Merck writes a Web-based Rx
Global VPN uses Web technology to unite researchers and trading partners online
(IDG) -- When it comes to keeping its research team in touch, pharmaceutical giant Merck has found that the World Wide Web is the best medicine.
The company's global Internet-based virtual private network (VPN) has transformed the way Merck scientists collaborate on research projects, enabling anyone with the right credentials to access vast databases of resources with point-and-click ease. Additionally, the network has opened up secure lines of communication with business partners, laying the foundation for more productive collaboration.
Before PartnerNet, "We had no real capability to share information in real time against a core repository," says Clark Golestani, director of research information systems computing infrastructure at the New Jersey company. Merck scientists around the world were sharing information with one another and third-party research partners by mailing floppy disks.
In an industry in which a company's success or failure depends on whether it gets drugs to market first, Merck knew it had to find a better way.
Golestani and his team spent six months building PartnerNet. Without disclosing the cost, he says a company of Merck's size - $24 billion in annual sales and 53,800 employees - could build a comparable VPN for less than $1 million.
Golestani adds that he never had to justify the cost to management because the benefits were so readily apparent, especially in terms of speed and security. Dr. Martha Quesada, director of Merck's scientific information systems, says there's no comparison between the speed and efficiency that can be realized through PartnerNet vs. the old methods.
Merck designed the system so that all data for a given project sits on a single server, enabling all scientists involved to work from a common project database, regardless of their location. Once a scientist posts information in this centralized Lotus Notes database, it is immediately accessible to the other scientists, Quesada says.
Building the beast
A key challenge Golestani faced in building PartnerNet was keeping unauthorized users away from all that data. The solution was the Merck PartnerNet Gateway, Golestani's term for a multitiered collection of security facilities, including firewalls, encryption, router filtering and token-based authentication.
To ensure users are who they say they are, Golestani uses SecurID from Security Dynamics Technologies. The system requires users to enter a name and password along with a number generated by the SecurID token. The number changes every 60 seconds and must be validated against a server-based component.
To protect its data over the Internet, Merck uses one of two options, the IP Security (IPSec) protocol for network-layer encryption or a Unix-based protocol called swIPe that provides firewall-to-firewall encryption. Golestani also has configured external routers to send data to a specific port on his gateway router. If an intruder knocks on the wrong router door, a filter blocks him out.
Once a user successfully navigates through the various PartnerNet Gateway components, he is directed to a server that controls access to specific applications based on the user's identity. So, for example, a researcher at a Merck partner site may only be authorized to access a single Notes database, but a Merck employee would have access all the way into the company's crown jewel, its core research database. That Oracle database acts as a repository for all the research information the company has gathered over the years.
One of the most important aspects of building PartnerNet was sticking to industry standards, including TCP/IP, HTML, IPSec and Simple Mail Transfer Protocol.
For example, instead of trying to get the various Merck departments to standardize on one e-mail system, Golestani has the company's platforms - Microsoft Exchange, Microsoft Mail, Quick Mail, Unix Mail and a VAX-based mail system - feed into a single SMTP hub.
Thanks in part to this kind of flexibility, when PartnerNet was rolled out to the research labs, it quickly captured the attention of the rest of the company. Merck's sales, marketing and financial departments began using PartnerNet to share information internally.
The next step was to use PartnerNet to establish secure lines of communication with more than 15 suppliers and customers for e-mail exchange and access to parts of Merck's sales and marketing databases. Merck is also using PartnerNet as the gateway that controls access to the company's internal code, so offsite Y2K consultants can get to the software that needs fixing.
This year Golestani plans to enable customers and partners to conduct transactions with Merck via PartnerNet, cutting loose some private electronic data interchange links currently used for sending and receiving orders. Golestani also wants to establish PartnerNet-based communications between Merck and its Medco pharmacy services division.
As the volume and importance of data moving across PartnerNet increases, so does the need to upgrade the security. Golestani says he is looking at adding Secure Multi-purpose Internet Mail Extensions (SMIME) for secure messaging and considering implementing public and private keys.
He also wants to provide remote access to PartnerNet for scientists working outside of the lab sites and to extend the management framework to include application-level monitoring.
Golestani says the exciting part of the PartnerNet experience has been watching the VPN expand from something that was targeted at the company's research division to a platform that is changing the way the entire company does business. "It's exploding," he says.
Neal Weinberg is features reporter at Network World.
Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.