Mobile VPN for the Field
By Peter Ferenczi
WHEN THE SWEDISH POST MODERNIZED ITS PACKAGE TRACKING SERVICE, IT DISCOVERED THE IMPORTANCE OF A FLEXIBLE MOBILE VPN.
Sweden is almost exactly the same size as California, but its entire population is less than that of Los Angeles County. The Swedish Post delivers to every Swede across that often sparsely populated landscape, which meant that when the Post's package delivery went wireless, continuous connectivity wasn't a problem: it was an impossibility.
A solution from mobile VPN provider Columbitech has proven essential to hiding that tortured wireless reality from delivery personnel, who use the system heedless of their connection status at any given moment. "We were not looking for a VPN solution," says Soren Jakobsson of the Swedish Post I.T. group. "We needed some sort of application that could handle roaming seamlessly between different types of connectivity."
The Post found that functionality in Columbitech's Mobile VPN product, and of course, it secures the connection as well.
Before the upgrade, the Post's delivery staff used a mix of paper-based record keeping and off-line mobile computing. "You would login in the morning, then you went out and delivered packages, and when you came back you synchronized the information that had built up in the handheld over the whole day," says Jakobsson. Mixed in was a certain amount of paperwork that drivers had to maintain on the road and then file properly at the end of the day.
Besides administrative overhead, this system hindered the Post's track and trace service, with results sometimes taking a whole day to deliver to customers, thanks in part to the staleness of data in the offline system. "Our customers needed more information quicker about where their packages were and when they were going to be delivered," says Jakobsson.
From Paper Lists to Wireless Links
The Post deployed Intermec 761 handhelds running Windows Mobile 2003. The devices are considered suitable for "harsh environments" by Intermec, a good thing in a country where mean temperatures in the capital are sub-freezing for 120 days of the year. The 761 packs WiFi and cellular radios (and supports wired Ethernet), but it was clear from the start that connectivity would be an issue.
"We're a large country with large parts that don't have any connectivity at all," says Jakobsson. "Therefore, you need the application to work whether you're online or offline, and if you're offline, the user shouldn't notice it. He shouldn't have to consider, 'Do I have GSM here?' " The solution also needed to smoothly navigate degrees of connectivity. "You have to roam between different types of carriers with low and high bandwidths," says Jakobsson.
Mobile VPN: More Than Security
According to Forrester analyst Chris Silva, there are three defining elements of a mobile VPN. "It needs to be transparent to the user. It needs to be persistent. And, in the best case, it needs to [perform] some kind of data flow optimization, so that the user has a transparent, persistent connection that feels as though there's relative parity of speed as you hop from one network to another."
It was, in fact, these elements and not security that led Swedish Post to Columbitech. Traditional VPN design, implemented based on IPSec, is grounded in a landline mentality, although a number of mobile VPN providers have adapted IPSec to be suitable for wireless roaming use. SSL-based VPNs, the most prevalent alternative to IPSec-based options, are also making inroads into the mobile space.
Columbitech's solution offers a twist on the typical SSL implementation. It's based on software running at the session OSI level, with no involvement of the application layer, making it transparent to applications (many SSL-based VPNs depend on application-level functionality, typically a Web browser). This means applications "just work," as if there were no VPN.
Columbitech claims the session-level architecture is more effective in meeting demands for smoothly persistent sessions for mobile users. When a wireless connection drops, the session is kept alive until connectivity can be re-established. Another feature of the sessionlevel design is that flow control is flexible and can be managed separately for the wireless and wired stages of the communication path. According to Columbitech, this translates into improved stability when wireless bandwidth fluctuates or networks are switched.
All of this functionality was important to Swedish Post. "We saw the encryption function as a bonus for us," says Jakobsson. Columbitech's encryption technology is unusual; it employs Wireless Transport Layer Security (WTLS), the same security protocol used to protect WAP mobile phone transactions. Based on the Transport Layer Security (TLS) Internet standard, WTLS is optimized for the low and variable bandwidths typical of wireless links and the restricted processing and memory capacities of mobile devices. "It's a great way to take advantage of a standards-based TLS-type authentication mechanism," says Forrester's Silva. "That's a good feature to have."
According to Jakobsson, the wireless handheld rollout's main benefit is streamlining derived from the digitization of data that was once clumsily handled with paper forms. "That is our big payoff on the investment in this project," he says. "We gain 15 minutes to 20 minutes per driver per day." He adds that since the Post's business is expanding, the time savings allows the existing delivery force to handle the increasing package load.
Of course this efficiency depends on the VPN remaining relatively transparent to drivers. "[The VPN] doesn't add anything to think about for the users," says Jakobsson. "They work with the handheld application and the packages, and how the information is synched in the background over GSM or whatever doesn't matter to them."
Postage Paid The Post also reaps an important customer service benefit. With the new system, packages are scanned at both pick-up and delivery, with signatures captured directly on the handheld screen. The location data and signature are sent wirelessly to the Post's servers and become accessible to customers via the Post's Web site. Making that track-and-trace information available in real time was a primary goal of the deployment, says Jakobsson. Its success depended on the handheld's wireless link and its management by Columbitech's VPN.
Part of getting the deployment right involved integrating the Columbitech solution with Swedish Post's existing systems. "Of course we had problems during the deployment, but we worked closely with Columbitech. It was a good experience," says Jakobsson.
"This project is the first step in a long journey for Swedish Post," he says. "We're thinking about using Columbitech for other devices [such as] laptops and PDAs. The mobile platform we have today is for our field personnel that have to deliver packages, but even the sales force needs to work wirelessly. We can see this solution could be good for their needs."
Although a VPN's security wasn't the Post's primary reason for deploying the Columbitech solution, Jakobsson recognizes its importance going forward. "In the future, when we develop some new functions and applications, we'll probably need VPN encryption," he says, citing payments as a possible security-sensitive usage. "We are very satisfied right now with the product." //