New network wares
address VPN hurdles
By Scott Berinato and Jim Kerstetter, PC Week Online
04.27.98
Networking and security
vendors will use
NetWorld+Interop next week
to launch products that hurdle
several fundamental obstacles
to widespread VPN adoption.
The new wares will enable
disparate virtual private
networks to interconnect over
the Internet by working with
the proposed IPSec (IP
Security) standard.
They also will make it easier
for corporate IT departments and ISPs (Internet
service providers) to share management of a
VPN through more flexible management functions.
Third, a focus on interoperability standards and
extranet capabilities will also more clearly define
what a VPN can do for a company.
Difficulty of use has been a major problem for
early corporate adopters of VPNs. Atlanta-based
AFC Systems Inc., for example, has 400
fast-food franchises dialing into corporate
headquarters through a VPN, bypassing
$3.50-per-hour dial-up charges. But the company
is still looking for a system that's easier to
implement.
"Because I have so many disparate franchises, I
need software only at the client side," said Bill
Clapes, AFC's director of franchise systems. "I
don't want hardware at each site. I want the
service provider to manage all that."
Ascend Communications Inc. will demonstrate at
N+I products that sources say can do exactly
that. The Alameda, Calif., company's new
MultiVPN suite will add a snap-in to its Navis
Network Management platform that gives an IT
department flexibility when defining management
responsibilities for an ISP. A network
administrator, for example, could decide to
control all of a company's security functions and
outsource the network infrastructure to the ISP,
or he could hand complete control over to the
service provider.
Ascend will demonstrate three other VPN
components: Virtual Private Remote Networking,
which dictates the use of IPSec for
interoperability with LDAP (Lightweight Directory
Access Protocol) directories; Virtual Port
Trunking, for setting bandwidth policies; and
Virtual IP Routing, for applying label switching to
ATM and frame relay backbone traffic.
Meanwhile, VPNet Technologies Inc., of San
Jose, Calif., will release at the Las Vegas trade
show the VPNywhere suite, which includes
gateway hardware that supports IPSec and
encryption acceleration. It provides a Web-based
management tool that, like Ascend's Navis,
enables flexible management between ISPs and
corporate customers.
Due in May, VPNywhere will cost between
$3,995 for a single-site, 25-user system to
$38,995 for a four-site, 2,400-user system.
Check Point Software Technologies Ltd., in
Redwood City., Calif., and TimeStep Corp., of
Kanata, Ontario, will debut VPN software that
complies with the IPSec VPN specification and
integrates with Entrust Technologies Inc.'s PKI
(Public Key Infrastructure).
Check Point's Firewall-1 VPN will also integrate
with LDAP and the automated key management
capabilities in IPSec, officials said.
TimeStep's Permit/Connect has four components:
the Entrust PKI, a two-port Ethernet connection
called Permit/Gate, a client component called
Permit/Client and Permit/Config, which configures
and administrates Permit/Gates from anywhere
on the VPN.
With the Entrust bundle, the suite costs $14,395
for 100 users. Without Entrust, it costs $7,995 for
100 users.
IBM is expected to announce a global VPN
service that supplants its current corporate
dial-up services to give users lower-cost access
with improved security, sources said. The
Armonk, N.Y., company will also unveil
technology that will let mainframe SNA traffic
travel securely through a tunnel, the sources said.
Bay Networks Inc. will broaden its VPN switch
family with the Extranet Switch 1000. The $7,000
product also has support for IPSec and LDAP, as
well as shared ISP and enterprise management,
officials in Santa Clara, Calif., said.
As VPN vendors slowly add interoperability and
manageability into wares, an Internet Engineering
Task Force working group this summer will try to
eliminate user confusion about VPN capabilities
by creating a baseline definition of the
technology. The IETF still can't solve two main
problems of using the Internet and VPNs for
business: unpredictability of the public network
and WAN bandwidth. But members hope the
standard will at least end the semantic debate.
"Murphy's Law will say that the people I want to
do VPNs with--extranet partners, branch offices
and customers--will have different hardware,
different ISPs and different key infrastructures
than I do," said John Lawler, VPN product
manager at Concentric Networks Inc., in San
Jose. "So, obviously, a standard is vital." |
