VPN technology by the numbers<@VM>These hardware and software products can make it easy for you to build a VPN
The market is hot for virtual private network products, with a wide assortment of high- and low-end hardware and software that make it easy to build a VPN.
VPNs are private data networks that run over public telecommunications networks such as the Internet. Data security is guaranteed by special, built-in tunneling protocols and encryption procedures. A VPN is transparent to users; to them it appears as a dedicated point-to-point connection.
VPNs are replacing traditional data communications methods such as frame relay, leased lines, asynchronous transfer mode networks and, in many sectors, even dial-up services. As the technology matures, it is likely that VPNs will be essential worldwide to organizations that have large data communications requirements.
Because they use the public telecom infrastructure instead of leased lines, VPNs can cost 60 percent to 80 percent less to implement than privately owned or leased-line systems. In addition, the use of advanced encryption and security standards guarantees that sensitive data will reach its destination unscathed, even though it has traveled over a public network.
'VPN products are real and here to stay,' said Jeff Wilson, executive director of market researcher Infonetics Research of San Jose, Calif. A recent Infonetics study predicted that the market for VPN products and services will rise from $6.3 billion last year to almost $40 billion by 2004. The market for dedicated VPN hardware alone hit almost $2 billion last year and is expected to grow significantly as manufacturers launch more products at lower prices.
Three VPN configurations rule the marketplace: remote access, site-to-site and extranet.
A remote access, or client-server, VPN lets dial-up modem or cable users access central resources through a secure Internet connection.
By using a single local phone number supplied by an Internet service provider, remote users can connect to their organizations' servers as if they were using a dedicated point-to-point link.
A site-to-site VPN connection links servers at several locations via the Internet. Using this method, an organization can turn many independent LANs into a cost-effective, secure virtual WAN.
An extranet VPN connects a corporate network to those of selected customers, suppliers and other business partners via the Internet.
Whatever configuration best meets your requirements, many VPN hardware and software combinations are available. Organizations willing to roll their own VPNs can start, for $5,000 or less, by using any of the hardware appliances or client software packages listed in the chart on the next page.
For organizations that lack technical expertise or start-up funds, dozens of Internet service providers or global backbone network providers such as WorldCom Inc.'s Uunet Technologies Inc. offer end-to-end VPN systems for monthly or annual fees.
Any product listed in the chart can get you started building a very large VPN enterprise. Many can be scaled to fit the needs of small or large enterprises, and they often include security and management software, along with tunneling, encryption, firewalls and bandwidth management features.
Prices scale similarly, from packages for less than $100 to others that run $20,000 or more. Do your homework: The key to getting your money's worth out of any package is knowing what you expect it to do.
7130 Secure VPN Gateway Series
Hardware-based gateway series ranges from Model 7132 for small-office services to Model 7134 for large branch offices and Model 7137 for very-high-bandwidth use with T3 remote access; Secure VPN Management Suite and a secure VPN client available separately. Price: $2,895 to $10,990 for Models 7132 to 7134, depending on configuration.
Check Point Software
Redwood City, Calif.
Product family is covers all aspects of VPNs and includes software VPN gateways, plug-and-play VPN appliances, client-based VPN software, VPN acceleration cards and turnkey public-key infrastructure products. Price: $3,995 up for appliances and gateways.
Cisco Systems Inc.
San Jose, Calif.
7100 VPN Series
Series of high-end, integrated VPN routers features VPN tunneling, data encryption, security, firewall, advanced bandwidth management and service-level validation; Model 7120 serves large branch offices and headquarters; Model 7140 comes in seven designs for high-demand VPN deployments; Cisco also sells the Secure PIXFirewall Suite, Firewall VPN Accelerator Card and CiscoWorks2000 Internet VPN Management Solution. Price: $1,495 to $4,000 per 7100 VPN router.
VPN component of the eTrust Internet security suite provides VPN connections for remote users, safe-zones within an intranet and secure site-to-site communications; works across any firewall and supports all authentication and authorization technologies; CA also makes eTrust Firewall software. Price: $2,000 up per server.
Cybernet Systems Corp.
Ann Arbor, Mich.
NetMAX VPN Server Suite
VPN software suite comes with IPSec, 3-DES encryption and security, Internet Key Exchange (IKE) automatic key exchange, SHA-1 or MD5 prepacket authentication, 128-bit SSL for secure remote management, one 32-bit Windows client and a full version of NetMAX FireWall ProSuite. Price: $499.
Santa Clara, Calif.
VPN Internet appliance includes IPSec, site-to-site security, scalability, integration with existing network gear, central policy management, standard encryption, authentication, digital certificates and key management. Price: $3,900 to $7,500.
Efficient Networks Inc.
VPN client software for Mac OS and Windows that uses the authentication and encryption technology in Microsoft's Point-to-Point Tunneling Protocol (PPTP) and Cisco/Microsoft's Layer 2 Tunneling Protocols to connect remote workers to their private networks; company also bundles SpeedStream Secure VPN software with its SpeedStream 5700 and 5800 routers. Price: $99 for Mac Version 5.09a; $49 for Windows Version 6.34.
Hardware firewall with VPN network features is designed to support two to 250 users with IPSec, PPTP protocols, IKE and manual key management, 3-DES encryption, ESP Tunnel Mode, and MD5 and SHA authentication. Price: Less than $1,000 depending on value-added SoftPaks features.
Eicon Technology Inc.
Safepipe 25/50/100 Series
Standalone VPN hardware appliance comes with built-in routing and firewall features and is bundled with 3-DES security, authentication and IPSec security protocols; company also sells VPN Client software and a VPN security token that plugs into any computer's USB port. Price: $1,890 to $69,490 up for Safepipe models.
Enterasys Networks Inc.
Aurorean Virtual Network
Suite includes gateway and policy server, along with client software and software update service; provides 40-Mbps connections with 3-DES encryption, a scalable platform allowing worldwide access with central authentication, policy management, and an autolink recovery feature. Price: $14,000.
VPN hardware server provides a secure remote access channel using industry-standard encryption and security technologies; remote users can access the LAN via the Internet; supports standard SNMP management functions. Price: $1,999 to $2,999.
NetFortress M Series
Scalable VPN hardware appliance serves remote users, remote sites, central sites and SOHO applications for up to 6,500 users; IPSec, user authentication included with M-5 and M-10 models. Price: $1,995 to $34,995.
Mountain View, Calif.
Remote access VPN software consists of a remote VPN client
and a VPN gateway. Price: $99 per seat for VPNClient, $2,495
Santa Clara, Calif.
NetStructure VPN Gateway Family
Models 3110, 3120, 3125 and 3130 are scalable and stackable to provide high-speed PN Internet connections; each model comes with NetStructure VPN Client software, 3-DES security, circuit-level firewall protection, multiple authentication options and Windows management utilities. Price: $3,495 to $20,995.
Lucent Technologies Inc.
Murray Hill, N.J.
Lucent VPN Gateway
Scalable VPN system consists of VPN Gateway 201, Security Management Software and Lucent IPSec Client software; Lucent also makes the VPN Firewall Brick 80 and 201 and the Superpipe 155 firewall and gateway combinations. Price: $9,995 up for the VPN Gateway depending on configuration.
Routing and Remote Access Service
API lets developers create applications for administering the routing and remote access service capabilities of Microsoft Windows 2000 Server. Price: Client and server services free to users of Windows 2000.
Nokia Firewall/VPN Appliance Series
Hardware VPN firewall and gateways include the IP110 for satellite offices, IP330 for small offices, IP440 for high-capacity service provider and enterprise requirements and IP650 for carrier-class applications; all are rackmountable and come with industry-standard encryption, security and addressing features. Price: $5,000 to $21,000.
Nortel Networks Corp.
Nortel IP Virtual Private Network
Self-managed and carrier-managed VPNs based on Nortel's highly scalable Contivity switches that provide routing, firewall, bandwidth management, encryption authentication and data integrity for secure tunneling across managed IP networks and the Internet. Price: $7,000 to $50,000 per Contivity switch.
BorderManager VPN Services 3.6
VPN component of Novell's Enterprise Edition Suite can be used to develop site-to-site, client-server and extranet VPNs; comes with 3-DES encryption and can serve up to 1,000 dial-up users. Price: $750 per 25-user license.
Santa Clara, Calif.
PGP VPN Suite
Out-of-the-box set of software combines PGP Desktop Security, Gauntlet VPN and Net Tools PKI Server in one package; includes a personal firewall, VPN client component, Gauntlet VPN gateway, multiple encryption and authentication standards and certificate distribution. Price: $21 to $63 per seat for VPN client; $595 to $4,995 for PGP 5-150 e-ppliances; $13,800 for PGP 300/310/320 e-ppliances; $6,000 for Gauntlet 6.0 Firewall and VPN Gateway.
Models 2000/3000 of scalable VPN gateways come with IPSec/IKE features and are designed for remote and branch offices; models 2500/2600 add enterprise-level security with up to 168-bit 3-DES encryption; model 5000 is a standalone VPN system with a firewall and SNMP management; clPro Client is IPSec software for remote users. Price: $1,950 to $6,450 per gateway.
RedCreek Communications Inc.
Ravlin Product Family
Suite of VPN products is based on IPSec encryption and authentication hardware; Personal Ravlin II is a single-user hardware client; Ravlin 3200 is a hardware appliance that encrypts and decrypts up to T1 band rates; Ravlin 10/5100 is a gateway that secures communications on private and public Ethernets; Ravlin 7100 is a high-end VPN gateway that provides up to T3 bandwidth; Ravlin IPSec Card is a PCI Card that provides NT and Linux servers with IPSec encryption and authentication; Ravlin Soft is a client software tool. Price: $500 to $7,900 per gateway.
IPSec encryption and authentication client software comes with 3-DES that secures client-to-gateway or client-to-client VPN communications from a PC over TCP/IP networks, including the Internet. Price: $99 per copy.
SonicWall Internet Security Appliances
Family of Internet appliances bundled with IPSec VPN standards includes SonicWallTele2 and SOHO2 for small branch offices, SonicWall Pro for medium-to-large sites and SonicWall Pro-VX for very-high-bandwidth VPN requirements. Price: $595 to $4,995.
Firewall-independent VPN server is integrated with RaptorMobile client software for large enterprise users; employs proxy scanning technology to monitor and control all traffic; centrally manages users by policy and comes with optional authentication technologies. Fully IPSec/IKE compliant. Price: $1,460 to $14,633.
San Jose, Calif.
Trusted GPN Security Suite 3.1
Software and hardware toolkit integrates and manages VPN components, smart cards, authentication tools, firewalls and multiple encryption technologies in a seamless network; comes with Global Security Manager software and client, server and gateway components with an encryption plug-in. Price: $20,000.
Watchguard Technologies Inc.
Scalable security system for small-to-large enterprises comes
with centralized management, firewall and VPN features, LiveSecurity service and a choice of plug-and-play Firebox security appliances. Price: $12,990 for base system with the Firebox II FastVPN.