Hardware Vendors Grab a Piece of the VPN Pie

As technology matures, Virtual Private Networks will increasingly become the communication method of choice over the next several years.

Virtual Private Networks - networks constructed by using public wires to connect nodes securely and privately - will increasingly become the communication method of choice over the next several years, according to industry experts, like Infonetics Research Inc., a San Jose, Calif. Internet consultancy. The technology is mature enough, in fact, for VPNs to become, within a few years, as ubiquitous and easy to use as today's public telephone network.

According to Infonetics, the market for VPN products and services will rise from just $6.3 billion this year to nearly $40 billion by 2004.

"VPNs are the next way companies will securely transmit corporate data, because they allow companies to leverage the infrastructure that was built with the Internet for their own corporate networks," says Jeff Wilson, Director of Access at Infonetics.

Standards Drive Adoption

There has been a tremendous amount of work over the past three years in the IPsec world to make sure that products adhere to the IPsec standard and are interoperable with one other. In addition, Microsoft 2000 offers IPsec compliance and an IPsec client for remote access, giving every person with a Windows 2000 desktop access to a usable IPsec client. These efforts, combined with efforts on other fronts, are driving the great VPN stampede.

VPN products available today are built, using the same basic technologies - based on IP Security (IPsec), Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP). Differentiation in products comes not from the technology itself, but in other ways, from offerings like value-added services and additional features.

Vendors are leaping to the challenge. Companies, like Lucent Technologies, IBM Corp., Cisco Systems, Watchguard Technologies and Intel Corp.'s Shiva, have jumped into the fray, offering VPN-compatible products and services and forging alliances to provide soup-to-nuts service for their clients.

In large part, VPNs will begin replacing traditional methods of data communication, including frame relay, leased lines, ATM services, private extranets and even dial-up remote access services. Now that VPN technology has matured enough to make adoption feasible and costs have dropped dramatically, it's almost a given that most companies will move to the VPN model over the next few years, Wilson says.

"If you pay $8,000 per month for a leased line from San Francisco to Boston, you could decrease your monthly cost to less than $1,000 if you replaced that leased line with Digital Subscriber Line (DSL) or a T-1 Internet connection and used VPN," he notes.

HP Mum on VPN strategy

There are three basic types of VPNs that companies are choosing to implement. Remote access VPNs - by far the most popular - provide secure, scalable access to remote workers, while large-scale site-to-site VPNs are the second-most popular option. Extranet VPNs, which Infonetics Research estimates will be deployed by as many as 27 percent of all companies by 2002, help extend services to suppliers and customers over a shared infrastructure with the same policies as a private network.

HP executives refused to comment on the company's VPN strategy - HP is reportedly is in the process of firming up its strategy internally - but, clearly, it is positioning itself as a player in the extranet VPN arena. Its flagship VPN product, HP Praesidium Extranet VPN, is billed as an offering that allows companies to safely build secure extranets, while providing strong user authentication, encryption and granular access control filters. The product supports all IP-based client-server applications, including legacy mainframe, Web, custom corporate and emerging object-based applications, according to company literature.

Further strengthening its position, HP last fall struck an alliance with IP infrastructure company GRIC Communications Inc. of San Jose, Calif., to bundle its GRICtraveler Internet roaming service and GRICdial dialup connectivity utility with HP's Praesidium Extranet VPN, creating a product called Secure Remote Access. The goal of the alliance, according to Ken Stasi, GRIC's Director of Business and Channel Development, is to provide an end-to-end VPN solution for ISPs and their customers. To complete the package, HP agreed to provide integration and installation services.

"Praesidium provides the secure tunnel for the remote user and we provide the transport mechanism to the Internet," Stasi explains. "It's a great way for HP to combine third-party solutions with HP solutions for its customers."

Alliances like these are the best way for traditional hardware companies to enter the VPN marketplace, says Nick Wray, Executive Consultant in the Networking Division of Compass America, an IT consulting firm based in Reston, Va. By offering a VPN-ready server and adding VPN-ready software and Internet service, hardware vendors can present a comprehensive package to clients, he says.

In August, HP entered into another kind of alliance, one that also touches upon VPNs. HP revealed it was teaming up with Genuity Inc. to provide Windows 2000-based Web hosting services that accelerate development and delivery of business-to-business and business-to-consumer extranets and secure managed intranets. Genuity, which provides managed Internet infrastructure services to enterprises and service providers, offers VPNs as part of its E-Business Network provider platform.

Despite these efforts, HP and other hardware companies hoping to make a dent in the growing VPN market could face an uphill battle. They will be competing with companies that have spent the past few years honing their VPN products and services - and gaining market share and mindshare at the same time.

HP can't go wrong, however, in attempting to wade into the VPN market. Although the company will have to prove itself in the VPN arena, "it's a growth area, so it's a good place to be," Wray says.

- Karen D. Schwartz is a freelance writer specializing in business and technology, based in the Washington, D.C. area. She can be reached at karen.schwartz@bigfoot.com.

Virtual Private Network Terms

IPsec (IP Security): A set of protocols being developed by the Internet Engineering Task Force (IETF) - the main standards body for the Internet - to support secure exchange of packets at the IP layer. IPsec supports both Transport and Tunnel encryption modes. On the receiving side, an IPSec-compliant device decrypts each packet.

L2TP (Layer Two Tunneling Protocol): Enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges the best features of tunneling protocols from Microsoft and Cisco Systems.

MPLS (Multiprotocol Label Switching): An IETF initiative that integrates Layer 2 information about network links (bandwidth, latency, utilization) into Layer 3 (IP) within a particular system or ISP to simplify and improve IP packet exchange. MPLS gives network operators flexibility to divert and route traffic around link failures, congestion and bottlenecks.

PPTP (Point-to-Point Tunneling Protocol): A new technology for creating VPNs developed jointly by Microsoft, U.S. Robotics and several remote access vendor companies, known collectively as the PPTP Forum. PPTP is used to ensure that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their corporate network via the Internet.

Transport Mode: Encrypts only the data portion (payload) of each packet, but leaves the header untouched.

Tunnel Mode: Encrypts both the header and the payload.

- K.S.