Product Briefing: Virtual Private Networks

While the Virtual Private Network market has stabilized with standards and products, traditional VPN service, based on ATM or Frame Relay, has given way to the Internet. Internet protocol VPNs will be the central enabler of the new millennium economy. We catalogue a glossary of terms and primary vendors.
Two years ago, there seemed to be as many definitions of Virtual Private Networks as there were vendors.

Some vendors concentrated on hardware devices that provided a gateway and established communications channels across a public network. These devices included router capabilities and firewall security. Other vendors offered software solutions that ran on the server and the client workstation. In addition, several resellers and manufacturers bundled software and hardware to create a VPN. Others simply provided components, tools and utilities.

While the VPN market has stabilized with standards and products, traditional VPN service, based on ATM or Frame Relay, has given way to Internet Protocol (IP) and the Internet. IP-VPNs will be the central enabler of the new millennium economy, characterized by integrated global enterprises, electronic commerce, and just-in-time production, according to Cahners In-Stat Group.

IP-VPNs are taking market share away from traditional VPN services because of "lower costs, faster provisioning of service, improved security and greater ubiquity of service," said Henry Goldberg, senior analyst with In-Stat's Voice and Data Communications Service. According to a survey of VPN users, three-quarters of large U.S. organizations have either implemented an IP-VPN or plan to implement one within the next two years.

Managers have two options for implementing an IP-VPN: in-house, or as an outsourced service.

Goldberg said, "The vast majority of end-users currently implement in-house IP-VPNs, and there is no indication that this will change significantly for those planning future IP-VPNs. Outsourced IP-VPN service providers will have to do a much better job of marketing the advantages of outsourced IP-VPN service in order to gain market share."

The In-Stat Survey also found:

  • Large organizations with in-house IP-VPNs will spend roughly and average of $200,000 per year on customer equipment.
  • Cisco is the preferred vendor for customer premise IPSec equipment.
  • Large organizations with an outsourced IP-VPN service will spend over $500,000 per year on average for their outsourced service.
In researching VPNs, you may come across the following keywords describing product offerings, so we've provided brief definitions. In addition, because the VPN product market is crowded, we've provided a glimpse of products available to network managers for implementing in-house VPNs or managing their current implementations, as well as a link for additional information from the vendors.

  • PPTP -- Point-to-Point Tunneling Protocol, developed by Microsoft and U.S. Robotics, provides a secure connections using the Layer 2 of the OSI model. It uses existing PPP technology, provides flow control, and safeguards the data using Microsoft Point-to-Point Encryption. It requires Microsoft NT servers to operate.
  • L2F -- Layer 2 Forwarding supports VPN connections by taking data and forwarding it to the proper destination. In a sense, these devices work like bridges across a switched network.
  • L2TP -- Layer 2 Tunneling Protocol combines the features of PPTP and L2F. The protocol runs on frame relay and ATM links as well as switched networks and supports authentication to verify that the sender is permitted to access and transmit data. It does not encrypt transmissions, but it will work in conjunction with IPSec.
  • IPSec compliant -- These products provide encryption facilities for data transmissions. They only work with the Internet Protocol and can either encrypt the entire IP packet or only encrypt the data. The latter approach then uses the original IP address to establish the tunnel and transport the encrypted data. IPSec products operate at Layer 3 of the OSI model.
  • Remote clients -- These products allow users who are not physically at the site of a network to establish a Private Virtual connection between their workstation and the remote server.
  • Non-IP protocols -- Many VPN products use IP protocols to create the tunnel for data transmissions. A few, however, can implement other protocols, and this may be needed for some installations.
  • Key management software -- Key management software allows communications managers to control the distribution of encryption keys.
  • Hardware certificate authorization -- These devices send a certificate that identifies the sending and receiving systems. Once the devices validate the certificate, they establish a tunnel and transmit the data.

Vendor: Avaya Communications
Product: VPNmanager Series
NOS: Windows 2000, NT, Solaris
www1.avaya.com/enterprise/who/docs/vpnmanager/


Vendor: CheckPoint Software
Product: VPN-1 Product Family
NOS: Windows 2000, NT, Solaris, RedHat Linux, HP-UX, IBM-AIX
www.checkpoint.com/products/vpn1/index.html


Vendor: Cisco Systems
Product: Cisco VPN Clients
NOS: Windows 95, 98, 2000, ME, NT 
www.cisco.com/warp/public/cc/pd/vpnc/vpncl/


Vendor: Fortress Technologies
Product: NetFortress M-Series
NOS: Windows 95, 98, 2000, NT
www.fortresstech.com


Vendor: Lucent Technologies
Product: VPN Firewall Family
www.lucent.com/products/solution


Vendor: Nortel Networks
Product: Contivity VPN Switches
NOS: Windows 95, 98, 2000, NT
www.nortelnetworks.com/products/01/contivity/fandb.html


Vendor: PGP Security
Product: Gauntlet Firewall and VPN
NOS: Windows, NT, Solaris, HP-UX
www.pgp.com/products/gauntlet/default.asp


Vendor: RedCreek Communications
Product: 3VPN Client Manager 
NOS: Windows 98, 2000, ME, NT
www.redcreek.com/products/3VPN.html


Vendor: Symantec Corporation
Product: Symantec Enterprise VPN 
NOS: Windows 2000, NT, Solaris
enterprisesecurity.symantec.com/products/


Vendor: V-One Corporation
Product: SmartGate 
NOS: Windows 2000, NT, Solaris, RedHat Linux 
www.v-one.com/products/smartgate.html

Danya Delmonico writes for CrossNodes, an internet.com site where this story first appeared. For more detailed information on VPNs, click here.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.