Range of Roles, Promise

VPN Forecasts Reveal Range of Roles, Promise By John Makulowich The din surrounding virtual private networks from a handful of industry stakeholders might give one the impression this suddenly popular approach to connecting local area networks is the newest candidate for the Internet's killer app of the month club. Whether the promise turns into the productive awaits the test of time. Part of

For Richard S. Kagan, vice president of marketing, VPN is a systems level solution to a systems level problem. He claims that the company was the first to introduce the VPN category as well as the first VPN company to get funding, back in June 1996.

VPN Forecasts Reveal

Range of Roles, Promise

By John Makulowich

The din surrounding virtual private networks from a handful of industry stakeholders might give one the impression this suddenly popular approach to connecting local area networks is the newest candidate for the Internet's killer app of the month club. Whether the promise turns into the productive awaits the test of time.

Part of the din arises from the question about just what counts as a VPN. Traditionally, a VPN has been defined as a private network for voice and data built with carrier services. More recently, however, VPN "has come to describe private, encrypted tunnels through the Internet for transporting both voice and data between an organization's different sites," notes Tom Sheldon, author of the "Encyclopedia of Networking, Electronic Edition."

Disregarding the confusion, numbers gathered by the networking information research firm Infonetics Research Inc., San Jose, Calif., indicate ripe fruit for this market is only a few seasons away. The VPN market, which weighed in at $205 million in 1997, should grow more than 100 percent annually through 2001, according to a report released last year by the firm. The report, "Virtual Private Networks: A Partnership Between Service Providers and Network Managers," projects the market will reach $11.9 billion just after the turn of the century.

"Our report just covers data VPN," admits Larry Howard, vice president of Infonetics. "From our standpoint, VPN means using an IP [Internet protocol, the building block of the Internet] backbone for private data services."

Howard distinguishes three types of VPN: individual remote access used by "road warriors," that is, mobile workers, telecommuters and day extenders (those who continue working at home after office hours); site-to-site connections for company divisions and branch offices; and extranets offering access to suppliers and vendors. The common thread through all types is reduced cost of operation and secure communication, mainly IPSec, the Internet Engineering Task Force security protocols for VPN.

"Clearly, cost considerations are a major factor driving the market. There's no need to upgrade equipment and a burden is removed from the information services manager. Instead of a pool of modems, you can log into POPs (Point of Presence). One of the benefits is geographical reach," notes Howard.

In fact, he sees huge opportunities marketing to companies with offices overseas, based on the costs savings they can achieve by conducting communications over the Internet through a secure VPN. If VPN companies are to be successful in this sector, he said, they must make security not only easy but easy to understand.

Among the companies competing in the VPN space are: Secure Computing Corp., St. Paul, Minn.; VPNet Technologies Inc., San Jose, Calif.; and WatchGuard Technologies Inc., Seattle, each with a different approach and a different solution to the problem of secure communication over the IP network.

Vendors and Markets

At one extreme is WatchGuard, which calls its bright red Firebox offering a network security appliance and prices it at the low end of the market, less than $4,000. Featuring simple installation, the Firebox containing its Branch Office VPN software plugs in between the router and the trusted network on both ends of the connection. The software selectively encrypts, or creates a secure "tunnel," between Fireboxes.

Mike Martucci, vice president of marketing for WatchGuard

"We offer a lot of functionality in an appliance," says Mike Martucci, vice president of marketing for WatchGuard. "We combine a VPN with a firewall and O/S [operating system] independence."

Like the other VPN products on the market, WatchGuard's offers substantial savings over leased, dedicated lines or long-distance, dial-up connections for global communications.

While the company currently uses a proprietary protocol for security, Randy Boroughs, vice president of product management, says it will introduce an IPSec compliant Firebox within the next four months. "It's becoming the de facto standard for VPN and we're just following the momentum of the market."

Another approach to VPN, the Sidewinder Security Server with IPSec from Secure Computing Corp., is already on order by the Defense Department's On-Site Inspection Agency for use over SIPRNET (Secret Internet Protocol Routing Network).

An International Data Corp. report ranked Secure the 1996 firewall leader in the federal government, with a 33 percent share of the Defense Department market and 25 percent overall.

Secure Computing started out as a small branch of Honeywell, which pioneered modern data security in the 1970s, and was spun off in 1989. The firm comes to the VPN market with a suite of products and services for network security, including firewalls, World Wide Web filtering, identification, authentication, authorization, encryption, extranets and consulting. One of the larger network security companies, Secure claims more than 4,000 customers worldwide.

Momentum for VPN in the On-Site Inspection Agency comes through a directive from the Defense Information Systems Agency that defense agencies migrate from dedicated leased lines to SIPRNET.

The agency has just purchased five Sidewinder servers for each of its locations worldwide. The Sidewinder is a network security gateway between the network and the Internet and uses the patented Type Enforcement system for so-called perimeter security to prevent crackers from penetrating the protected network.

Keith Scott, OSIA network manager, says he is now in the process of installing the servers.

"The problem we are trying to solve is the high cost of maintaining dedicated leased lines throughout the world, especially in light of DISA's directive and our major concern with security. We need to protect what's inside the network yet provide services to remote locations. VPN represents a nice solution," says Scott.

The firewalls will be distributed to the five remote sites in the next 30 days. Testing in a laboratory environment took only a week. How long implementation will take at each of the sites is unclear because of the new technology.

Scott admits that one of the major features that drew him to Secure Computing versus the other two products he reviewed was the use of IPSec. "We want to stay standard and open systems." He was also impressed with the ease of administration, the inexpensive short training that lasted three to four days and the graphical user interface-based interface for monitoring the network.

At the other extreme of VPN vendors is VPNet, the San Jose company that prides itself on being the first company formed with a singular focus on VPNs. Among corporate investors in the privately held company are Raptor Systems and Security Dynamics Inc. Founded in October 1995, VPNet develops, makes and markets its VPLink architecture to both end users and original equipment manufacturers.

The VPN product line includes the VSU-1000, introduced in May 1997, and VSU-1010 (August 1997), which combine IPSec-compliant encryption, authentication, key management and compression technologies. For example, the VSU-1010 can be deployed on the LAN side in any 10BaseT network, while the VSU-1000 is used over public networks for private wide-area communication.

The company also offers its VPNmanager Tool Suite, a Java application that allows the use of a Web browser to manage the VPN, configure and check the status of service units, add remote sites and dial-in users, monitor the performance of private data transmissions and troubleshoot existing configurations.

Richard S. Kagan, vice president of marketing for VPNet

"I don't see VPNs as simply an extension of firewalls and routers, the traditional security approach. It really represents a unified WAN infrastructure, one extending intranets, remote sites and extranets. Its value is the unique ability to do all of that over a single line, with security and convenience. It sure beats the dedicated leased line," says Kagan.

An Early Adopter

The browser interface was one of the features that attracted Dave Timpany to purchase a VSU-1010 last year. The Topeka-based network planning manager in the Bureau of Telecommunications for the state of Kansas was clearly a VPN early adopter. His division is a network service provider to other Kansas state agencies.

He currently manages a private IP network that connects 480 state and local governments in Kansas back to networking headquarters in the state capital. He decided to implement a VPN between the offices of the Department of Revenue in Topeka and those in Kansas City and Wichita when the department began migrating to a new IP-based tax application. That software required secure access and encrypted communications.

"We're part of the Department of Administration and support such services as the state phone system, SNA network, voice-video backbone and multiprotocol networks running IP and IPX," says Timpany. "In data services, our charter is now wider. We can work with local government, not-for-profits and K-12. It's an attempt to leverage the technology and share resources."

The majority of users share the infrastructure, with agencies wanting to attach to the network responsible for their own LANs behind the router.

With 480 frame-relay access points in the state and 530 routers, the bandwidth ranges from 56 kbps all the way to T1 (1.544 Mbps).

When the Department of Revenue needed to connect two remote offices with IP, it needed a solution that included encryption. Like a good navigator, Timpany went on the World Wide Web early last year seeking a solution. His solicitation for bids attracted only three responses.

"That's when I started to run into IPSec [the IETF security protocol for VPN]. When I put the bid out last July, only VPNet and two other encryption companies replied. Part of my requirements was that the system had to support Ethernet and IP and 56-bit encryption and offer a compatible mobile solution. Only VPNet met the specs," notes Timpany.

"The VPNet [VSU-1010] met my functional requirements and was the cheapest solution at around $5,000. For my money, the boxes have worked as advertised."

The bottom line for Timpany were the cost and basic encryption. However, he expects more in his next product.

Young Industry

"The VPN industry is still quite young. I'm sure the capabilities will change and so will the price. One of the products needed is an authentication server, where we can make encryption a network service vs. having each agency come up with their own solutions. We need that to avoid incompatibility. I was hoping that Cisco [Systems Inc.] would add that to the router, but that has not happened," says Timpany.

The youthfulness of the sector comes across loud and clear in the comments of Michael Zboray, vice president and research director for the Gartner Group, a Stamford, Conn., market research firm. He remains skeptical of VPN's promise and the range of roles to which they can be put.

"Clearly, one of the benefits of VPN is that once you pay for the Internet you can use that unused capacity. On the other side, however, is the fact that the latency of the connection as well as the bandwidth can be variable. It's a good use for e-mail or stored voice mail, but certainly not for mission-critical networks," says Zboray.

He cautions that often in the past with the Internet, users have gone with the vision and ignored the performance issues. With the need for multiprotocol support for networks from remote access, reliance on IP without reviewing the issues surrounding IPX could present problems.

Overall, he feels that current estimates and projections are fairly far off target. In a paper he will deliver this April on his own research into VPN, he quotes figures quite different from those gathered by Infonetics.

When read the data from the San Jose research firm, Zboray commented, "$205 million in 1997? Look, there are only about 15 companies in this space, none of whom does over $10 million. I leave the math up to you."


X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.