×

SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




 

round_up.gif (4713 bytes)
July 1999


Virtual Private Network Solutions

Virtual private networks (VPNs) have been getting their fair share of press over the course of the past year. In fact, we recently ran a cover story on voice and VPNs in our May issue of Internet Telephony�. Just to recap, what exactly is a VPNs Simply put, a VPN is a private connection between two endpoints that enables the transmission of data (and increasingly, voice too) over a shared or public network like the Internet. The main beneficiaries of this technology are companies that have a dispersed group of branch offices and remote workers interested in creating a private WAN over geographically separate locations.

The vendors and products covered in this roundup run the gamut from small to large, from well known to virtually unheard-of startups. The featured products offer varying degrees of security and scalability, and the sidebar from Phil Saunders gives a terrific overview of what to look for in a virtual private network solution. I urge you to use this roundup as a reference as you research virtual private networking solutions for your own business. Use the contact information. Visit the vendors on the Web. Check out what?s out there, do your homework, and make an informed decision when the time comes for you to implement a VPN.

-Greg Galitzine



Altiga VPN Concentrator Series
Altiga Networks
124 Grove St., Ste. 309
Franklin, MA 02038-3206
877-4-ALTIGA
This next-gen VPN communications platform is meant for enterprise deployment at a central site for single users and remote office connections. The high availability VPN Concentrator Series offers four expansion slots for easy upgrade as well as support for up to 5,000 concurrent connections in the C50 model. The platform provides encrypted throughput of up to 100 Mbps, and comes standard with 32 MB of SRAM with expansion of up to 256 MB possible.

Other features include a 300 MHz Motorola PowerPC 603e processor, and four Altiga Scaleable Encryption Processing (SEP) Modules. The platform is compatible with Windows software, as well as Altiga?s IPSec client. It features support for PPTP, IPSec with AH, ESP, and IKE, L2TP, and L2TP tunneling in IPSec. The VPN Concentrator series also comes with an embedded management interface for easy administration, monitoring, and accounting functions. For more information, visit Altiga's Web site at www.altiga.com.


Intraport Carrier Family
Compatible Systems Corporation
P.O. Box 17220
Boulder, CO 80308
800-356-0283
This Layer 3-to-Layer 2 VPN gateway from Compatible Systems supports IPSec-based connections through dial-up, xDSL, IDSN, and cable modems. The Intraport carriers can be accessed remotely through client software over a secure, encrypted connection through any ISP to the network service provider's (NSP) facility. The VPN is terminated there, and the packets are decrypted and routed to the private network via a frame relay PVC. The Carrier-2 model of the gateway is scalable, through two hot-swappable I/O cards that each support up to 5,000 connections, as well as planned ATM support. The Carrier-8 can accommodate up to eight slots, for a maximum of 40,000 users.

Intraport client software will run on Windows, Power Macintosh, Solaris, and Intel-based Linux computers. Remote management is possible through Telnet or CompatiView, Compatible's software, which is included with the system. For additional information, visit the Compatible Systems Web site at www.compatible.com


Everest VISTA
NetCore Systems, Inc.
187 Ballardvale St.
Wilmington, MA 01887
987-694-1555
NetCore's Virtual IP Service and Transport Administration (VISTA) technology enables the company's Everest terabit-scale switch/router to function as numerous individual routers. The routers then segment increments of the public IP network and treat them as individual networks as needed, for rapid provisioning of VPNs that maintain all of the features of a company's own network. VISTA basically allows private networks to perform addressing, security, and protocol support functions while running parallel to the public Internet.

VISTA provides maximum quality of service (QoS) for voice over IP (VoIP) through service level agreements (SLAs), and uses ATM switching to partition off individual networks. The technology allows service providers to offer business-class IP VPNs with the security of circuit-based solutions. For more information, visit NetCore's Web site at www.netcoresys.com


Envoy VPN 21000
Ennovate Networks, Inc.
330 Codman Hill Rd.
Boxborough, MA 01719
978-263-2002
Ennovate's VPN 21000 service provisioning system enables simplified setup and configuration for network-based IP VPNs. The solution offers any-to-any connectivity of IP networks with the quality and security of private networks. The system uses Ennovate's Membership Advertisement Protocols (MAP) to automate VPN building, and distributes identification securely throughout the network to identify corporate sites that belong to the customer VPN.

Authentication is performed through a secure key exchange, and address isolation is achieved through virtual router technology and support for encapsulation schemes like IP in IP, ATM VCIs, IP DLCLs, and MPLS, which hide private addresses from the core network. The system also uses the virtual link establishment protocol (VLEP) for dynamic configuration of encapuslated links between virtual routers. For additional information, visit Ennovate's Web site at www.ennovatenetworks.com


Entrust/VPN Connector
Entrust Technologies, Ltd.
2323 N. Central Expwy., Ste. 360
Richardson, TX 75080
888-690-2424

As an extension to its public key infrastructure (PKI) software, Entrust offers the Entrust/VPN Connector as a standards-based certificate enrollment platform for scalable VPN solutions. The Connector manages enrollment for routers, firewalls, gateways, and VPN access applications that support the IPSec and Internet Key Exchange (IKE) standards. The platform uses the certificate enrollment protocol (CEP) or PKCS#10 certificate requests to manage certificates.

The Connector minimizes administration costs by providing automated certificate posting to directories, and automatic CRL updates. The platform also utilizes features of the PKI software like CA cryptographic hardware and PKI management reports. For additional information, visit Entrust's Web site at www.entrust.com


Luna VPN
Chrysalis-ITS
1688 Woodward Dr.
Ottawa, ON K2C 3R7
613-723-5077

The LunaVPN cryptographic accelerator board from Chrysalis provides cryptographic processing at wireline speeds of up to 100 Mbps, eliminating congestion for VPNs and freeing the firewall or router to perform other functions. The board uses onboard memory and processors for authentication, encryption, and key generation, and offers a kernel-level API for tight integration with existing applications.

The Luna is scalable up to 8,000 simultaneous connections per card, and can be connected to multiple cards to meet network traffic demands. Security is provided by digital keys which are generated on the card through symmetric and asymmetric key pair generation, and never exported. It is currently being embedded in CheckPoint's VPN-1 Appliance. For more information, visit the Chrysalis Web site at www.chrysalis-its.com


exSPANd
Intelispan, Inc.
14505 North Hayden Rd., Ste. 300
Scottsdale, AZ 85260
602-443-3999

The exSPANd service solution from Intelispan provides global remote access to the corporate WAN through a private ATM and frame relay WAN with advanced network control technologies. The network eliminates the need for tunneling, and provides an extensive coverage area with points of presence (POPs) in more than 200 cities. The solution's flat router architecture on multi-layered routed backbones offers optimum speeds and reduced latency. A committed information rate (CIR) is also provided from the local loop circuit to the premise over the Intelispan hub-and-spoke router backbone.

The service offers a network-level firewall through policy-based routing control, and IP address management and filtering is used to control user activity. A network address translator (NAT) translates addresses into the corporate LAN to a numbering range established by the administrator, and all account changes are automatically propagated to every access point on the network. LAN connections to Intelispan's network require a router, and terminal CSU/DSU equipment. For additional information, visit the company's Web site at www.intelispan.com


ConcentricQoS
Concentric Network Corp.
1400 Parkmoor Ave.
San Jose, CA 95126
408-817-2800

Concentric provides differentiated quality of service for VPNs through the ConcentricQoS service, offered with the company's Enterprise VPN. The service provides utilization management, bandwidth monitoring, and customer-specific traffic prioritization for business customers. It allows bandwidth to be provisioned for specific users, departments, or computing resources, and can prioritize time-sensitive data over other network traffic.

ConcentricQoS provides 100% premise-to-premise availability with low latency and packet loss, as well as customer control over QoS. The service also uses Xedia's Access Point QVPN router to classify traffic by application type or IP address, as well as to set bandwidth requirements. For additional information, visit Concentric's Web site at www.concentric.com


VSU-1100 VPNware Service Unit
VPNet Technologies, Inc.
1530 Meridian Ave.
San Jose, CA 95125
408-445-6600

The VSU-1100 VPN platform from VPNet can integrate with the company's VPNware System 1000, 2000, and 5000 solutions for a complete offering with management and remote-user software. The platform is IPSec-compliant, and can support triple-DES encryption at full-duplex T3 speeds. It can process 90 Mbps of IPSec-encrypted traffic and handle user authentication and NAT, using proprietary, dual packet-processing engines.

The platform uses two single-port 10/100 Mbps Ethernet cards for use in intranets, extranets, and for remote access. The system also handles points of traffic concentration like server farms, and can support a large number of feeds converging on remotely hosted networks and Web sites. When used with VPNet's VPNware, the VSU can maintain records of remote user and site-to-site sessions through SNMP, and provide internal statistics for monitoring and billing. For more information, visit VPNet's Web site at www.vpnet.com


MobileLogic WVPN
Wireless Telecom, Inc.
MobileLogic Network Services
3025 South Parker Rd., Ste. 1000
Aurora, CO 80014
800-787-9170

Based on Ericsson's Virtual Office (EVO) software, the MobileLogic WVPN from Wireless Telecom provides a combination of encryption and access control to protect data behind a firewall, while allowing access from remote users. The solution comes with a wireless modem and software for each remote user's computer, as well as secure access to the MobileLogic wireless gateway server to enable messaging applications through Exchange. WVPN server software is also installed on site, and network bandwidth through a wireless carrier of the customer's choice is provided with the solution.

The solution offers SecurID authentication from Security Dynamics as an additional option, for centralized, two-factor authentication for networks and operating systems. An access code appears on a SecurID token about the size of a credit card that is carried by users. For additional information, visit Wireless Telecom's Web site at www.mobilelogic.com


SafeNet Enterprise Version 3
Information Resource Engineering, Inc. (IRE)
8029 Corporate Dr.
Baltimore, MD 21236
410-931-7500
IRE's SafeNet Enterprise is a deployable, IPSec-compliant VPN solution featuring user and message authentication, encryption, access control, and policy management. The system is made up of the high-performance SafeNet Speed gateway and the SafeNet/Security Center management system. It also includes the SafeNet/Soft and SafeNet/Smart software clients.

Features of the SafeNet Speed include encryption and authentication schemes for tunneling data across the Internet or private networks, and security for LANs, workstations, and servers. The gateway features a scalable architecture, and runs on 10/100 Mbps networks. For more information, visit IRE's Web site at www.ire.com


cIPro Family
RADGUARD, Inc.
575 Corporate Dr.
Mahwah, NJ 07430
201-828-9611
The cIPro family product line from RADGUARD offers security for second generation IPSec VPNs. The cIPro gateways, software, and firewalls provide dynamic key management, NAT, IPSec/IKE network encryption, encrypted SNMP remote management, and automatic network topology learning. The products support LAN-to-LAN VPN applications, client-to-LAN IPSec remote access, secure VPN management, and enterprise X.509 certification.

cIPro products use a proprietary hardware platform to provide traffic flow of up to 100 Mbps for a secure internetworking environment with a path for integration to solutions from other vendors. cIPro offers security between separate private networks, as well as providing access control for specific areas within each network. The solution also allows secure communication among different departments within a LAN, as well as hardware encryption, random key generation, an optional backup unit, and real-time alert for security events. For more information, visit RADGUARD's Web site at www.radguard.com


SYNCHRONY Network Management System PLUS (SNMS+)
TimePlex Group
400 Chestnut Ridge Rd.
Woodcliff Lake, NJ 07675
888-777-0929
The SYNCHRONY SNMS+ from the TimePlex Group now offers integrated network management for VPNs through an intuitive GUI and a standards-based management architecture. The system offers Web-based reports and intelligent information processing to warn administrators of network and service issues. Managers may monitor, configure, and troubleshoot devices, services, and the interface of their network, and can receive a unified view of the entire network, with specific information down to a single port.

Inventory reports are generated through a Web browser, and offer details on device types, modules, daughtercards, port types, revision levels, and serial numbers. Inter Nodal Link (INL) reports show bandwidth utilization, while a voice utilization report shows the number of DSP engines being utilized for voice compression, and which algorithms are being used. For additional information, visit the TimePlex Group Web site at www.timeplex.com


Ravlin Family
RedCreek Communications
3900 Newpark Mall Rd.
Newark, CA 94560
510-745-3900
The Ravlin family of network security solutions from RedCreek offers two options which allow VPN administrators to set up communications among multiple sites and users. The Ravlin 3200 uses triple-DES or DES to perform encryption at the wireline, and is geared toward small offices. It will interoperate with other Ravlin products for scalability and security over public or private networks.

The Ravlin 7100 was developed for larger corporations that need fast Ethernet speed connectivity, and a larger number of onsite or remote access connections. The unit offers full IPSec VPN capability, and faster encryption and decryption speeds, as well as authentication hardware and software. The Ravlin family may be deployed over new or existing networks. For more information, visit RedCreek's Web site at www.redcreek.com


PGP VPN Suite
Network Associates, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
408-988-3832
This complete suite of VPN client security products from Network Associates may be used independently, or in support of any standards-compliant VPN server or firewall. The PGP VPN suite integrates with PGP e-mail, file, and disk encryption, and is based on IPSec standards. The suite includes the Gauntlet VPN Server, the Gauntlet Firewall, and the X.509 Net Tools PKI - for remote access and business-to-business extranet security.

The suite offers easy administration and configuration, and may be pre-configured for a silent install by network administrators, with no effect on end users' desktops. Tens of thousands of custom clients may be created through management tools, and authentication may be made through any firewall. The suite is geared toward small and mid-sized businesses. For additional information, visit the Network Associates Web site at www.networkassociates.com


Fort Knox Family of Policy Routers
Internet Devices, Inc.
1287 Anvilwood Ave.
Sunnyvale, CA 94089
888-237-2244
For VPN policy-based management and security solutions, Internet Devices offers the Fort Knox Policy Router family. The Carrier/Enterprise Series is geared toward service providers and businesses with more than 10 locations, and includes the Policy Manager software for Web-based management, and the Policy Server hardware for creating centralized policies, managing users, and logging the database. The series also offers the Policy Router hardware for integration of VPN, firewall, and bandwidth management.

Geared toward businesses with up to 15 sites, the Professional Series offers plug-and-play management of bandwidth, firewall, and VPN policy. The series provides SoftStack modules to expand policy management features as security requirements increase. An installation wizard sets up security, access, and bandwidth policy for immediate operation upon installation. For more information, visit the Internet Devices Web site at www.internetdevices.com


RiverWorks Tunnel and Management Servers
Indus River Networks, Inc.
31 Nagog Park
Acton, MA 01720
978-266-8100
RiverWorks’ servers are intended for high-density, multi-protocol VPN traffic. The Tunnel Server has a high-speed processor for handling up to 2,000 simultaneous tunnels, through the company’s TurboTunnel enhancements to the IPSec and PPTP encryption protocols. Tunnel servers may be clustered in a data center, or spread out through several data processing facilities.

The RiverWorks Management Server offers policy management for administering user characteristics such as access control, dialing characteristics, and cost policies. Remote management is available through the Windows-based RiverMaster application. Administrators can optimize bandwidth usage and monitor tunnel performance through standard reports and network analysis screens. For more information, visit the Indus River Web site at www.indusriver.com


Access Point QVPN Router
Xedia Corporation
119 Russell St.
Littleton, MA 01460
978-952-6000
The Access Point T1/E1, 45, and ATM routers from Xedia provide CBQ VPN bandwidth management for policy-based control, as well as scalable IPSec encryption and L2TP support for onsite and remote access networking. The routers feature an encryption accelerator for 90 Mbps DES and triple-DES throughput, and also offer detailed traffic statistics for user charge-back and service-level monitoring.

The Access Point platform features a 200 MHz RISC processor with a fast-memory subsystem for low latency, as well as a PCI-bus I/O architecture for optimum LAN-to-WAN configurations. One 10/100 Mbps LAN is included, with support for DS3-rate PPP or frame relay connectivity. The T1 model can provide two 10/100 Mbps LANs with up to eight T1 frame relay or PPP interfaces. For more information, visit Xedia’s Web site at www.xedia.com


UUsecure VPN
UUNet (an MCI WorldCom company)
3060 Williams Dr.
Fairfax, Virginia 22031-4648
800-4-UUNET4
The UUNet network now allows businesses to run applications over VPN through the UUsecure VPN. This global, IP-based VPN service provides SLAs, built-in encryption, central network management and monitoring services, and bandwidth prioritization. The UU-secure offering will enable dedicated access, and is part of MCI Worldcom’s corporate networking services for support over multi-protocol LANs.

VPN access is available in the United States, and is scheduled for availability in 14 additional countries later this year. The service will provide a guaranteed average latency of 120 ms for roundtrip data transfer among U.S. and European sites respectively, as well as IPSec encryption with either 56-bit or 168-bit encryption and tunneling. For more information, visit UUNet’s Web site at www.uunet.com


LanRover VPN Express
Intel Network Systems, Inc. (formerly Shiva Corporation)
28 Crosby Dr.
Bedford, MA 01730
781-687-1000
Intel’s LanRover VPN Express system provides VPN solutions for small to mid-size companies that require remote access, Extranet, and LAN-to-LAN connectivity. The LanRover has a scalable, redundant architecture, with support for up to 50 simultaneous VPN tunnels. It uses triple-DES encryption, as well as a choice of X.509, RADIUS, Security Dynamics, or Windows NTDomains authentication schemes.

The system allows security to be configured on a tunnel-to-tunnel basis through the GUI-based Shiva VPN Manager, and all security functions are transparent to users. It may be used with an integrated firewall option, or can work with an existing firewall. The system offers IPSec tunneling, automated key management, and centralized authentication, authorization, and accounting. For more information, visit Intel’s Web site at www.intel.com


NetFortress VPN products
Fortress Technologies, Inc.
2701 N. Rocky Point Dr., Ste. 650
Tampa, FL 33607
813-288-7388
Fortress Technologies offers the NetFortress VPN-1, -10, and -100 hardware solutions for encryption, authentication, and integrity checking of VPN networks. The NetFortress products are self-configuring and compatible with any firewall. The hardware uses the Secure Packet Shield technology for automating all VPN operations at the network layer, including encryption, authentication, key exchange, data compression, and data integrity checking.

The NetFortress VPNs offer a platform-independent design, and use the IDEA and DES encryption algorithms. The VPN-1 offers 7 Mbps of throughput, the VPN-10 provides 13 Mbps of throughput, and the VPN-100 can provide up to 70 Mbps of encrypted throughput. For additional information, visit the Fortress Web site at www.fortresstech.com


Cisco 7100 Series VPN Router
Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134-1619
408-526-4000
Cisco’s high-end VPN router offers a host of features including tunneling, data encryption, security, bandwidth management, and service-level validation for remote-access and extranet connectivity over the public Internet. The router uses hardware configurations optimized for VPN applications, and offers embedded fast Ethernet and WAN interfaces for high-performance routing.

Both the 7120 and 7140 routers feature RISC processing, as well as a service module slot for hardware acceleration of encryption and compression. The models also offer a slot for LAN/WAN interface extensibility, and feature a two-rack unit design for rack space conservation. The series is scalable up to 2,000 simultaneous sessions, and uses triple-DES encryption at 90 Mbps. For additional information, visit Cisco’s Web site at www.cisco.com


Network Packet Access Concentrator (NETPAC) technology
Xylan Corporation (an Alcatel company)
26801 West Agoura Rd.
Calabasas, CA, 91301
818-880-3500
Xylan’s unique new concentrator technology offers a transition from WAN services to a VPN network through a combination of interface modules, software, and ASICs based on the company’s Omni Switch/Router. A router configured with the NETPAC technology offers scalability up to 8,000 frame relay or IP subscribers, with wire-speed routing of more than 12 million packets per second.

The routers have two or four DS-3 ports for 45 Mbps throughput, and can be configured up to 32 channelized ports per chassis. Each port may be divided into DS-1 or DS-0 channels, and NETPAC modules can be used in three- and five-slot platforms, for applications supporting 1,000–3,000 users. For more information, visit Xylan’s Web site at www.xylan.com


SmartGate VPN
V-ONE Corporation
20250 Century Blvd., Ste. 300
German, MD 20874
301-515-5200
A complete VPN client management solution is offered in the SmartGate VPN from V-ONE Corporation. The system is made up of the SmartPass Client, which is installed on a remote user’s desktop for VPN connection services to the SmartGate Server. The client manages user authentication and interfaces with several tokens, including an integrated digital token. The server manages authentication token deployment and registration, as well as session authentication, connection privileges, and event logging.

SmartGate offers online registration for thousands of remote users, and utilizes central VPN client management for access privileges. Other features include flexible integration with third-party authentication systems, and software-based identification of authorized users. The product also features the SmartAdmin Windows-based VPN management console for secure, remote administration of multiple SmartGate servers. For more information, visit V-ONE’s Web site at www.v-one.com


INTERNETpro
Internet Appliance, Inc.
40515 Encyclopedia Circle
Fremont, CA 94538
510-413-1068
The new INTERNETpro series from Internet Appliance uses the public Internet to provide a host of applications, combining VPN service with Internet access and a firewall. Other features include dual Intel XEON processor capabilities; e-mail, Web, FTP, DNS, and file/print servers; URL blocking; dynamic content screening; a redundant power supply; and multiple SCSI disk storage. The system is available with optional rack mounting.

The series offers advanced security with IPSec encryption, and gateway-to-gateway and host-to-host communications. The products also come with a firewall for support of application proxies, packet filtering, policy choices, NAT, and real-time monitoring. An additional feature is simple key management for IP (SKIP), which offers interoperability and anti-replay services. For more information, visit the Internet Appliance Web site at www.internetappliance.com







Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2023 Technology Marketing Corporation. All rights reserved | Privacy Policy