In recent years, computers have become a commonplace part of life for large segments of society. Many businesses and institutions rely on vast internal networks to share data among geographically dispersed users within their organization. These networks are referred to as “enterprise networks.” Generally, an enterprise network is a geographically dispersed network under the jurisdiction of a single organization. It often includes several different types of local area networks (LANs) and computer systems from different vendors.
Typically, geographically dispersed users on enterprise LANs communicate with each other over wide area network (WAN) connections provided by one or more WAN service providers. The most common method of connection to a WAN is using digital telecommunication trunks; such as T1, T3, OC-1, etc. for North America and equivalent trunks for other countries.
Conventionally, a point of demarcation is provided at the connection between the enterprise network and the WAN to ensure safety and a clear separation of support responsibility by monitoring the health of the physical connection. In early systems, a channel service unit (CSU) provided the demarcation between voice centric enterprise and the WANs. In later systems, digital -service units (DSUs) were developed to provide the point of demarcation between data centric enterprise networks and the WANs. A typical DSU includes a WAN port, a high-speed data port, such as V.35, for communicating with enterprise LAN equipment and additional ports for supporting enterprise voice requirements.
As Frame Relay service started to proliferate, monitoring capabilities in the DSU were enhanced to support Service Level Agreements (SLAs) between the enterprise consumer and the service providers. With the IP protocol taking over most of the enterprise networks, DSUs are starting to support monitoring of higher layers, such as protocols and applications.
WAN expenditure has always been a major component of an enterprise budget. Information Technology (IT) managers are very sensitive of this issue and keep a tight control on the WAN bandwidth usage. Typically, an enterprise network acquires WAN bandwidth by contract with a service provider. For example, the enterprise network obtains a number of permanent virtual connections (PVCs) with appropriate service commitments (also called Service Level Agreements or SLA characteristics) which are necessary to meet enterprise needs.
With the recent information explosion, including the popularity of the Internet, the typical enterprise network carries data for both business and personal purposes. Most networks carry this mix of data indiscriminately. Unfortunately, mission critical applications for the enterprise may be compromised because less critical applications, e.g., personal web surfing, leave only a small portion of the contracted bandwidth unused at the time of a critical request.
A further issue with implementation of an enterprise network relates to control of the data and management of the network entity at the point of demarcation. In current systems, in which only physical or link layer SLAs are provided, the point of demarcation is typically controlled by the enterprise. However, some service providers are starting to take this network entity into their own network to manage their own network more effectively and to provide Internet protocol (IP) or application level SLAs for the enterprise, e.g., provide an SLA for providing SAP for the enterprise. Unfortunately, under this option, the service provider can obtain much confidential information transmitted over the enterprise network as network entities at the point of demarcation continue to increase the amount and type of monitoring functions performed.
Thus, conventionally, the enterprise is left with only two options when contracting with a service provider to carry data between enterprise LANs. First, the enterprise network may maintain the network entity at the point of demarcation within the control of the enterprise network to assure that its confidential information is not available to the service provider. Alternatively, the enterprise network may relinquish control of the network entity at the point of demarcation and allow the service provider to have complete access to all monitored information.
For the reasons stated above, and for other reasons stated below which will become apparent to those skilled in the art upon reading and understanding the present specification, there is a need in the art for improved management of network entities at the point of demarcation that allows the service provider and enterprise flexibility in creating the enterprise network.