Extranet
Encyclopedia
An extranet is a computer network
that allows controlled access from the outside, for specific business or educational purposes. An extranet can be viewed as an extension of a company's intranet
that is extended to users outside the company, usually partners, vendors, and suppliers. It has also been described as a "state of mind" in which the Internet is perceived as a way to do business with a selected set of other companies (business-to-business
, B2B), in isolation from all other Internet users. In contrast, business-to-consumer (B2C) models involve known servers of one or more companies, communicating with previously unknown consumer users. An extranet is like a DMZ in that it provides access to needed services for channel partners, without granting access to an organization's entire network.
(VPN), often using special security protocols.
For decades, institutions have been interconnecting to each other to create private networks for sharing information. One of the differences that characterizes an extranet, however, is that its interconnections are over a shared network rather than through dedicated physical lines. With respect to Internet Protocol networks, RFC 4364 states "If all the sites in a VPN are owned by the same enterprise, the VPN is a corporate intranet. If the various sites in a VPN are owned by different enterprises, the VPN is an extranet. A site can be in more than one VPN; e.g., in an intranet and several extranets. We regard both intranets and extranets as VPNs. In general, when we use the term VPN we will not be distinguishing between intranets and extranets. Even if this argument is valid, the term "extranet" is still applied and can be used to eliminate the use of the above description."[1]
In the quote above from RFC 4364, the term "site" refers to a distinct networked environment. Two sites connected to each other across the public Internet backbone comprise a VPN. The term "site" does not mean "website." Thus, a small company in a single building can have an "intranet," but to have a VPN, they would need to provide tunneled access to that network for geographically distributed employees.
Similarly, for smaller, geographically united organizations, "extranet" is a useful term to describe selective access to intranet systems granted to suppliers, customers, or other companies. Such access does not involve tunneling, but rather simply an authentication mechanism to a web server. In this sense, an "extranet" designates the "private part" of a website
, where "registered users" can navigate, enabled by authentication mechanisms
on a "login page"
.
An extranet requires network security. These can include firewalls, server management, the issuance and use of digital certificates or similar means of user authentication
, encryption
of messages, and the use of virtual private networks (VPNs) that tunnel through the public network.
Many technical specifications describe methods of implementing extranets, but often never explicitly define an extranet. RFC 3457 presents requirements for remote access to extranets. RFC 2709 discusses extranet implementation using IPsec
and advanced network address translation
(NAT).
(SaaS) basis by vendors functioning as Application service provider
s (ASPs).
Specially secured extranets are used to provide virtual data room
services to companies in several sectors (including law and accountancy).
For example, in the construction industry, project teams may access a project extranet to share drawings and documents, make comments, issue requests for information, etc. In 2003 in the United Kingdom
, several of the leading vendors formed the Network for Construction Collaboration Technology
Providers (NCCTP) to promote the technologies and to establish data exchange standards between the different data systems. The same type of construction-focused technologies have also been developed in the United States
, Australia
and mainland Europe.
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
that allows controlled access from the outside, for specific business or educational purposes. An extranet can be viewed as an extension of a company's intranet
Intranet
An intranet is a computer network that uses Internet Protocol technology to securely share any part of an organization's information or network operating system within that organization. The term is used in contrast to internet, a network between organizations, and instead refers to a network...
that is extended to users outside the company, usually partners, vendors, and suppliers. It has also been described as a "state of mind" in which the Internet is perceived as a way to do business with a selected set of other companies (business-to-business
Business-to-business
Business-to-business describes commerce transactions between businesses, such as between a manufacturer and a wholesaler, or between a wholesaler and a retailer...
, B2B), in isolation from all other Internet users. In contrast, business-to-consumer (B2C) models involve known servers of one or more companies, communicating with previously unknown consumer users. An extranet is like a DMZ in that it provides access to needed services for channel partners, without granting access to an organization's entire network.
Relationship to an intranet
An extranet can be understood as an intranet mapped onto the public Internet or some other transmission system not accessible to the general public, but managed by more than one company's administrator(s). For example, military networks of different security levels may map onto a common military radio transmission system that never connects to the Internet. Any private network mapped onto a public one is a virtual private networkVirtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
(VPN), often using special security protocols.
For decades, institutions have been interconnecting to each other to create private networks for sharing information. One of the differences that characterizes an extranet, however, is that its interconnections are over a shared network rather than through dedicated physical lines. With respect to Internet Protocol networks, RFC 4364 states "If all the sites in a VPN are owned by the same enterprise, the VPN is a corporate intranet. If the various sites in a VPN are owned by different enterprises, the VPN is an extranet. A site can be in more than one VPN; e.g., in an intranet and several extranets. We regard both intranets and extranets as VPNs. In general, when we use the term VPN we will not be distinguishing between intranets and extranets. Even if this argument is valid, the term "extranet" is still applied and can be used to eliminate the use of the above description."[1]
In the quote above from RFC 4364, the term "site" refers to a distinct networked environment. Two sites connected to each other across the public Internet backbone comprise a VPN. The term "site" does not mean "website." Thus, a small company in a single building can have an "intranet," but to have a VPN, they would need to provide tunneled access to that network for geographically distributed employees.
Similarly, for smaller, geographically united organizations, "extranet" is a useful term to describe selective access to intranet systems granted to suppliers, customers, or other companies. Such access does not involve tunneling, but rather simply an authentication mechanism to a web server. In this sense, an "extranet" designates the "private part" of a website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
, where "registered users" can navigate, enabled by authentication mechanisms
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
on a "login page"
Logging (computer security)
In computer security, a login or logon is the process by which individual access to a computer system is controlled by identifying and authentifying the user referring to credentials presented by the user.A user can log in to a system to obtain access and can then log out or log off In computer...
.
An extranet requires network security. These can include firewalls, server management, the issuance and use of digital certificates or similar means of user authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
, encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
of messages, and the use of virtual private networks (VPNs) that tunnel through the public network.
Many technical specifications describe methods of implementing extranets, but often never explicitly define an extranet. RFC 3457 presents requirements for remote access to extranets. RFC 2709 discusses extranet implementation using IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
and advanced network address translation
Network address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
(NAT).
Enterprise applications
During the late 1990s and early 2000s, several industries started to use the term extranet to describe central repositories of shared data made accessible via the web only to authorized members of particular work groups. Some applications are offered on a Software as a ServiceSoftware as a Service
Software as a service , sometimes referred to as "on-demand software," is a software delivery model in which software and its associated data are hosted centrally and are typically accessed by users using a thin client, normally using a web browser over the Internet.SaaS has become a common...
(SaaS) basis by vendors functioning as Application service provider
Application service provider
An application service provider is a business that provides computer-based services to customers over a network. Software offered using an ASP model is also sometimes called On-demand software or software as a service ....
s (ASPs).
Specially secured extranets are used to provide virtual data room
Data room
Data rooms are used in many different types of transaction where the vendor or the authority wishes to disclose a large amount of confidential data to proposed bidders typically during the due diligence process...
services to companies in several sectors (including law and accountancy).
For example, in the construction industry, project teams may access a project extranet to share drawings and documents, make comments, issue requests for information, etc. In 2003 in the United Kingdom
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
, several of the leading vendors formed the Network for Construction Collaboration Technology
Construction collaboration technology
Construction collaboration technology refers to software applications used to enable effective sharing of project-related information between geographically dispersed members of a construction project team, often through use of a web-based Software as a service platform.-History:The terms...
Providers (NCCTP) to promote the technologies and to establish data exchange standards between the different data systems. The same type of construction-focused technologies have also been developed in the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
, Australia
Australia
Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...
and mainland Europe.
Advantages
- Exchange large volumes of data using Electronic Data InterchangeElectronic Data InterchangeElectronic data interchange is the structured transmission of data between organizations by electronic means. It is used to transfer electronic documents or business data from one computer system to another computer system, i.e...
(EDI) - Share product catalogs exclusively with trade partners
- Collaborate with other companies on joint development efforts
- Jointly develop and use training programs with other companies
- Provide or access services provided by one company to a group of other companies, such as an online banking application managed by one company on behalf of affiliated banks
Disadvantages
- Extranets can be expensive to implement and maintain within an organization (e.g., hardware, software, employee training costs), if hosted internally rather than by an application service providerApplication service providerAn application service provider is a business that provides computer-based services to customers over a network. Software offered using an ASP model is also sometimes called On-demand software or software as a service ....
. - Security of extranets can be a concern when hosting valuable or proprietary information.