Network World RFP Response
ADI's Dynamic VPN switching technology offers a unique set of features that make it the right choice for Powell Electric's near and long-term Virtual Private Networking (VPN) needs. With the complete solution offered by ADI, Powell Electric will be positioned to meet the challenge of developing a scalable VPN solution that facilitates the full range of VPN implementations. With ADI hardware and software, Powell Electric can develop a comprehensive VPN to meet their Intranet, Remote Access, Extranet, and Community of Interest needs. The attached figure provides an overview of ADI's proposed VPN solution. In the remote access VPN solution, dial-in access to the corporate network is outsourced to an ISP who handles the management and maintenance of the modem pools traditionally supported by the internal IS manager. Using the Internet as the secure and private transport for corporate data networks reduces expensive leased line and long distance dial-in costs. Long distance and 800 number service charges are virtually eliminated as users dial a local number to access the Internet through an ISP. More significantly, VPNs virtually eliminate the cost of operating and maintaining modem banks for remote dial-in users. Powell electric can begin the deployment with the remote access users. By installing a single ADI-1500 at the Houston facility, Powell Electric can service all of its remote access users. This approach assumes that an existing Internet connection at the Houston facility would be used to provide remote access users with connectivity to the ADI-1500. With its ability to route 10 Mbps of data, the ADI-1500 provides more than enough horse power to meet the near and long term needs of Powell Electric. In fact, the speed of the Houston facility's Internet connection will likely prove to be the limiting factor in the network's overall performance. With ADI's scalable solution, Powell Electric can add site-to-site VPN connections to the 8 subsidiaries at any time. Subsidiary offices connect to the Internet through an ADI-1000 which establishes a VPN tunnel with the ADI-1500 in Houston and/or other ADI-1000s at other locations. Since the same ADI-1500 used for remote access can be used for site-to-site, all that is needed to bring on a new site is a single ADI-1000. With this approach Powell Electric can also support dial-in users from each of its subsidiaries. Remote access users of subsidiaries tunnel to the ADI-1500 in Houston where they are tunneled back to their respective subsidiary facilities. With ADI's unique multi-domain feature the ADI-1500 in Houston can be segmented into multiple logical VPN networks, thus permitting the separation of user traffic while sharing infrastructure. The remote access VPN is facilitated through the use of the ADI-100 client software and the ADI-1500 which is positioned at the corporate facility in Houston. Since the ADI-1500 can support up to 100 simultaneous VPN connection, a single switch should be more than adequate for all of Powell Electric's VPN needs. Sales and marketing staff members connect to the corporate network by making a local call to an ISP and initiating a secure private VPN tunnel back to Houston. This approach eliminates the need for the costly dial in circuits and modem banks currently used by Powell Electric. If the sales and marketing force should grow, ADI's approach easily scales through addition of another ADI-1500 or ADI's high-capacity VPN switch, the ADI-4500 which can support thousands of dial-in users. ADI's customer-friendly upgrade program includes upgrade discounts to make expanding the VPN a simple process. With ADI's Multi-VPN feature, remote access users can establish VPN tunnel connections with up to 8 VPN devices (i.e. ADI-1500s in Powell Electric case). This feature combined with a backup ADI-1500 at the Houston facility gives ADI the ability to meet Powell Electric's stringent availability requirement. As an alternative, the redundant ADI-1500 could be moved to one of the subsidiary locations, obviating the need for one of the ADI-1000s while simultaneously improving overall network availability with path diversity. The site-to-site VPN connections are facilitated by the ADI-1000s illustrated in the figure. By connecting remote offices to the Internet and provisioning secure VPN sessions to the enterprise network, network administrators can significantly reduce their operating costs. In the Intranet VPN, sites are provisioned with Internet connection which replace (or augment) the traditional frame relay or point to point links between sites. The ADI-100 establishes a secure tunnels between with the ADI-1500 in Houston and other ADI-1000s. ADI has developed an Intranet VPN solution that provides unsurpassed performance and functionality at the lowest total cost of ownership. ADI VPN devices scale from a low-cost, small office device to a high speed nodal concentrator designed for enterprise hub or service provider implementations. At the low end is the ADI-1000 which supports up to 10 Mbps of through put and up to 4 VPN tunnel connections with peer devices. The ADI-1500 provides similar throughput performance (10 Mbps) but supports up to 32 VPN tunnel connections and up to 100 remote access users (ADI-100s). Our high-end device is the ADI-4500 which support thousands of remote access or peer device VPN connections and an aggregate throughput of over 45 Mbps. ADI's Dynamic VPN switching technology, which is embedded in all ADI switches, will ease management, improve performance, and enhance reliability. With the dynamic routing protocols which are embedded in all ADI switches, changes to Powell Electric's network will automatically propagate throughout the network. There is no need for network services personnel to configure static routing tables every time a "move, add, or change" occurs. ADI's dynamic routing protocols automatically propagate network configuration changes throughout the VPN. Performance is improved because ADI's switching technology eliminates the need for communication between remote offices to be routed through the Houston HQ. The dynamic routing protocols embedded in ADI switches permit remote offices to communicate directly with each other (through a secure VPN connection), reducing the burden on the Houston hub. Centralized Management and Provisioning ADI delivers an automated VPN solution based on a centralized policy and provisioning system. ADI's innovative approach to Virtual Private Networking (VPN) management and provisioning reduces the management burden and thus reduces the total cost of ownership of the VPN. With ADI's centralized management model, all security and network policy data is controlled from a single provisioning server. You define your policies once and the AMS does the rest. Remote access usage statistics are stored centrally in the AMS simplifying VPN administration. VPN traffic statistics can also be retrieved centrally through the use of a standard SNMP management platform. ADI recognizes that for a VPN solution to deliver the promise of reduced operating expense to Powell Electric, it must be easy to install, operate, and maintain. The VPN must not burden the corporate IS department with an additional set of operations and maintenance functions. If operational costs are too high, the savings from the use of a shared infrastructure to provision the corporate backbone will be offset and the promise of the VPN will not be realized. For these reason ADI developed a unique approach to VPN technology that simplifies all aspects of VPN provisioning. From the corporate network administrator to the remote office LAN administrator to the dial-in user, ADI's VPN technology is easy to install and maintain. The corporate network administrator uses a single ADI Management Server (AMS) to provision all of the VPN connections. The AMS includes a user-friendly graphical interface, which permits the central provisioning of ADI devices, connections, and user access. It simplifies the configuration process by including pre-configured templates for security policies and associations. Provision the AMS database with the requisite security and network policies and the AMS automatically implements theses policies. No human intervention is required at remote sites. This automated approach to VPN management will ease the burden on Powell Electric's network services organization, facilitating significant cost savings. ADI switches deployed at remote offices (the ADI-1000) are as easy to install as a typical network hub, minimizing the burden on remote office LAN administrator. All that is required of the LAN administrator is to connect the 2 RJ45 connectors to the appropriate interfaces; the AMS and the device do the rest, automatically provisioning the device with its network and security policy data. The ADI-100 client software includes a self-installing utility that is equally simple to install. The user simply runs the self-installing utility and gets a crypto ID file and password from the corporate network administrator, who does the rest. The partner or road warrior can either dial into the corporate network through a local telephone call to an ISP or through an existing WAN-based Internet connection. The network manager takes care of ensuring the end user is granted access to the appropriate corporate and extranet resources through the AMS. Only through ADI's approach to the easy implementation and management of VPNs can the promise of reduced network operating costs be achieved. Using ADI technology to provision Powell Electric's VPN will save a significant amount of money on dial-in and dedicated circuit costs. Furthermore, outsourcing the modem bank to an ISP Powell Electric alleviates the burden of managing and maintaining this traditional access resource. By replacing the 8 dedicated connections to the subsidiary offices with connections to the Internet, Powell Electric will save thousands per year in circuit costs. ADI's pricing is unsurpassed in the industry. The total cost of the ADI switches and management software for the proposed installation is $5,190 and $15,550 for the remote access and site-to-site solutions respective. If a fully redundant solution is desired an additional ADI-1500 and AMS can be purchased for a total cost of $3,290. Installation and training support can be purchased for an additional $2,900. ADI's proposed solution for both the remote access and Site-to-site VPNs assumes an existing Internet connection in Houston. If the site-to-site VPN option is implemented a similar Internet connection is required at each of the subsidiary locations. This connections would replace the existing frame-relay circuit which provides connectivity back to the Houston facility. Since Internet access circuits are generally less expensive than frame relay PVCs, this migration would likely represent an additional cost savings to Powell Electric.|
Devices |
Quantity |
Cost Each |
Extended Cost |
|
ADI-1500 with 100 ADI-100 client licenses |
1 |
$4,195 |
$4,195 |
|
AMS |
1 |
$995 |
$995 |
|
ADI-100 Client |
100 |
$0 |
$0 |
|
Total –remote Access Only |
$5,190 |
||
|
Added cost for site-to-site |
|||
|
ADI-1000 |
8 |
$1,295 |
$10,360 |
|
Total – remote access and site-to-site |
$15,550 |
||
|
Added cost for Redundancy |
|||
|
ADI-1500 |
1 |
$2,195 |
$2,195 |
|
AMS |
1 |
$995 |
$995 |
|
Total – remote access and site-to-site with redundancy |
$18,740 |
|
Feature |
The ADI Advantage |
|
Security provisioning |
ADI switches use X.509 certificates, 3DES encryption, and MD5 integrity checking for industrial strength security |
|
Accommodate changing network topologies |
Dynamic routing protocols embedded into all ADI switches simplify the moves, adds, and changes typical of enterprise networks |
|
Scalability |
ADI VPNs are easily scaled through the addition of additional switches into the network. The dynamic routing protocols embedded in ADI switches facilitate this scalability by dynamically balancing network traffic |
|
Interoperability with existing equipment |
ADI switches are based upon standard protocols and are designed for easy integration with existing routers, firewall sand other network devices |
|
VPN solution type |
ADI VPN’s combines the speed advantages of hardware based encryption with the flexibility offered by software based clients. The ADI-4500 and ADI-100 are hardware based VPN switches which support T3 and T1 speeds respectively. The ADI-100 client provides the flexibility to meet the remote access and extranet needs of Powell Electric. |
|
Authentication mechanism |
X.509 certificates embedded in all switches at time of manufacture. ADI-100 client use electronic X.509 certificates that are lock with a password. |
|
Ease of use and management |
AMS eases management by centralizing the administration of all VPN connections |
|
VPN performance |
ADI-1500 -10 Mbps, ADI-1000 - 10 Mbps, ADI-100 > 2Mbps |
|
Scalability of VPN solution |
Easily scaled through inclusion of additional ADI Switches. Dynamic routing protocols balance network traffic to make true scalability a reality. |
RELATED LINKS
Additional responses
Plus the original RFP and a sample RFP from The Gartner Group.
Review: VPNs
We test 15 products. Network World, 5/10/99.
Interactive VPN buyer's guide
Find a VPN that best matches your critieria.
