Forwarded From: darek milewski <darekm@cmeasures.com>
http://www.infoworld.com/cgi-bin/displayShow.pl?990121.wnvpn.htm
VPN technology bandwagon grows
By Stephen Lawson
InfoWorld Electric
Virtual private network (VPN) initiatives from mainstream vendors, as
well as advances from specialized companies that will boost the power of
VPNs to serve large enterprises, will put the spotlight on the expanding
VPN market at next week's ComNet '99 conference in Washington.
VPN technology, which can secure communications via the Internet or a
shared IP network, is expected to reach more enterprises this year.
Resistance to VPNs is giving way to enthusiasm, as VPN standards gain
wider acceptance, performance increases, and large vendors join the fray,
analysts and users say.
Using the Internet or a shared service provider network for corporate
communications can represent huge savings from leased lines or frame-relay
services. In addition, it can open up channels of communication where none
existed before - such as among partner companies or between headquarters
and an isolated branch office.
What has held some large enterprises back are concerns about security,
reliability, ease of use, and performance. But the latest moves by large
vendors, as well as products to be introduced next week by VPN
specialists, promise to ease those fears.
3Com will make a VPN push this spring that includes support for digital
certificates, as well as a client software that supports the IP Security
(IPSec) and Lightweight Directory Access Protocol standards. The company
recently introduced a co-processor for network devices that encrypts
traffic at 100Mbps. And this week Cisco Systems outlined its strategy for
enterprise VPNs, complementing its VPN initiative for service provider
products.
Users are responding well to advances in the technology.
"It's matured significantly over the last 12 months," says Dave Brown,
an IS manager at the New York Times, in New York. Brown cited greater
reliability, as well as wider acceptance of IPSec and digital certificate
technology from companies such as Entrust and VeriSign.
One 3Com user who had avoided deploying applications over the Internet
for security reasons is now trying out a recently introduced 3Com VPN
router to link outlying doctors' offices with his Albuquerque, N.M.,
medical center.
"What really appealed to me is that it's a supported product [made] by
3Com," says Ed Carpenter, an infrastructure engineer at St. Joseph
Healthcare. "The fact that they've jumped on the bandwagon is good."
Analysts say big players are diving in because enterprises are starting
to demand VPN technology.
"It'll be what you need to get through the door to an enterprise in
1999," says Jeremy Duke, president of Synergy Research Group, in Phoenix.
As the giants wield their name recognition, VPN specialists are not
standing still. One analyst says VPNs have reached a new milestone.
"We are now seeing third-generation VPN products," says Greg Howard, an
analyst at Infonetics Research, in San Jose, Calif. The first VPN products
were software-based, Howard says, and the second generation consisted of
hardware-software combinations. The latest generation will address
scalability and reliability.
A start-up set to unveil its first product at ComNet epitomizes this
development.
Network Alchemy will introduce and demonstrate a VPN server, the VPN
Server 5000, that can be clustered with as many as 255 others, forming a
resilient lineup of devices that can provide the capacity to support
massive enterprise VPN applications. A potential use would be connecting a
credit card company with all of its customer stores.
A server co-location provider believes the Network Alchemy product could
vastly expand its service to enterprises.
"It will allow us to promote outsourcing of high-speed, high-capacity
servers for the enterprise," says Dennis Nugent, a project manager at
AboveNet, in San Jose, Calif. "Before, the speed just wasn't high enough."
Nugent says the hardware would allow AboveNet to host demanding
applications such as enterprise resource planning and voice-over-IP
services.
Each VPN Server 5000 can perform IPSec encryption and authentication on
traffic at Fast Ethernet rates. Until recently, the fastest IPSec devices
could handle only approximately 45Mbps. Network Alchemy officials say
each server will support 20,000 concurrent sessions.
In addition, if one server fails, the sessions it is handling can shift
automatically to other servers in the cluster. Because the sessions are
not lost, there is no interruption while users are reauthenticated.
VPNet also will unveil and show off clustering capability and higher
performance. Its VPN Service Unit 1100 will perform IPSec functions at
90Mbps and support 5,000 concurrent sessions. A software upgrade to be
introduced at the show will allow each server to be linked to a second
server for fail-over.
The VPNWare 2.5 software also will allow administrators to distribute
security configurations to clients from a central location.
A big performance boost is also coming from Nokia, a European maker of
telecommunications products that wields technology from IP switch pioneer
Ipsilon. Nokia will introduce at the show IP 650 Reliant, its latest
combined router and firewall. The 650 will feature a 450-MHz Pentium II
processor for faster IPSec processing.
But continued advances into the VPN market by established vendors are
moving the technology closer to the mainstream. In addition to Cisco and
3Com, Nortel Networks and ATM equipment vendor Newbridge Networks are
placing major bets on VPNs.
Newbridge will introduce the first product in its Versatile-IP strategy
for VPNs. The MainStreetXpress 36100 Access Concentrator is designed to
feed into centrally managed VPNs that run over existing technologies such
as frame relay and ATM.
"Things are maturing," says Dan Merriman, an analyst at the Giga
Information Group, in Cambridge, Mass. "We are starting to see some major
corporations do product-level implementations of VPNs for remote access."
But Merriman still advises users to weigh the benefits of a VPN against
the risks of adopting a relatively new technology.
"There are ways of saving money, but you have to realize the maturity
and performance issues you're taking on," Merriman says.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:08:01 1999