16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Virtual Enterprise Networks: The Next Generation of Secure Enterprise Networking

Germano Caronni, Sandeep Kumar, Christoph Schuba & Glenn Scott
Sun Microsystems Laboratories

We present a vision of computing environments in which enterprise networks are built using untrusted public infrastructures. The vision allows for networks to dynamically change depending on the need of their users, rather than forcing the users to build organizations around networks. This vision is realized through a design abstraction called "Virtual Enterprise Networking", or short "Supernetworking". A first prototype of such a Supernet has been implemented on Linux.

Supernetworking introduces a new layer of abstraction in a layered model of computer networking. The Supernet layer sits directly above the network layer and includes its own addressing structure and security services which protect all data transmitted by the network layer.

A key component of a Supernet is communications tunneling. Instead of the traditional two endpoints, our tunnels have as many endpoints as there are computers participating in a Supernet. While tunneling has been repeatedly used to implement infrastructure services such as multicasting, virtual private networks, and support for mobility, we distill these technologies into a single, simple abstraction.

This new abstraction enables the ability to out-source network infrastructure services in a transparent and secure manner, mobility, and the creation and administration of secure ad-hoc virtual computer networks.

Read Paper Read Paper (in PDF)