The Virtual Enterprise Network Based on Ipsec Vpn Solutions and Management Abstract—informational Society Construction Can't Be Realized without Research and Investment Projects in Information and Communication Technologies (ict). in the 21st Century, All Enterprises Have a Local Area Network, a Vir

I. INTRODUCTION Under the concept of a global economy, enterprises are assigning design and production environments around the world in different areas. The requirement for highly reliable and available services has been continuously increasing in many domains for the last decade [1]. The optimization of product benefit must be the focus of all network activities [2]. The work comprises components for integration of information systems, visualization of the planning and production situation, communication to enable cooperative decision making under uncertainty, optimization of plans and simulation of the decisions, network diagnostics and performance monitoring among others [3]. This involves a number of challenges such as providing members access to network-wide real time information, enable visualization of the available information, secure the interaction between advanced information and communication technologies (ICT) based decision support tools and human decision making, creating a coordinated and collaborative environment [2] for planning and decision making. The implementation phase in ICT system is done by doing several socialization activities such as training, hands-on workshop, coaching or even giving a grant for the users who use the system correctly [4].


INTRODUCTION
Under the concept of a global economy, enterprises are assigning design and production environments around the world in different areas.The requirement for highly reliable and available services has been continuously increasing in many domains for the last decade [1].The optimization of product benefit must be the focus of all network activities [2].The work comprises components for integration of information systems, visualization of the planning and production situation, communication to enable cooperative decision making under uncertainty, optimization of plans and simulation of the decisions, network diagnostics and performance monitoring among others [3].This involves a number of challenges such as providing members access to network-wide real time information, enable visualization of the available information, secure the interaction between advanced information and communication technologies (ICT) based decision support tools and human decision making, creating a coordinated and collaborative environment [2] for planning and decision making.The implementation phase in ICT system is done by doing several socialization activities such as training, hands-on workshop, coaching or even giving a grant for the users who use the system correctly [4].
Monitoring of such process execution may allow the manager to detect faults and guarantee correct execution [5] e. g. voicedata packets have to arrive at the destination in time, with a defined cadence and with low and constant delay in order to allow the real time voice reconstruction [6].Because the new communication system enables many more interactions between many more participants, it has security requirements beyond the conventional confidentiality, integrity and availability properties provided by conventional security systems [7].The idea of NGN (Next Generation Network) is developed with the purpose of integrating different multiple services (data, voice, video, etc.) and of facilitating the convergence of fixed and mobile networks [8].However, the effects of ICT devices on the productivity of companies cannot be measured unequivocally at the microeconomic level because of certain statistical and methodological imperfections, the difficulties in measuring network effect at a business level and the lack of data enabling to make international comparisons [9].Development of information technology and communication has led to widespread deployment of technical solutions for [10]:  Accessing and processing data and information;  The transmission of data and information in a network environment with distributed destinations;  Connect different users regardless of their geographical distance and position.
The complexity of the human enterprise continues to grow at an accelerating pace as larger numbers of people take on increasingly ambitious tasks in a world that grows in size, complexity, and constraining factors [11].On-line applications (e.g.e-banking, electronic voting, information sharing and searching) require anonymous measures to prevent third parties from gathering online private information.As a general requirement for an infrastructure support is than the enterprises must be able to inter-operate and exchange information and knowledge in real time so that they can work as a single integrated unit [12], although keeping their independence/autonomy.
Various network services can be used by everyone, either supplying or demanding them.A large range of distribution, the platform independence, a big number of user friendly services that are easily accessible through the World Wide Web as well as the open standards used and free or budgetpriced products (such as browsers, html editors, software www.ijacsa.thesai.orgupdates) have lead to a high and continuously growing proliferation of the Internet [13].More and more people are using Internet to access information and communicate with each other.Development of ICT leaves much more freedom to the designers and consultants to accommodate organizations to other influences, both internal and external [14].Enterprises are now facing growing global competition and the continual success in the marketplace depends very much on how efficient and effective the companies are able to respond to customer demands [15].Starting from these considerations, this work analyzed the virtual enterprise network (VEN) architecture for an enterprise geographic dispersed as support for virtual private networks (VPNs) possible structures (based on Internet Protocol Security -IPSec) and presents a network monitoring solution using open source software to enterprise business improvement.

II. THE ENTERPRISE NETWORK GENERAL ARCHITECTURE
An enterprise network consists of a group (departmental, interdepartmental, etc.) of local area networks (LANs), located in the same place or geographically dispersed, interconnected using wide area networks (WANs) and contains a number of inter-networking devices (e.g.switches, routers, gateways, etc.) which is under the control of the organization or a telecommunication company.A communication network forms the backbone of any successful organization [16].Metropolitan networks play a critical role in the overall expansion of network services because they not only provide for services within individual metropolitan areas, but they also serve as the gateways for wide-area nationaland international -scale networks [17].In an enterprise network, a large number of nodes are interconnected together through a computer network as follow [18]:  End-user nodes represented by access points such as workstations, personal computers, printers, mainframe computers, etc.
 Network active elements consist of devices such as multiplexers, hubs, switches, routers, and gateways; the active elements and links provide the needed physical communication paths between every pair of end-user nodes.
Today, traditional infrastructures type Internet/Intranet/Extranet have now a fast dynamic, marking the transition to new generation networks to provide higher speeds to the user (end to end), for different types of activities and transactions and a significant reduction in the number of servers by passing information between two nodes [19].
In the last decade, specially, the idea of virtual enterprise (VE) called on a virtual enterprise network (VEN) or a virtual enterprise business network (VEBN) is meant to establish a dynamic structure of the organization by a synergetic combination of dissimilar enterprises (i.e.small and medium sized enterprises) with different core competencies, thereby forming a best of everything temporary alliance inan industrial group or holding to perform a given business project to achieve maximum degree of customers requirements and customer satisfaction [15].
In the last years, the trend toward IP-based transport infrastructures for all real-time and non-real-time applications opens the door for a new paradigm in integrated voice and data communications.A hierarchical network design model breaks the complex problem of network design into smaller, more manageable problems [15].An important step in designing an enterprise network is to define a network perimeter.The enterprise network perimeter (see figure 1) defines a security layer complemented with other security mechanism [20], [21].Communications within and outside the enterprise perimeter must be through a traffic control pointprovided by firewalls and other security devices [19].Large area networks (WANs, specific for large enterprise or for businesses geographically dispersed) were designed to solve connection problems between different workstations and different local networks, or only a local network where the distances are too large to be able to use a simple cable connection.The network designs are examples of secure network architecture that are scalable for home offices, small and medium sized businesses, or business enterprises.A variety of hardware, operating systems, and applications can be used in their implementation.Both commercial and free open source products can be used for the workstations, web servers, security servers, and database servers.

ATM (Asynchronous
Transfer Mode) is a packet-switched technology that uses virtual circuits over a single physical connection from each location to the ATM cloud.Data is transferred in cells or packets of a fixed size.The small, constant cell size allows ATM equipment to transmit video, audio and computer data over the same network.ATM creates a fixed channel between two points whenever data transfer begins.This makes it easier to track and bill data usage across an ATM network (see figure 2), but it makes it less adaptable to sudden surges in network traffic.
www.ijacsa.thesai.orgFour types of service are available: constant bit rate (CBR), variable bit rate (VBR), available bit rate (ABR) and unspecified bit rate (UBR).In this idea, we propose in figure 3 a general virtual enterprise network architecture for a large enterprise or an industrial holding (with headquarters and branches) formed by a temporary alliance of different small and medium sized enterprises, geographically dispersed, with ATM Points of Presence (PoPs).This solution is implemented in the PREMINV e-platform at the University "Politehnica" of Bucharest, where the virtual enterprise network (VEN) is based on a virtual private network (VPN).This is an emulated network built on public infrastructure (shared), and particularly dedicated to a client (the private) to connect the different users in locations and capable to ensure similar conditions of integrity, confidentiality and quality similar with those of a private network.
Virtual Enterprise Networks allows the provisioning (i.e.private network services) for a dynamic organization over a public or shared infrastructure such as the Internet or service provider backbone network.Appearance of a virtual enterprise network is related to the evolution switches.The first and the most important role of a virtual enterprise network is to realize a synergetic combination of a group of users regardless of their geographical position but in such a manner that it flows together and provide the best performances.Secondly, a VEN provide administrative solutions which accompany the products, allowing users moving from one group to another through a simple reconfiguration of the equipment [22].However, the application-to-application communication problem still exists.Businesses have needed a standardized way for applications to communicate with one another over networks; no matter how those applications were originally implemented [23].VPN provisioned using technologies such as Frame Relay and Asynchronous Transfer Mode (ATM) virtual circuits (VC) have been available for a long time, but over the past few years IP and IP/Multi-Protocol Label Switching (MPLS)based VPNs have become more and more popular (see figure 3).The central idea of MPLS is to attach a short fixed-length label to packets at the ingress router of the MPLS domain.
Packet forwarding then depends on the tagged label, not on longest address match, as in traditional IP forwarding [24].VPN may be service provider or customer provisioned and falls into one of two broad categories: site-to-site VPN which connect the geographically dispersed sites of organizations and remote access VPN which connect mobile or home-based users to an industrial holding [25].There are three primary models for VPN architectures that can be implemented at the enterprise level [15]:  Host-to-hostused to protect communication between two computers.The model is most used when a small number of users must be online or is given a remote that requires protocols that are normally uncertain.
 Host-to-gatewayprotects communications between one or more individual hosts belonging to a specific network of an organization.Host-to-gateway is used to allow hosts of unsecured networks, access to internal organization services such as email and web servers.
 Gateway-to-gateway this model protects communications between two specific networks, such as organization's headquarters networks and organization's branch offices or two business partners' networks.
IPSec is a framework of open standards for ensuring private communications over public networks.It has become the most common network layer security control, typically used to create a virtual private network (VPN).IPSec Tunnel mode is used to secure gateway-to-gateway traffic.IPSec Tunnel mode is used when the final destination of the data packet is different from the security termination point.IPsec Tunnel mode protects the entire contents of the tunneled packets.The IPSec Tunnel mode data packets sent from the source device are accepted by the security gateway (a router or a server) and forwarded to the other end of the tunnel, where the original packets are extracted and then forwarded to their final destination device [26].IPSec tunnel is usually built to connect two or more remote LANs via Internet so that hosts in different remote LANs are able to communicate with each other as if they are all in the same LAN.Common commands to create an IPSec tunnel (for Cisco ® equipments) are presented in figure 4 (connects Enterprise headquarter LAN through an IPSec tunnel to 2 Enterprise Branch Office LANs).A VPN solution based on IPsec (see figure 5)typically requires integration of several services (design, network management services, dial-up or dedicated access).
A VPN solution typically requires integration of several services (design, network management services, dial-up or dedicated access).The trend is now evolving to intranets and extranets defined logic, which will lead to the reintegration of the various networks in a single logical subdivision.Structures that allow the approximation of this goal are virtual private networks.Possible solutions in the PREMINV platform to implement a VPN structure for a VE system realization in a geographically dispersed enterprise (see figure 5) can be [15]   Newer, VPN can be used in different ways to support business processes.This is the ideal solution if it is not efficient in terms of construction costs a particular network for a firm with a workforce highly mobile, or for small firms that can not justify the cost of their telecommunications network.Also, VPN can be purchased from a telecommunications company and as an alternative they can use existing network infrastructure as the Internet or public switched telephone network and software through the tunnel crossing.www.ijacsa.thesai.orgIV.THE ENTERPRISE NETWORK MANAGEMENT Enterprise networks are often large, run a wide variety of applications and protocols, and typically operate under strict reliability and security constraints; thus, they represent a challenging environment for network management [27].Exactly network topology information is required to perform management activities (e.g.fault detection, root cause analysis, performance monitoring, load balancing, etc.) in enterprise networks.The importance of effective network management, not just in terms of controlling cost but in achieving the strategic aims of business, is also highlighted by some of the benefits respondents attributed to it, including improved inventory planning across the entire network, avoidance of fire-fighting situations by improved production and dispatch planning, reduced lead times and improved responsiveness and transparency at the enterprise level [28].
Network management represents the activities, methods, procedures, and tools (software and hardware) that pertain to the operation, administration, maintenance, and provisioning of networked systems.Method of solving this problem is to use a host and service monitor designed to inform as of network problems before your clients, end-users or managers do [15].
We implementedNagios to an enterprise part of an industrial groupconstituted as a dynamic alliance of many different small and medium sized enterprises (see figure 6 and  7) which has its headquarters in Bucharest and branch offices (agencies) in the countryin big cities but also in medium and small cities.All industrial holding locations have a local area network and communicate among themselves through a virtual private network.In each location were made two or three loopsone copper, one optical fiber and/or radio.The solution proposed and implemented by us was to use.www.ijacsa.thesai.orgNagiosas a host and service monitor designed to inform as of network problems before your clients, end-users or managers do.It is based on queries that can be done at scheduled intervals with small programs called plug-ins.Those programs make queries on public services and returns results as follows: 0 -OK, 1 -Warning and 2 -Critical.Nagios  architecture consist of a nucleus that collects data generated by plug-ins and notices on them, a number of plugins and an optional web interface where are viewed the state services and hosts monitored, history, notices sent, etc.In terms of performance, Nagios  scales very well and depending on the hardware configuration can verify tens of thousands of services.It can also be installed in cluster configuration.This software is licensed under the terms of the GNU General Public License Version 2 as published by the Free Software Foundation (GNU General Public License is a free, copy left license for software and other kinds of works).This gives legal permission to copy, distribute and/or modify Nagios  under certain conditions.Some of the many Nagios  features include [29]:  Monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP) and monitoring of host resources (processor load, disk and memory usage, running processes, log files, etc.) and monitoring of environmental factors such as temperature;  Simple plug-in design that allows users to easily develop their own host and service checks and ability to define network host hierarchy, allowing detection of and distinction between hosts that are down and those that is unreachable;  Contact notifications when service or host problems occur and get resolved (via email or other user-defined method);  A Web interfaceviewing current network status, notification and problem history, etc.
To implement this application we have used over five hundred locations.In figure 6 and 7 are presented the locations monitored for this large enterprisewe eliminate the beneficiary name for advertising reason.We've installed Nagios  in the PREMINV e-platform on a server with the following technical characteristics: 2 Dual Core Intel Xeon (TM) 3.6 GHz processors (64-bit), 2 GB RAM, 2 x 80 GB Hard Drives and Debian Linux 4.0 Operating System.We realized in the PREMINV e-platform more scripts as support for different operations.www.ijacsa.thesai.orgIn figure 8 we present a script that save configurations for some Cisco ® equipments.With this script one can connect the device (having entered at the command line user login and password) and copy line by line equipment configuration.V. CONCLUSIONS In the actual context of the virtual enterprise network expanding, companies are much more preoccupied to build such structures and/or to be part of different structures that already exist.These will give them more business opportunities and by the knowledge transfer processes, they will gain competitiveness.Therefore, enterprises continue to implement information and communication technology systems solutions and strategies to improve their business processes in virtual networks.
Considering future product development as collaboration and communication oriented we implemented in the PREMINV e-platform a solution based on a virtual enterprise network (VPN IPSec solution) concept using integrated data sets and tools.As a general requirement for this virtual network based application the companies must be able to inter-operate and exchange data, information and knowledge in real time so that they can work as a single integrated unit, although keeping their autonomy.Also, virtual networked business teams need a strategic framework in which to operate.Today's virtual business teams don't appear to be able to fully leverage the much-touted opportunities offered by always-on interconnectedness, easy access to unlimited information sources and real-time communication tools.They also need good planning and in-depth project analysis, effective and accessible technologies, constant coaching, systematic fine-tuning, feedback processes and the full understanding that their success cannot be determined by a pre-designated set of communication technologies [26].
A solution for a large enterprise geographically dispersed network monitoring using open source software (Nagios) has been presented in this paper.For an enterprise, network monitoring is a critical and very important function, which can save significant resources, increase network performance, employee productivity and maintenance cost of infrastructure.Nagios compares the features and performance with expensive commercial monitoring applications as HP Operations Manager or Microsoft System Operations Manager.This software (Nagios) can be developed and implemented at a corporate level but also in a company that provides telecommunication services.

Figure 1 .
Figure 1.The enterprise network perimeterA high performance backbone has an intrinsic value for an ultra-fast Internet connection only if the points of connection and network users, POP (Point of Presence), providing an equivalent level of performance.ATM (Asynchronous Transfer Mode) is a packet-switched technology that uses virtual circuits over a single physical connection from each location to the ATM cloud.Data is transferred in cells or packets of a fixed size.The small, constant cell size allows ATM equipment to transmit video, audio and computer data over the same network.ATM creates a fixed channel between two points whenever data transfer begins.This makes it easier to track and bill data usage across an ATM network (see figure2), but it makes it less adaptable to sudden surges in network traffic.

Figure 2 .
Figure 2.An ATM network for an enterprise geographically dispersed with PoPs to support transfer of large volumes of data over long distances III. THE ENTERPRISE VPNS IPSEC SOLUTIONSIn fact,emulated VPN is a network build on public infrastructure (shared), dedicated to a client (privacy), to connect the users and to ensure the conditions of integrity, confidentiality and quality similar with a private network.It purposes the following classification of VPN's: a) After the length of structures:  Permanent VPN  Enabled VPN (tunneling): Client Tunnel Compulsory Tunnel.b) As responsible for implementing:  VPN's provider's responsibility  VPN's client responsibility  VPN's provider's and customer responsibility If VPN is the responsibility of the supplier and is reduced to connectivity, the content and inter-location communication are the responsibility of the recipient (customer) and the provider should not restrict the type of inter-location intercommunication that only it would to the extend that it would have repercussions on the physical network).c) Type of access in VPN:  VPN remote access (Dial to client); www.ijacsa.thesai.org Intranet VPN (site to site model);  Extranet VPN (Business to Business model).d) After expanding territories of:  Local VPN;  National VPN;  International VPN.e) After topology:  Hub and Spoke VPN;  Any to any VPN;  Hybrid VPN.f) After the type of date:  VPN "pure" (connectivity);  VPN and contents services (content) (Internet, voice, voice VPN, video) ;  Content provider is the provider of VPN;  Content provider other than VPN provider.

Figure 3 .
Figure 3. VPN IP/MPLS Network [26]: local VPN based on VLAN (Virtual Local Area Network), local VPN based on IPSec (Internet Protocol Security), VPN wide area based on IPSec, VPN wide area based on MPLS (Multi-Protocol Label Switching), VPN based on PPPoL2TP (Point-to-Point Protocol over Layer 2 Tunneling Protocol), etc. www.ijacsa.thesai.org

Figure 4 .
Figure 4. VPN IPSec tunnel configuration between the enterprise headquarters and branch offices using Cisco® equipments

Figure 6 .
Figure 6.Status for an enterprise networkthe local enterprise agency of Hunedoara County is down and the local agencies of Arges, Covasna, Iasi and Timis Counties have long response times

Figure 7 .
Figure 7. Status for an enterprise agencythe local enterprise agency of Bihor County providers loop status