Virtual private networks

Featured eBooks
Artificial Intelligence and Efficiency
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
How Dash Cams Reduce Risk and Deliver Clear ROI for the U.S. Public Sector
Presented By Carahsoft | Samsara
Download Now
Delivering Efficiency in Cyber Risk Management for Federal Agencies with a Risk Operations Center
Presented By Qualys
Download Now
By GCN

By GCN

|

Take a look outside your office at the nearest freeway. If it's packed, you'll see why analysts say that virtual private networks are on the verge of a major boom. (If it's not, wait a few weeks.)

'To give you an idea, Lucent has 150,000 employees. We're in the early parts of a VPN deployment, and in our company people keep calling me up and asking about getting into these trials,' he said.According to market research firm Inter-national Data Corp. of Fram-ingham, Mass., the remote- and mobile-employee segment of the U.S. work force will jump from 35.7 million this year to 47.1 million by 2003.'U.S. corporations are investing information technology dollars in building an infrastructure that supports a growing remote and mobile work force because companies that leverage remote and mobile technologies have an advantage over others and can reduce their rate of attrition,' said Stephen Drake, senior analyst with IDC's remote intranet software research program. 'As a result, the corporate culture is changing, and many companies are instituting optional or mandatory telecommuting for their employees.'According to Infonetics Research of San Jose, Calif., dedicated VPN hardware revenues totaled $59 million in the second quarter this year, a 59 percent increase from the first quarter. Revenues are expected to reach $293 million by the second quarter of 2000. Sales of routers enabled for VPNs hit $512 million in the second quarter this year and are expected to hit $757 million during the same period next year.At the same time, creating and managing VPNs is becoming easier for large enterprises and organizations, said Shannon Pleasant, a manager with Cahners In-Stat Group of Newton, Mass.'It's definitely easier now than it was 12 or 24 months ago,' Pleasant said. 'We now have the emergence of true VPN gateways, and not the daisychaining of existing hardware together. There's less struggle for users with things such as encryption.'All this combines to make VPNs more economical for users who are strapped with high leased-line costs, said Lori Cramer, a VPN product manager at Intel Network Systems of Bedford, Mass.'Customers say VPN pays off in a month or two; the actual rate depends on alternative solutions and connectivity,' Cramer said. 'We had one customer who was connected to a site overseas via private lines; that paid off in 45 days.'We're seeing an increase in the deployment of VPN,' she said. 'The market has gone from the innovator stage to the early adopter stage.'Another factor moving VPNs forward is the rapid rise of business-to-business internetworking, Cramer said.'We're also seeing an increase in business-to-business e-commerce, which is driving the need for companies to communicate business to business as well as with their customers,' she said. 'All of this is driving the demand for VPN, since the communications link has to be trusted.'The biggest factor, Cramer and Pleasant agree, is that using VPN is much cheaper than leased access.Whereas a leased T1 line can cost $20,000 per month, Pleasant said, the addition of equipment and charges for management and maintenance can drive the first-year expense to about $300,000.Using a VPN can decrease that tab, Cramer said. A VPN decreases monthly line charges to $12,000, Pleasant said. 'There's no management fee; hardware is about $20,000 up front. So the first-year cost is about $150,000,' she said.'The caveat is how many remote sites you have to manage and how often they need to be connected to you,' Pleasant said. 'If you have a lot of remote users or if you want to establish an intranet or extranet environment, a VPN is a great way' to go.Lucent's Moore said users will want to have a broad selection of equipment from which to choose when setting up VPNs at their headquarters and remote sites.'One size fits all is not what customers want,' Moore said. 'In a typical VPN application, you have a headquarters site with high bandwidth needs, and then link up DSL users around the country and a couple of small offices. If you take one device and try to fit in, that doesn't work well.'Users also need to be able to scale their systems in a hotel room, Moore said.'When I do some simple math, I've gotten up to 480 Kbps with Triple Data Encryption Standard back to Lucent, which is probably 15 times the speed of dial-up,' Moore said. 'With 100 colleagues, that's close to 45 megabits at a peak connection rate. The implication of widespread VPNs for remote access is you need high bandwidth on the back end, both in service provider pipes and in back-end products.'The most important thing to look for is management software capabilities. The hardware is not that complicated, but being able to administer 1,000 users if you don't have the right infrastructure in place' is a challenge.Moore suggested that although there are good management tools available in the traditional remote-access world, the situation is mixed for VPN users.Buyers need to be careful, Moore said.At the same time, security is a factor, particularly in government applications.Almost all major VPN products support the Internet Protocol Security encryption standard, and most can accept triple DES encryption.Some products can be configured to support specific security protocols already in use at agencies (see story, below).With the increased popularity of VPN services, is this the beginning of the end for leased lines?'It's the beginning of a shift in dominance,' Moore said. 'I think the economics make it desirable to shift. If you're paying $1,000 per month for a leased 56-Kbps line or $200 a month for DSL, the economics are very powerful.'Said Pleasant: 'The next stage for VPNs is deployment. We will now see a migration from home-grown VPN solutions to network-based ones where the service provider has hardware and you pay for service.' XXXSPLITXXX-

By Mark A. Kellner
Special to GCN



Take a look outside your office at the nearest freeway. If it's packed, you'll see why analysts say that virtual private networks are on the verge of a major boom. (If it's not, wait a few weeks.)

The link between data networking and road traffic might not be as far-fetched as it first appears. Many cities are under Transportation Department mandates to reduce the amount of traffic, which means reducing the number of people who drive to the office.

At the same time, the dynamics of today's work and family situations are making telecommuting more attractive'and that is one of the prime reasons for growth in VPN demand.

Employees who telecommute can save their employers thousands of dollars in reduced absenteeism and job-retention costs, according to research reported last month by the International Telework Association & Council, a Washington nonprofit organization that counts the General Services Ad-ministration, AT&T Corp. and software maker Symantec Corp. of Cu-pertino, Calif., as sponsors.

The survey found that employers can save 63 percent of the cost of absenteeism per telecommuting employee, or $2,086 per worker per year.

The amount was based on the average salary reported combined with the average number of days on which telecommuters were absent but still were able to work part of the day from home. That's because telecommuters who need to spend part of a day attending to personal business often are able to work half a day after completing those tasks, whereas in-house employees usually would need to take a full day off, the group said.

For many telecommuters, however, access from home has been gained over dial-up lines at 56-Kbps or slower speeds. Trying to access the office network at that rate can be frustrating, and telecommuters often need special software [GCN/Shopper, August, Page 34]. For other telecommuters, access can be through a leased line, which is expensive and drains agency resources.

Remote access extends beyond individual telecommuters to branch offices and the telecommuting centers being opened by GSA and other agencies [GCN, Aug. 23, Page 9].

Connecting smaller offices to a central network has almost exclusively meant high leased-line costs.

VPNs are here

The arrival of VPNs'for which the Internet takes the place of leased lines or dial-up connections'has changed the landscape of remote access.

Although about 1 million Americans have broadband Internet access, the number of subscribers to digital subscriber line and cable modem Internet access is growing.

DSL is expected to expand rapidly during the next two years, and cable modem growth is likely to be equally strong.

'When people see these fast connections and realize that they can, with VPN software and hardware, get very fast connections that are far-and-away superior to remote-access dial-up, they get excited,' said Stuart Moore, a VPN product manager with Lucent Technologies Inc. who telecommutes via a VPN from his Silver Spring, Md., home.





The Intel LanRover VPN Gateway is a tunnel server with full authentication, encryption, routing and firewall features. The LanRover is priced at $6,200.


Company line































Motorola's Vanguard 6425, a multiservice router designed for branch offices, can combine fax and analog voice with data traffic. It's priced at $2,760.


A cheaper tab









Tips for buyers

Here are five crucial words to remember about VPNs:

Broadband. End-user access, from homes and remote offices, can often be achieved via broadband services such as cable modems, which usually are residential, and digital subscriber lines, used from both residential and business locations. Each can, optimally, supply sufficient bandwidth for data trans-missions at speeds far surpassing those of 56-Kbps modems and Integrated Services Digital Network lines.

Firewall. To safeguard your network and data from unauthorized users, a firewall is an essential component of VPN access. Authorized users can get in; those without access privileges are kept out. Many manufacturers offer firewalls as part of a VPN router package.

IPSec. Internet Protocol Security is a standard created to deal with TCP/IP network security.

Public key. The key in a dual-key authorization scheme that can be widely distributed is a public key. They are used to encrypt data sent over a network. Only the device holding the secret, private key of this pair will be able to decrypt it.

Tunneling. This is how a network sends its data via another network's connections; for instance, the connection of a LAN to a remote user via the Internet. This is accomplished by encapsulating a network protocol within packets carried by the second network.


























Shift is on





Mark A. Kellner is a free-lance technology writer in Marina Del Rey, Calif. He can be reached via e-mail at mark@kellner2000.com.




























































































































































Vendor Product Platforms Description Price
Acotec
Sausalito, Calif.
415-332-5900
www.acotec.com		 VPN Client Manager Win9x, NT Works with Acotec Remote Client manager to handle VPN connections $20
Check Point Software Technologies Ltd.
Redwood City, Calif.
650-628-2000
www.checkpoint.com		 VPN-1 Gateway NT, Solaris Integrated software combines Check Point's Fire-Wall 1 security suite with its encryption module (Triple DES); supports public-key infrastructures $3,495
Cisco Systems Inc.
San Jose, Calif.
800-553-6387
www.cisco.com		 Cisco 7120 VPN Router Platform-independent Is scalable to support up to 2,000 simultaneous VPN tunnel sessions with Triple DES encryption throughput at full-duplex T3 speeds; operates on T1 to T3 circuits $14,900
Cisco 7140 VPN Router Platform-independent Integrates firewall, encryption, tunneling features, with autosensing 10/100-Mpbs Fast Ethernet plus two WIC slots, AUXPort $1,395
Information Resource Engineering Inc.
Baltimore
410-931-7500
www.ire.com		 SafeNet/Soft-PK client software Win9x, NT Is IPSec-certified, interoperable VPN software for secure client-to-client or client-to-gateway communication $79
SafeNet/Speed Platform-independent VPN Gateway features SafeNet DSP Internet security system on a chip; is IPSec-compliant $1,295 up
SafeNet/Enterprise Platform-independent Single unit combines an Internet gateway and a centralized security management system $7,000 up
Intel Network Systems Inc.
Bedford, Mass.
781-687-1000
www.shiva.com		 LanRover VPN Express Platform-independent End-to-end VPN product offers firewall, 233-MHz Pentium chip with MMX, 32M RAM, PC Card Adapter Drive with 16MB Flash card and two 10/100-Mbps Ethernet interfaces $3,495
LanRover VPN Gateway Platform-independent VPN tunnel server offers full authentication, data encryption, routing and firewall features $6,200
LanRover VPN Gateway Plus Platform-independent Is similar to Gateway product but includes a Crypto accelerator card of dedicated application-specific integrated circuits to accelerate standard and Triple DES encryption $9,250
Lucent Technologies Inc.
Murray Hill, N.J.
888-458-2238
www.lucent.com		 Lucent VPN Gateway NT, Solarist Includes VPN Gateway Appliance, Security Management Server software, Lucent IPSec client software, and a license for 100 simultaneous VPN sessions $9,995
Hardware Accelerator Encryption Card Platform-independent Add-on to VPN Gateway $3,495
Motorola Inc.
Schaumburg, Ill.
508-261-1000
www.mot.com		 Vanguard 6425 Router Platform-independent Multiservice router optimized for small branch offices has dedicated or switched X.25, IP, Frame Relay, Point-to-Point, Multipoint, ISDN and Nx64K (FT1/FE1) connections $2,760
Nortel Networks Corp.
Brampton, Ontario
800-622-9638
www.nortelnetworks.com		 Contivity 4500 Extranet Switch Platform-independent Provides for encryption and authentication; supports Routing Internet Protocol, X.509 standard and a variety of tunneling standards; integrates Check Point Fire-Wall 1 $34,194 GSA
Radguard
Mahwah, N.J.
201-828-9611
www.radguard.com		 cIPro-VPN Platform-independentt VPN gateway and system provides encryption and authentication on a standalone platform; compatible with IPSec and X.509 standards $6,450
cIPro-FW Platform-independent Standalone hardware firewall supports links up to 100 Mbps; includes remote user authentication and supports all IP applications $4,950
Technologic Inc.
Norcross, Ga.
800-615-9911
www.tlogic.com		 InstaGate Internet Appliance Platform-independent Combines Web server, e-mail server, DNS server, firewall, built-in router and office-to- office VPN features $3,995
Interceptor Firewall Platform-independent Remote-user VPN includes management reporting, real-time alerts, web-based secure interface $3,745
3Com Corp.
Santa Clara, Calif.
800-638-3266
www.3com.com		 VPN Client Win9x, NT Supports Ethernet NICs, desktop and PC modems (including V.90), cable and DSL Ranges from $65 per seat for up to nine users to $40 per seat for more than 500 users
Pathbuilder S-500 Platform-independent Router supports up to 2,000 VPN tunnels; includes dual LAN configuration and Triple DES encryption $15,995
Pathbuilder S-400 Platform-independent Router supports two fixed 10/100-Mbps Ethernet ports, two FlexWAN serial ports, with two optional slots for single-port telcom connections and three slots for four-port voice $5,195, with Triple DES encryption software
OfficeConnect NetBuilder Platform-independent Small-office router offers WAN protocols including Frame Relay, X.25, PPP, ISDN, ATM and SMDS; supports VPN applications $1,695 including encryption software

NEXT STORY: Interview: Rick Heroux, SEC's systems doctor

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.