An extranet is a computer network that allows controlled access from the outside, for

specific business or educational purposes. An extranet can be viewed as an extension of a

company's intranet that is extended to users outside the company, usually partners,
vendors, and suppliers. It has also been described as a "state of mind" in which the
Internet is perceived as a way to do business with a selected set of other companies
(business-to-business, B2B), in isolation from all other Internet users. In contrast,
business-to-consumer (B2C) models involve known servers of one or more companies,
communicating with previously unknown consumer users. An intranet is like a DMZ in
that it provides access to needed services for channel partners, without granting access to
an organization's entire network.

Contents
[hide]

• 1 Relationship to an intranet
• 2 Enterprise applications
• 3 Advantages
• 4 Disadvantages
• 5 See also
• 6 References

• 7 Further reading

[edit] Relationship to an intranet

An extranet can be understood as an intranet mapped onto the public Internet or some
other transmission system not accessible to the general public, but managed by more than
one company's administrator(s). For example, military networks of different security
levels may map onto a common military radio transmission system that never connects to
the Internet. Any private network mapped onto a public one is a virtual private network
(VPN), often using special security protocols.

For decades, institutions have been interconnecting to each other to create private
networks for sharing information. One of the differences that characterizes an extranet,
however, is that its interconnections are over a shared network rather than through
dedicated physical lines. With respect to Internet Protocol networks, RFC 4364 states "If
all the sites in a VPN are owned by the same enterprise, the VPN is a corporate intranet.
If the various sites in a VPN are owned by different enterprises, the VPN is an extranet.
A site can be in more than one VPN; e.g., in an intranet and several extranets. We regard
both intranets and extranets as VPNs. In general, when we use the term VPN we will not
be distinguishing between intranets and extranets. Even if this argument is valid, the term
"extranet" is still applied and can be used to eliminate the use of the above
description."[1]
In the quote above from RFC 4364, the term "site" refers to a distinct networked
environment. Two sites connected to each other across the public Internet backbone
comprise a VPN. The term "site" does not mean "website." Thus, a small company in a
single building can have an "intranet," but to have a VPN, they would need to provide
tunneled access to that network for geographically distributed employees.

Similarly, for smaller, geographically united organizations, "extranet" is a useful term to

describe selective access to intranet systems granted to suppliers, customers, or other
companies. Such access does not involve tunneling, but rather simply an authentication
mechanism to a web server. In this sense, an "extranet" designates the "private part" of a
website, where "registered users" can navigate, enabled by authentication mechanisms on
a "login page".

An extranet requires network security. These can include firewalls, server management,
the issuance and use of digital certificates or similar means of user authentication,
encryption of messages, and the use of virtual private networks (VPNs) that tunnel
through the public network.

Many technical specifications describe methods of implementing extranets, but often

never explicitly define an extranet. RFC 3547 [1] presents requirements for remote access
to extranets. RFC 2709 [2] discusses extranet implementation using IPsec and advanced
network address translation (NAT).

[edit] Enterprise applications

During the late 1990s and early 2000s, several industries started to use the term extranet
to describe central repositories of shared data made accessible via the web only to
authorized members of particular work groups. Some applications are offered on a
Software as a Service (SaaS) basis by vendors functioning as Application service
providers (ASPs).

Specially secured extranets are used to provide virtual data room services to companies in
several sectors (including law and accountancy).

For example, in the construction industry, project teams may access a project extranet to
share drawings and documents, make comments, issue requests for information, etc. In
2003 in the United Kingdom, several of the leading vendors formed the Network for
Construction Collaboration Technology Providers (NCCTP) to promote the technologies
and to establish data exchange standards between the different data systems. The same
type of construction-focused technologies have also been developed in the United States,
Australia and mainland Europe.[3]

[edit] Advantages
• Exchange large volumes of data using Electronic Data Interchange (EDI)
 • Share product catalogs exclusively with trade partners
• Collaborate with other companies on joint development efforts
• Jointly develop and use training programs with other companies
• Provide or access services provided by one company to a group of other
companies, such as an online banking application managed by one company on
behalf of affiliated banks

[edit] Disadvantages
• Extranets can be expensive to implement and maintain within an organization
(e.g., hardware, software, employee training costs), if hosted internally rather than
by an application service provider.
• Security of extranets can be a concern when hosting valuable or proprietary
information.