Two years ago, there seemed to be as many definitions of Virtual Private Networks as there were vendors.
Some vendors concentrated on hardware devices that provided a gateway and established communications channels across a public network. These devices included router capabilities and firewall security. Other vendors offered software solutions that ran on the server and the client workstation. In addition, several resellers and manufacturers bundled software and hardware to create a VPN. Others simply provided components, tools and utilities.
While the VPN market has stabilized with standards and products, traditional VPN service, based on ATM or Frame Relay, has given way to Internet Protocol (IP) and the Internet. IP-VPNs will be the central enabler of the new millennium economy, characterized by integrated global enterprises, electronic commerce, and just-in-time production, according to Cahners In-Stat Group.
IP-VPNs are taking market share away from traditional VPN services because of “lower costs, faster provisioning of service, improved security and greater ubiquity of service,” said Henry Goldberg, senior analyst with In-Stat’s Voice and Data Communications Service. According to a survey of VPN users, three-quarters of large U.S. organizations have either implemented an IP-VPN or plan to implement one within the next two years.
Managers have two options for implementing an IP-VPN: in-house, or as an outsourced service.
Goldberg said, “The vast majority of end-users currently implement in-house IP-VPNs, and there is no indication that this will change significantly for those planning future IP-VPNs. Outsourced IP-VPN service providers will have to do a much better job of marketing the advantages of outsourced IP-VPN service in order to gain market share.”
The In-Stat Survey also found:
- Large organizations with in-house IP-VPNs will spend roughly and average of $200,000 per year on customer equipment.
- Cisco is the preferred vendor for customer premise IPSec equipment.
- Large organizations with an outsourced IP-VPN service will spend over $500,000 per year on average for their outsourced service.
In researching VPNs, you may come across the following keywords describing product offerings, so we’ve provided brief definitions. In addition, because the VPN product market is crowded, we’ve provided a glimpse of products available to network managers for implementing in-house VPNs or managing their current implementations, as well as a link for additional information from the vendors.
- PPTP — Point-to-Point Tunneling Protocol, developed by Microsoft and U.S. Robotics, provides a secure connections using the Layer 2 of the OSI model. It uses existing PPP technology, provides flow control, and safeguards the data using Microsoft Point-to-Point Encryption. It requires Microsoft NT servers to operate.
- L2F — Layer 2 Forwarding supports VPN connections by taking data and forwarding it to the proper destination. In a sense, these devices work like bridges across a switched network.
- L2TP — Layer 2 Tunneling Protocol combines the features of PPTP and L2F. The protocol runs on frame relay and ATM links as well as switched networks and supports authentication to verify that the sender is permitted to access and transmit data. It does not encrypt transmissions, but it will work in conjunction with IPSec.
- IPSec compliant — These products provide encryption facilities for data transmissions. They only work with the Internet Protocol and can either encrypt the entire IP packet or only encrypt the data. The latter approach then uses the original IP address to establish the tunnel and transport the encrypted data. IPSec products operate at Layer 3 of the OSI model.
- Remote clients — These products allow users who are not physically at the site of a network to establish a Private Virtual connection between their workstation and the remote server.
- Non-IP protocols — Many VPN products use IP protocols to create the tunnel for data transmissions. A few, however, can implement other protocols, and this may be needed for some installations.
- Key management software — Key management software allows communications managers to control the distribution of encryption keys.
- Hardware certificate authorization — These devices send a certificate that identifies the sending and receiving systems. Once the devices validate the certificate, they establish a tunnel and transmit the data.
Vendor: Avaya Communications Product: VPNmanager Series NOS: Windows 2000, NT, Solaris www1.avaya.com/enterprise/who/docs/vpnmanager/ Vendor: CheckPoint Software Product: VPN-1 Product Family NOS: Windows 2000, NT, Solaris, RedHat Linux, HP-UX, IBM-AIX www.checkpoint.com/products/vpn1/index.html Vendor: Cisco Systems Product: Cisco VPN Clients NOS: Windows 95, 98, 2000, ME, NT www.cisco.com/warp/public/cc/pd/vpnc/vpncl/ Vendor: Fortress Technologies Product: NetFortress M-Series NOS: Windows 95, 98, 2000, NT www.fortresstech.com Vendor: Lucent Technologies Product: VPN Firewall Family www.lucent.com/products/solution Vendor: Nortel Networks Product: Contivity VPN Switches NOS: Windows 95, 98, 2000, NT www.nortelnetworks.com/products/01/contivity/fandb.html Vendor: PGP Security Product: Gauntlet Firewall and VPN NOS: Windows, NT, Solaris, HP-UX www.pgp.com/products/gauntlet/default.asp Vendor: RedCreek Communications Product: 3VPN Client Manager NOS: Windows 98, 2000, ME, NT www.redcreek.com/products/3VPN.html Vendor: Symantec Corporation Product: Symantec Enterprise VPN NOS: Windows 2000, NT, Solaris enterprisesecurity.symantec.com/products/ Vendor: V-One Corporation Product: SmartGate NOS: Windows 2000, NT, Solaris, RedHat Linux www.v-one.com/products/smartgate.html