M is a global-500 company with headquarter in US. They are the leading supplier of transgenic seed, fertilizer, and weed control. They have many distributors and resellers. In order to better support these partners, M decides to offer the Supply Chain Portal to these partners over the Internet.
Special Customer Requests:
When the remote users are non-employees, traditional VPN cannot meet the following special requests:
1. Access Control: Since all the partners are from different companies, it is important to make sure their connection to M's portal will not let them being able to access each other. That means an employee with Partner-A cannot access the PC of an employee with Partner-B.
2. Layered Management: Due to the large number of partners worldwide, M company decides to let their distributors to issue the portal-access privileges to their respective resellers. M just controls at the distributor level.
3. No Impact to partners' LAN: It is not acceptable if this solution requires each distributor's IT to change their firewall setting or install new hardware device to allow this to work.
The Unsuitable of the IPSEC-VPN:
1. All the remote users are connected to a virtual LAN as soon as they are logged in, no matter they belong to different companies.
2. The user accounts are managed on the VPN server. It is unacceptable to let all the distributors to access the main VPN.
3. If each distributor needs to install a VPN box, it requires a fixed public IP address for each of them.
The VNN Solution:
1. Let each distributor be the owner of a VNN Group. Each group can not access the other group.
2. The owner of a VNN group can create group users. These will be used by its resellers.
3. Each VNN group user will have a white list feature enabled with only the portal server as the member in the list. This will make sure that all the group users can access the portal server but they can not access each other.
In the following Figure, there are two groups. dist1.vnn and dist2.vnn. Each group has two users plus the portal server, user1.dist1.vnn and user2.dist1.vnn, user1.dist2.vnn and user2.dist2.vnn, servr.dist1.vnn and server.dist2.vnn.
The VNN Advantages:
From this case, we can see the following VNN advantages:
1. Access Control: VNN's group and white list can help to establish a two layered access control. That means, users of different groups can not access each other. Also, users within a group can be regulated to only access some others. For example, the distributor can allow a select sub-group(by white list) of users to access portal-server and all the group users can access the product document server.
2. Layered Management: Each distributor can create and manage users for its resellers.
3. VNN runs as a software without requiring fixed public IP address nor any router re-configuration.
4. For large number of distributors and resellers, VNN is a low cost solution comparing with VPN boxes.