained what an intranet is or does.

You’ve seen the intranet word on everything from magazine covers to glossy advertisements. It’s emblazoned on everything, and has become the buzzword of the year. What the heck is an intranet, anyway? Curiously, no-one seems to have defined it. There’s confusion between intranet and Internet, and the two are not the same thing. The Internet is, as you know, an internetwork (hence the name) of many thousands of networks all of which use a set of standardized protocols between themselves to allow transfer of information. An intranet, by most knowledgeable people’s definition (which seems to exclude most IS and marketing people), is simply a smaller version of the Internet used internally by a corporation or organization. It’s a wide area network, really, which is a way of connecting several local area networks together with a standardized protocol. Often the intranet is claimed to be one step further than a typical LAN or WAN in that it uses the World Wide Web to provide information for the corporation, much as the WWW is used across the Internet, but the basic architecture is a WAN or LAN.

So an intranet sounds much like the Internet. What’s the difference? Access. The Internet is essentially wide open. Anyone with an account on any one of the component networks and the proper access to TCP/IP protocols can use the Internet to reach anyone else or any other machine that is also on the Internet. An intranet is generally thought of as being corporate-wide, allowing access to users and machines on the corporate wide area network. There may be access to the Internet, but that’s an add-on. The intranet itself is just the wide area network. Indeed, it doesn’t have to be even a wide area network. A local area network of just a few workstations can be an intranet in the sense that it uses the TCP/IP protocols and WWW to disseminate information.

Why use the term intranet when network will do? The consensus among analysts seems to be that the distinction is the manner in which the network is implemented and set up. As with the Internet, most intranets use TCP/IP. Just as with the Internet, most intranets support services like Domain Name Service (DNS), File Transfer Protocol (FTP), and Hypertext Transfer Protocol (HTTP, the essential protocol underneath which the World Wide Web is constructed). So, an intranet can be thought of as a corporate-wide Internet, in the sense that there will be gateways between local area networks in the company, there may be Web servers providing company-wide network access to information, and the protocols supported are the same as the Internet. Often the security on an intranet is tighter than the Internet’s, but otherwise much is the same.

Who uses intranets these days? A lot of large corporations, organizations, and governmental bodies. Consider one of Canada’s largest telecommunications companies, Northern Telecom. They have many local area networks set up across North America. There are several in Ottawa and Kanata, more in Brampton, Vancouver, Montreal, Halifax, and many in the U.S. Each local area network can have thousands of machines, or just a few dozen, but they are all interlinked through a corporate high-speed network backbone, making talking between machines in Ottawa and Vancouver as simple as talking to the machine in the next cubicle. That’s an intranet. It’s also a standard WAN. There are gateways on each local area network that provide the connections between that network and the others, and there are literally hundreds of Web servers allowing access to documents from anywhere on the company’s wide area network (sorry, intranet).

The hype about intranets has a little bit of justification, but not much. The simple truth of the matter is that there’s no difference between what Northern Telecom had two years ago, before it was called an intranet, and what there is today now that it is dubbed an intranet. The terminology difference doesn’t matter in this case, as nothing was added. Sure, some software and hardware has been upgraded over the years, but there’s no underlying change in the structure or operation.

So the next time you get some manufacturer representative nattering on about intranets being the great marketing opportunity of the decade, put it in perspective. This isn’t something new you have to learn about, something you need new equipment for, or something that demands retraining. You’re dealing with a network, pure and simple, and anyone who tells you differently is trying the old trick of renaming something to get new life out of its market share.

Having said all that, there are some things VARs should know about the rise of popularity of the Internet and intranets. Two issues are paramount today: equipment to simplify the architecture, and software to button it up. An intranet is constructed exactly the same as any other network (wide and local), but in all probability it will use TCP/IP as the network protocol suite. This isn’t a problem, of course, because TCP/IP is the widest used network protocol in the world. There are TCP/IP protocol suites for every imaginable hardware platform. UNIX uses TCP/IP by default, and Windows NT and Windows 95 both include very good TCP/IP software as part of the basic system. The only commonly-used machines that require add-on third party software to use TCP/IP are Windows 3.X and Macintosh, and there are literally dozens of software packages for each platform.

Wiring on an intranet is exactly the same as a normal network, too. In some cases, larger companies are moving up to high-speed networks such as Fast Ethernet and 100VG AnyLAN, both of which promise almost 100Mbps transfer rates. This is considerably faster than the existing Ethernet networks which run at a theoretical maximum of 10Mbps, but often reach only one quarter of that. Whichever network is used, the same cabling is involved, there can be hubs (intelligent or non-intelligent) to plug in workstations to, and there is the option of the old standby, BNC connectors. An intranet is wired exactly the same way as a network in all respects, even down to the cross-connections between two local area networks, where bridges or routers are used to provide cross-network data transfers.

The popularity of the intranet, often with it’s WWW focus, means that networks can expect a lot of traffic. Most users don’t realize that HTTP (the protocol used for all WWW actions) requires a lot of bandwidth, and the popularity of the WWW has caused the Internet to start pushing its limits (although there’s no danger of running out of bandwidth, at least for a while).

As a VAR you have to factor in the amount of traffic an intranet will generate. That’s pretty easy to do by counting the number of stations on the network, the number of WWW servers (each machine on the network could be a server), and then deciding if the bandwidth will cause problems. For example, if there are 1,000 workstations on a standard Ethernet network, you can expect bandwidth problems whether or not the WWW is used. There’s no real rule of thumb available at the moment, but the general consensus seems to be that a standard 10Mbps network will support 100 network workstations with moderate WWW and network activity. That means many larger networks, such as those in corporations and governments, will need to be set up as a number of smaller local area networks connected together by routers or bridges.

Luckily, few VARs are actually involved in the design and setting up of an intranet. Often, you’re called in to a location that has existing networks and machinery and asked to either help convert it to support better use of the WWW internally, as well as provide better security features for the network. If there’s an existing bandwidth problem on the network, there’s really no magical solution to solve it. Often, new high-speed network hardware is the only way to go. That’s expensive, and generally is not accepted by customers who are looking for a magic wand type solution.

On the security side, there’s a lot you can do, and all of it well within your abilities as a VAR. Since security is a major issue for both the intranet and the Internet, we’ll take a look at security in a little more detail.

There are two types of security on an intranet: access and data. Access security means limiting access to a Web page, for example, to only those users who are allowed, and rejecting all unauthorized access attempts. Data security means protecting your data itself so that if someone does gain unauthorized access, the data is meaningless for them. The latter type of security is the easiest to deal with, as it almost always involves encryption.

Data encryption has been available for years, and there are many methods of encrypting data. With most approaches, a password is used as a key to scramble the data contents. Only someone else with the same password can decrypt the data to its original form. To anyone else, it’s just a meaningless jumble. There are more complex systems involving public and private keys which allow you to encrypt data yet let many people gain access without having your secret private key, such as the widely used PGP (Pretty Good Privacy) system and the RSA system. Public domain and commercial packages are available for both systems, and all a user has to do is encrypt sensitive data with a private password and trust the system to be very difficult to break.

The downside of encryption methods is that it takes time, and requires tracking passwords. This isn’t a major issue when the data is really sensitive, as the trade-off is well worth the effort. For marginal data, though, many people won’t bother encrypting as it is time-consuming. Unfortunately, human nature is difficult to override and most users will simply hope for the best.

Some systems, such as Nortel’s Entrust, work in a slightly different way. Entrust handles encryption and authentication methods over the network, providing a complete solution that is easy to track and use. By automating much of the encryption process, system managers can enforce encryption without having to rely on users as much. A complex algorithm is used by Entrust (and most other encryption systems) to provide digital signatures that are unique to an individual, ensure the integrity of the data, and eliminate errors in decryption. Systems such as Entrust are fast enough that time is not a factor for users.

Other security approaches are available through packages like TimeStep’s Permit system, which offers network-wide security enforcement systems both internal and external to the network. Through the use of Permit a company can establish security procedures for tasks such as dial-in access, communications with the Internet, and encrypting local data.

Security specifically for Web access (both internal and external) can be provided through a number of software packages. Haystack Labs’ WebStalker, for example, offers automated Web access security that can identify and disconnect unauthorized intruders. Tools like WebStalker have to be set up only once, then can monitor Web access non-stop until the security configuration is changed. Since the World Wide Web is one of the most exploited security holes on the Internet and through dial-up access to an intranet, tools like WebStalker are almost a mandatory part of the network setup.

A final issue for many companies setting up an intranet is how to manage Web servers. With some operating systems like UNIX, setting up Web servers requires a very high knowledge level of the operating system and TCP/IP. With the popularity of the Web, tools to provide these services are becoming more readily available. The last year has seen Windows NT become the dominant Web server on intranets, in part due to the inclusion of a Web server called the Internet Information Service as part of Windows NT 4’s basic operating system. Still, Microsoft’s Internet Information Service is not a full-featured Web system, so there’s a healthy market for alternate Web servers for Windows NT, Windows 95, Macintosh and UNIX systems.

At last count, there were over two dozen Web server packages available for purchase. These Web server packages don’t just include the server component, but also automated security and access systems, tracking utilities, and usually a set of Web home page generation and layout tools. Two popular packages are Luckman’s Web Commander and O’Reilly’s Web Professional. Both have a full suite of GUI-driven tools and can let companies set up a compete Web site from scratch in a matter of days. Once set up, both Web Commander and Web Professional let administrators set access rights and then monitor the server. These systems work extremely well for intranets, and can also be used to set up Internet sites (although Windows NT Server may not be able to keep up with very heavy loads).

The intranet is not something to get worked up about for VARs. It’s not new technology, it’s not new hardware or software, it’s really just a marriage between the old, traditional local and wide area network and TCP/IP tools like the World Wide Web. Hardware and software manufacturers continue to crank out dozens of press releases and announcements each week about "the intranet gold rush" and "the intranet opportunity". Take it all in stride, recognize the tools for what they are (either network hardware devices or software tools), and know how they fit in the existing network structure. And the next time some IS manager starts ranting on about their intranet strategy and how they need the latest intranet widgets, you can smile to yourself knowing you’ve seen through the smoke and mirrors.

Turn-key Intranet and Internet Servers

There are two popular approaches to implementing intranet and Internet servers: use existing or newly purchased equipment, purchase Internet server suite software, and roll-your own server; or plug in one of the new pre-loaded and pre-configured Internet servers that are appearing on the market. The latter has become a very competitive market segment, with new devices appearing almost every week.

There are plug-and-play servers from dozens of companies, including big players like Sun, IBM and Apple. What do you get with these all-in-one boxes? If you already have a connection established to the Internet, or a port available on an intranet, the vendors all claim installation is as simple as plugging the box in and customizing the Web page content. There’s lot more to it than that, though. Customers need to determine exactly what each plug-in box consists of, as the software and support services preloaded on many of the machines are not enough for large corporations or all required services. A quick checklist should help: make sure there is a Web server, an FTP server, Domain Name Service support, and an SMTP and Post Office Protocol 3 (SMTP/POP3) system at a bare minimum, as those are the most often used services. WAN support is necessary for most intranets, and very few vendors offer this as part of the basic package.

The Web support system should include HTML authoring and publishing, graphics layout, database integration, and support tools to handle all the Web page requirements. For some companies, support for WAIS, Gopher, and Telnet will also be important. The key is to not assume that an all-in-one plug-and-go system is as complete as most vendors want you to believe: almost all of the systems on the market are lacking one or more key ingredients.