INTERNET SERVICE PROVIDER (ISP) and APPLICATION SERVICE PROVIDER (ASP)
__________________________________________________________________________________________________________________________________________________________________________

Internet service provider (ISP)

An Internet service provider (abbr. ISP, also called Internet access provider or IAP) is a business or organization that provides to consumers access to the Internet and related services. In the past, most ISPs were run by the phone companies. Now, ISPs can be started by just about any individual or group with sufficient money and expertise. In addition to Internet access via various technologies such as dial-up and DSL, they may provide a combination of services including Internet transit, domain name registration and hosting, web hosting, and colocation.

ISP connection options
ISPs employ a range of technologies to enable consumers to connect to their network. For "home users", the most popular options include dial-up, DSL (typically ADSL), Broadband wireless access, Cable modem, and ISDN (typically BRI). For customers who have more demanding requirements, such as medium-to-large businesses, or other ISPs, DSL (often SHDSL or ADSL), Ethernet, Metro Ethernet, Gigabit Ethernet, Frame Relay, ISDN (BRI or PRI), ATM, satellite Internet access and SONET are more likely. With the increasing popularity of downloading music and online video and the general demand for faster page loads, higher bandwidth connections are becoming more popular.


How ISPs connect to the Internet

Just as their customers pay them for Internet access, ISPs themselves pay upstream ISPs for Internet access. In the simplest case, a single connection is established to an upstream ISP using one of the technologies described above, and the ISP uses this connection to send or receive any data to or from parts of the Internet beyond its own network; in turn, the upstream ISP uses its own upstream connection, or connections to its other customers (usually other ISPs) to allow the data to travel from source to destination.In reality, the situation is often more complicated. For example, ISPs with more than one Point of Presence (PoP) may have separate connections to an upstream ISP at multiple PoPs, or they may be customers of multiple upstream ISPs and have connections to each one at one or more of their PoPs. ISPs may engage in peering, where multiple ISPs interconnect with one another at a peering point or Internet exchange point (IX), allowing the routing of data between their networks, without charging one another for that data - data that would otherwise have passed through their upstream ISPs, incurring charges from the upstream ISP. ISPs who require no upstream, and have only customers and/or peers, are called Tier 1 ISPs, indicating their status as ISPs at the top of the Internet hierarchy. Routers, switches, Internet routing protocols, and the expertise of network administrators all have a role to play in ensuring that data follows the best available route and that ISPs can "see" one another on the Internet.

Virtual ISP

A Virtual ISP (vISP) purchases services from another ISP (sometimes called a wholesale ISP or similar within this context) that allow the vISP's customers to access the Internet via one or more Points of Presence (PoPs) that are owned and operated by the wholesale ISP. There are various models for the delivery of this type of service, for example, the wholesale ISP could provide network access to end users via its dial-up modem PoPs or DSLAMs installed in telephone exchanges, and route, switch, and/or tunnel the end user traffic to the vISP's network, whereupon they may route the traffic toward its destination. In another model, the vISP does not route any end user traffic, and needs only provide AAA (Authentication, Authorization and Accounting) functions, as well as any "value-add" services like email or web hosting. Any given ISP may use their own PoPs to deliver one service, and use a vISP model to deliver another service, or, use a combination to deliver a service in different areas. The service provided by a wholesale ISP in a vISP model is distinct from that of an upstream ISP, even though in some cases, they may both be one and the same company. The former provides connectivity from the end user's premises to the Internet or to the end user's ISP, the latter provides connectivity from the end user's ISP to all or parts of the rest of the Internet.A vISP can also refer to a completely automated white label service offered to anyone at no cost or for a minimal set-up fee. The actual ISP providing the service generates revenue from the calls and may also share a percentage of that revenue with the owner of the vISP. All technical aspects are dealt with leaving the owner of vISP with the task of promoting the service. This sort of service is however declining due to the popularity of unmetered internet access also known as flatrate.

Application service provider

An application service provider (ASP) is a business that provides computer-based services to customers over a network. Software offered using an ASP model is also sometimes called On-demand software. The most limited sense of this business is that of providing access to a particular application program (such as medical billing) using a standard protocol such as HTTPThe need for ASPs has evolved from the increasing costs of specialized software that have far exceeded the price range of small to medium sized businesses. As well, the growing complexities of software have led to huge costs in distributing the software to end-users. Through ASPs, the complexities and costs of such software can be cut down. In addition, the issues of upgrading have been eliminated from the end-firm by placing the onus on the ASP to maintain up-to-date services, 24 x 7 technical support, physical and electronic security and in-built support for business continuity and flexible working.The importance of this marketplace is reflected by its size. As of early 2003, estimates of the United States market range from 1.5 to 4 billion dollars. Clients for ASP services include businesses, government organizations, non-profits, and membership organizations.

Provider types

There are several forms of ASP business. These are:

  • A specialist or functional ASP delivers a single application, such as credit card payment processing or timesheet services;
  • A vertical market ASP delivers a solution package for a specific customer type, such as a dental practice;
  • An enterprise ASP delivers broad spectrum solutions;
  • A local ASP delivers small business services within a limited area.

Some analysts identify a volume ASP as a fifth type. This is basically a specialist ASP that offers a low cost packaged solution via their own website. PayPal was an instance of this type, and their volume was one way to lower the unit cost of each transaction.In addition to these types, some large multi-line companies (such as IBM), use ASP concepts as a particular business model that supports some specific customers.

The ASP model

The application software resides on the vendor's system and is accessed by users through a web browser using HTML or by special purpose client software provided by the vendor. Custom client software can also interface to these systems through XML APIs. These APIs can also be used where integration with in-house systems is required. Common features associated with ASPs include:
  • ASP fully owns and operates the software application(s)
  • ASP owns, operates and maintains the servers that support the software
  • ASP makes information available to customers via the Internet or a "thin client"
  • ASP bills on a "per-use" basis or on a monthly/annual fee
The advantages to this approach include:
  • Software integration issues are eliminated from the client site
  • Software costs for the application are spread over a number of clients
  • Vendors can build more application experience than the in-house staff
  • Key software systems are kept up to date, available, and managed for performance by experts
  • Improve the reliability, availability, scalability and security of internal IT systems
  • A provider's service level agreement guarantees a certain level of service
  • Access product and technology experts dedicated to available products
  • Reduce internal IT costs to a predictable monthly fee.
  • Redeploy IT staff and tools to focus on strategic technology projects that impact the enterprise's bottom line
Some inherent disadvantages include:
  • The client must generally accept the application as provided since ASPs can only afford a customized solution for the largest clients
  • The client may rely on the provider to provide a critical business function, thus limiting their control of that function and instead relying on the provider
  • Changes in the ASP market may result in changes in the type or level of service available to clients
  • Integration with the client's non-ASP systems may be problematic
Evaluating an Application Service Provider security when moving to an ASP infrastructure can come at a high cost, as such a firm must assess the level of risk associated with the ASP itself. Failure to properly account for such risk can lead to:
  • Loss of control of corporate data
  • Loss of control of corporate image
  • Insufficient ASP security to counter risks
  • Exposure of corporate data to other ASP customers
  • Compromise of corporate data
Some other risks include failure to account for the financial future of the ASP in general, i.e. how stable a company are they and do they have the resources to continue business into the foreseeable future. For these reasons Cisco Systems has developed a comprehensive evaluation guideline. This guideline includes evaluating the scope of the ASPs service, the security of the program and the ASP's maturity with regard to security awareness. Finally the guidelines indicate the importance of performing audits on the ASP with respect to:
  • Port/Network service
  • Application vulnerability
  • ASP Personnel
  • Physical visits to the ASP to assess the formality of the organization will provide invaluable insight into the awareness of the firm.