Extranets, or extended intranets, have become a popular option for companies looking to use the Internet for electronic commerce, but concerns persist over security and quality of service. To address these needs, Bay Networks has launched the Extranet Switch 4000, which works by creating a virtual private network on the Internet. Bay vice-president for sales development Jeffrey Lindholm described an extranet as the ability to extend a private network over the Internet securely and reach a large number of people. Bay's switch can replace several other remote-access technologies, including traditional EDI (electronic data interchange) networks and dial-in access. Unlike older dial-in access systems, Bay's extranet switch does not use a bank of modems which have to be replaced as they become obsolete. At the same time, by using the Internet, companies do not have to provide round-the-clock assistance to users because that function is handled by the user's Internet service provider. Bay's system uses tunnelling technology to ensure quality of service. A tunnel is a private virtual circuit created over the Internet between the user and the extranet switch. To ensure privacy, the tunnel is encrypted. Once a tunnel is established, it is passed through a directory server to authenticate the user. There are a variety of tunnelling standards in use, and Bay supports several of them. Each has advantages in different situations. For instance, PPTP (point-to-point tunnelling protocol) was developed by Microsoft. Its authentication system is not the strongest possible, but it is integrated into Windows 95 and NT. This means it is widely used, and companies do not have to install copies on to the PCs of everyone they want to give access. Conversely, IPsec, or IP security, authenticates individual data packets, but is not as widely used. Mr Lindholm said that by supporting different tunnelling standards, companies could select their own standard. For example, employees who did not need high security could use PPTP, which already was integrated with their PC, while high-value customers could be given IPsec software to protect their more valuable communications. Bay also supports L2TP (layer 2 tunnelling protocol), an evolving standard with the encryption level of IPsec, to be included in Windows 98 and NT version 5.0. The idea of assigning different tunnelling standards to different users is in keeping with Bay's use of profiles in the extranet switch. Profiles define a user's characteristics and session. Among the aspects of the session that can be controlled are tunnelling types, encryption strength, filtering profile, bandwidth and connection priority and access hours. This way, companies can define which users get access to which parts of the network, and can allocate more bandwidth to more important users. The Bay switch uses LDAP (lightweight directory access protocol) to create profiles.