VPNs by the numbers

VPNs by the numbers<@VM>These hardware and software products can make it easy for you to build a VPN

An expanding assortment of products makes it possible to build your own for $5,000 or less

BY J.B. MILES | SPECIAL TO GCN

The market is hot for virtual private network products, with a wide assortment of high- and low-end hardware and software that make it easy to build a VPN.

VPNs are private data networks that run over public telecommunications networks such as the Internet. Data security is guaranteed by special, built-in tunneling protocols and encryption procedures. A VPN is transparent to users; to them it appears as a dedicated point-to-point connection.

New wave

VPNs are replacing traditional data communications methods such as frame relay, leased lines, asynchronous transfer mode networks and, in many sectors, even dial-up services. As the technology matures, it is likely that VPNs will be essential worldwide to organizations that have large data communications requirements.

Because they use the public telecom infrastructure instead of leased lines, VPNs can cost 60 percent to 80 percent less to implement than privately owned or leased-line systems. In addition, the use of advanced encryption and security standards guarantees that sensitive data will reach its destination unscathed, even though it has traveled over a public network.

'VPN products are real and here to stay,' said Jeff Wilson, executive director of market researcher Infonetics Research of San Jose, Calif. A recent Infonetics study predicted that the market for VPN products and services will rise from $6.3 billion last year to almost $40 billion by 2004. The market for dedicated VPN hardware alone hit almost $2 billion last year and is expected to grow significantly as manufacturers launch more products at lower prices.


The Lowdown

  • What is it? VPN technology is a combination of hardware and software components that create secure data tunnels across public networks such as the Internet.


  • How does it work? In most cases, VPN equipment at both ends of a network encapsulate and then unencapsulate data, allowing it to pass safely to intended recipients. To users, a VPN appears as a private, end-to-end dedicated line.


  • Is it safe? Yes. Advanced encryption and security protocols such as PPTP, L2TP and IPSec Tunnel Mode ensure safe data transmission.


  • Is it cost-effective? Extremely. Because it runs over public telecommunications infrastructures, a VPN can cost up to 80 percent less than dedicated leased lines.


  • Must-know info? VPN technology is maturing rapidly and represents the wave of the future for data communications. It is cost-effective and safe. Its high return on investment will likely outweigh any skittishness about investing in a new technology.

  • Three VPN configurations rule the marketplace: remote access, site-to-site and extranet.

    A remote access, or client-server, VPN lets dial-up modem or cable users access central resources through a secure Internet connection. By using a single local phone number supplied by an Internet service provider, remote users can connect to their organizations' servers as if they were using a dedicated point-to-point link.

    A site-to-site VPN connection links servers at several locations via the Internet. Using this method, an organization can turn many independent LANs into a cost-effective, secure virtual WAN.

    An extranet VPN connects a corporate network to those of selected customers, suppliers and other business partners via the Internet.

    Many options

    Whatever configuration best meets your requirements, many VPN hardware and software combinations are available. Organizations willing to roll their own VPNs can start, for $5,000 or less, by using any of the hardware appliances or client software packages listed in the chart on the next page.

    For organizations that lack technical expertise or start-up funds, dozens of Internet service providers or global backbone network providers such as WorldCom Inc.'s Uunet Technologies Inc. offer end-to-end VPN systems for monthly or annual fees.

    Any product listed in the chart can get you started building a very large VPN enterprise. Many can be scaled to fit the needs of small or large enterprises, and they often include security and management software, along with tunneling, encryption, firewalls and bandwidth management features.

    Prices scale similarly, from packages for less than $100 to others that run $20,000 or more. Do your homework: The key to getting your money's worth out of any package is knowing what you expect it to do.

    J.B. Miles of Pahoa, Hawaii, writes about communications and computers. E-mail him at jbmiles@gte.net.




















































































    CompanyProductDescription/Price

    Alcatel USA

    Plano, Texas

    972-477-2555

    www.alcatel.com

    7130 Secure VPN Gateway Series

    Hardware-based gateway series ranges from Model 7132 for small-office services to Model 7134 for large branch offices and Model 7137 for very-high-bandwidth use with T3 remote access; Secure VPN Management Suite and a secure VPN client available separately. Price: $2,895 to $10,990 for Models 7132 to 7134, depending on configuration.

    Check Point Software

    Technologies Inc.

    Redwood City, Calif.

    650-628-2000

    www.checkpoint.com

    VPN-1 Series

    Product family is covers all aspects of VPNs and includes software VPN gateways, plug-and-play VPN appliances, client-based VPN software, VPN acceleration cards and turnkey public-key infrastructure products. Price: $3,995 up for appliances and gateways.

    Cisco Systems Inc.

    San Jose, Calif.

    408-726-7208

    www.cisco.com

    7100 VPN Series

    Series of high-end, integrated VPN routers features VPN tunneling, data encryption, security, firewall, advanced bandwidth management and service-level validation; Model 7120 serves large branch offices and headquarters; Model 7140 comes in seven designs for high-demand VPN deployments; Cisco also sells the Secure PIXFirewall Suite, Firewall VPN Accelerator Card and CiscoWorks2000 Internet VPN Management Solution. Price: $1,495 to $4,000 per 7100 VPN router.

    Computer Associates

    International Inc.

    Islandia, N.Y.

    631-342-5224

    www.cai.com

    eTrust VPN

    VPN component of the eTrust Internet security suite provides VPN connections for remote users, safe-zones within an intranet and secure site-to-site communications; works across any firewall and supports all authentication and authorization technologies; CA also makes eTrust Firewall software. Price: $2,000 up per server.

    Cybernet Systems Corp.

    Ann Arbor, Mich.

    800-292-3763

    www.cybernet.com

    NetMAX VPN Server Suite

    VPN software suite comes with IPSec, 3-DES encryption and security, Internet Key Exchange (IKE) automatic key exchange, SHA-1 or MD5 prepacket authentication, 128-bit SSL for secure remote management, one 32-bit Windows client and a full version of NetMAX FireWall ProSuite. Price: $499.

    Cylink Corp.

    Santa Clara, Calif.

    408-855-6010

    www.cylink.com

    NetHawk

    VPN Internet appliance includes IPSec, site-to-site security, scalability, integration with existing network gear, central policy management, standard encryption, authentication, digital certificates and key management. Price: $3,900 to $7,500.

    Efficient Networks Inc.

    Dallas

    972-852-1000

    www.efficient.com

    TunnelBuilder 6.34

    VPN client software for Mac OS and Windows that uses the authentication and encryption technology in Microsoft's Point-to-Point Tunneling Protocol (PPTP) and Cisco/Microsoft's Layer 2 Tunneling Protocols to connect remote workers to their private networks; company also bundles SpeedStream Secure VPN software with its SpeedStream 5700 and 5800 routers. Price: $99 for Mac Version 5.09a; $49 for Windows Version 6.34.

    eSoft Inc.

    Broomfield, Colo.

    303-444-1600

    www.esoft.com

    InstaGate EX/EX2

    Hardware firewall with VPN network features is designed to support two to 250 users with IPSec, PPTP protocols, IKE and manual key management, 3-DES encryption, ESP Tunnel Mode, and MD5 and SHA authentication. Price: Less than $1,000 depending on value-added SoftPaks features.

    Eicon Technology Inc.

    Carrollton, Texas

    972-417-5500

    www.eicon.com

    Safepipe 25/50/100 Series

    Standalone VPN hardware appliance comes with built-in routing and firewall features and is bundled with 3-DES security, authentication and IPSec security protocols; company also sells VPN Client software and a VPN security token that plugs into any computer's USB port. Price: $1,890 to $69,490 up for Safepipe models.

    Enterasys Networks Inc.

    Rochester, N.Y.

    603-332-9400

    www.enterasys.com

    Aurorean Virtual Network

    Suite includes gateway and policy server, along with client software and software update service; provides 40-Mbps connections with 3-DES encryption, a scalable platform allowing worldwide access with central authentication, policy management, and an autolink recovery feature. Price: $14,000.

    Extended Systems

    Boise, Idaho

    208-322-7800

    www.extendedsystems.com

    ExtendNet VPN

    VPN hardware server provides a secure remote access channel using industry-standard encryption and security technologies; remote users can access the LAN via the Internet; supports standard SNMP management functions. Price: $1,999 to $2,999.

    Fortress Technologies

    Oldsmar, Fla.

    813-288-7388

    www.fortresstech.com

    NetFortress M Series

    Scalable VPN hardware appliance serves remote users, remote sites, central sites and SOHO applications for up to 6,500 users; IPSec, user authentication included with M-5 and M-10 models. Price: $1,995 to $34,995.

    InfoExpress Inc.

    Mountain View, Calif.

    650-623-0260

    www.infoexpress.com

    VTCP Suite

    Remote access VPN software consists of a remote VPN client
    and a VPN gateway. Price: $99 per seat for VPNClient, $2,495
    per server.

    Intel Corp.

    Santa Clara, Calif.

    408-765-8080

    www.intel.com

    NetStructure VPN Gateway Family

    Models 3110, 3120, 3125 and 3130 are scalable and stackable to provide high-speed PN Internet connections; each model comes with NetStructure VPN Client software, 3-DES security, circuit-level firewall protection, multiple authentication options and Windows management utilities. Price: $3,495 to $20,995.

    Lucent Technologies Inc.

    Murray Hill, N.J.

    908-582-8500

    www.lucent.com

    Lucent VPN Gateway

    Scalable VPN system consists of VPN Gateway 201, Security Management Software and Lucent IPSec Client software; Lucent also makes the VPN Firewall Brick 80 and 201 and the Superpipe 155 firewall and gateway combinations. Price: $9,995 up for the VPN Gateway depending on configuration.

    Microsoft Corp.

    Redmond, Wash.

    425-882-8080

    www.microsoft.com

    Routing and Remote Access Service

    API lets developers create applications for administering the routing and remote access service capabilities of Microsoft Windows 2000 Server. Price: Client and server services free to users of Windows 2000.

    Nokia Inc.

    Irving, Texas

    888-665-4228

    www.nokiausa.com

    Nokia Firewall/VPN Appliance Series

    Hardware VPN firewall and gateways include the IP110 for satellite offices, IP330 for small offices, IP440 for high-capacity service provider and enterprise requirements and IP650 for carrier-class applications; all are rackmountable and come with industry-standard encryption, security and addressing features. Price: $5,000 to $21,000.

    Nortel Networks Corp.

    Brampton, Ontario

    800-466-7835

    www.nortelnetworks.com

    Nortel IP Virtual Private Network

    Self-managed and carrier-managed VPNs based on Nortel's highly scalable Contivity switches that provide routing, firewall, bandwidth management, encryption authentication and data integrity for secure tunneling across managed IP networks and the Internet. Price: $7,000 to $50,000 per Contivity switch.

    Novell Inc.

    Provo, Utah

    801-861-7000

    www.novell.com

    BorderManager VPN Services 3.6

    VPN component of Novell's Enterprise Edition Suite can be used to develop site-to-site, client-server and extranet VPNs; comes with 3-DES encryption and can serve up to 1,000 dial-up users. Price: $750 per 25-user license.

    PGP Security

    Santa Clara, Calif.

    972-308-9960

    www.pgp.com

    PGP VPN Suite

    Out-of-the-box set of software combines PGP Desktop Security, Gauntlet VPN and Net Tools PKI Server in one package; includes a personal firewall, VPN client component, Gauntlet VPN gateway, multiple encryption and authentication standards and certificate distribution. Price: $21 to $63 per seat for VPN client; $595 to $4,995 for PGP 5-150 e-ppliances; $13,800 for PGP 300/310/320 e-ppliances; $6,000 for Gauntlet 6.0 Firewall and VPN Gateway.

    RadGuard Inc.

    Bedford, Mass.

    781-271-1414

    www.radguard.com

    clPro Family

    Models 2000/3000 of scalable VPN gateways come with IPSec/IKE features and are designed for remote and branch offices; models 2500/2600 add enterprise-level security with up to 168-bit 3-DES encryption; model 5000 is a standalone VPN system with a firewall and SNMP management; clPro Client is IPSec software for remote users. Price: $1,950 to $6,450 per gateway.

    RedCreek Communications Inc.

    Newark, Calif.

    510-745-3900

    www.redcreek.com

    Ravlin Product Family

    Suite of VPN products is based on IPSec encryption and authentication hardware; Personal Ravlin II is a single-user hardware client; Ravlin 3200 is a hardware appliance that encrypts and decrypts up to T1 band rates; Ravlin 10/5100 is a gateway that secures communications on private and public Ethernets; Ravlin 7100 is a high-end VPN gateway that provides up to T3 bandwidth; Ravlin IPSec Card is a PCI Card that provides NT and Linux servers with IPSec encryption and authentication; Ravlin Soft is a client software tool. Price: $500 to $7,900 per gateway.

    SafeNet Inc.

    Baltimore

    410-931-7500

    www.safenet-inc.com

    Soft-PK 5.0

    IPSec encryption and authentication client software comes with 3-DES that secures client-to-gateway or client-to-client VPN communications from a PC over TCP/IP networks, including the Internet. Price: $99 per copy.

    SonicWall Inc.

    Sunnyvale, Calif.

    408-745-9600

    www.sonicwall.com

    SonicWall Internet Security Appliances

    Family of Internet appliances bundled with IPSec VPN standards includes SonicWallTele2 and SOHO2 for small branch offices, SonicWall Pro for medium-to-large sites and SonicWall Pro-VX for very-high-bandwidth VPN requirements. Price: $595 to $4,995.

    Symantec Corp.

    Cupertino, Calif.

    408-517-8000

    www.symantec.com

    PowerVPN 6.5

    Firewall-independent VPN server is integrated with RaptorMobile client software for large enterprise users; employs proxy scanning technology to monitor and control all traffic; centrally manages users by policy and comes with optional authentication technologies. Fully IPSec/IKE compliant. Price: $1,460 to $14,633.

    TrustWorks Ltd.

    San Jose, Calif.

    888-425-4848

    www.trustworks.com

    Trusted GPN Security Suite 3.1

    Software and hardware toolkit integrates and manages VPN components, smart cards, authentication tools, firewalls and multiple encryption technologies in a seamless network; comes with Global Security Manager software and client, server and gateway components with an encryption plug-in. Price: $20,000.

    Watchguard Technologies Inc.

    Seattle

    206-521-8340

    www.watchguard.com

    LiveSecurity System

    Scalable security system for small-to-large enterprises comes
    with centralized management, firewall and VPN features, LiveSecurity service and a choice of plug-and-play Firebox security appliances. Price: $12,990 for base system with the Firebox II FastVPN.


    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above