Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Cisco warns UC users of limited support for Windows 7
VMware bolsters desktop virtualization product
VMware bolsters desktop virtualization product
Microsoft Exchange set; SharePoint, OCS to follow
Veterans agency looks beyond EMC for multi-million storage deal
Security pros seek hacking, forensics skills
Cisco doubles down on collaboration with 61 new products
Open source software ready for big business
Google AdMob buyout latest in long line of acquisitions
NYSE puts stock in 10G Ethernet
Cisco extends Tandberg deal deadline
Internet battlefield program marshals NATO forces
Review: SharePoint Server 2010 beta pulls it all together
Mobile users get faster WAN links
Apple as an obsessive-compulsive case study
/

Reviews /

Response to RFP: Altiga

Today's breaking news
Send to a friendFeedback

Network World Fusion, 05/10/99

Altiga Networks is pleased to offer the VPN Concentrator to satisfy the Virtual Private Networking needs of Powell Electrical Manufacturing Company. The VPN Concentrator will deliver unparalleled performance, the highest levels of security, true fault tolerance, centralized standards-based management and real-time statistics gathering and reporting for trend analysis and capacity planning. The versatility of this next generation VPN communications platform for enterprise-class deployment and central site aggregation of single user and remote office connections will not only meet the current demands of the PEMC network but will also position you the offer enhanced services in the future, such as secure LAN-to-LAN communications to the remote offices as well as secure extranet connectivity to your partners.

The Altiga solution will allow users to continue to access the WinFrame Citrix 1.7 as well as access e-mail, perform file transfers and connect to the intranet web servers.

The standards-based VPN Concentrator communications platform is much more than just a tunnel termination device. It supports a vast array of functionality including:

  • Support for PPTP, L2TP and IPSec concurrently
  • Encryption support includes DES, 3DES and RC4
  • Secure remote access, LAN-to-LAN and Extranet connectivity
  • Authentication Server compatibility including Radius, NT Domain, Microsoft Active Directory Services (LDAP) and Security Dynamics SecureID.
  • Internal Authentication database
  • DHCP relay and internal address pooling
  • Integral Firewall providing extensive filtering
  • Full routing support via RIP v1&2 and OSPF
  • Network Address Translation (NAT)

In addition to the above functionality, the VPN concentrator has been designed to be fully manageable and highly reliable. The following management and high availability features add to the robustness of this enterprise-class VPN solution:

  • Console port for out-of-band access
  • Telnet support
  • Access to integral HTML interface via Netscape or Microsoft browser for configuration, administration and monitoring.
  • SNMP monitoring and alert reporting.
  • Platform independent Altiga Monitoring Station (revised version available 10/99) for real-time statistics gathering with Performance reporting, Capacity planning and Trend Analysis.
  • Redundant Load Sharing power supplies
  • Redundant Fans
  • Multiple image and configuration storage
  • Temperature, Fan speed, Throughput and CPU utilization displays

We understand that there are many considerations that go into selecting the most appropriate communications platform. In addition to providing the tunnel terminations, the platform must be easy to deploy and manage with little impact on the user community. It must provide the performance demanded today and protect your investment by being scalable to accommodate increasing throughput demands in the future. Security is a given. The platform must provide the highest levels of security without the penalty of decreased throughput and increased latency. We agree that uptime is of the utmost importance. A failure in the VPN gateway to your network will prevent all remote communications. Complete and robust management is mandatory if you are to take full advantage of the potential cost savings associated with virtual private networking. Management goes beyond network visibility and also entails controlling access to the corporate resources and centralized management of user policies.

Ease of Deployment & Use

The Altiga Networks VPN Concentrator is designed to be placed into the network infrastructure without forcing changes to the existing network. Users accessing the corporate network should be authenticated prior to gaining access. The Concentrator will work with existing Radius, TACACS, NT Domain or Security Dynamics servers. This authentication versatility provides the users with the same authentication interface as they saw when the dialed in directly and eliminates the need to create a second authentication database. In the absence of an existing authentication server, the Altiga VPN Concentrator has an integral authentication server, which can be used to authenticate the PEMC users.

The VPN Concentrator can be placed in front of, behind or in parallel with the existing firewall. This versatility will allow PEMC to adhere to existing security policies. The Concentrator's firewall capabilities will work in conjunction with the existing firewall to enhance security. The integral firewall policies can be defined to apply rules per connection allowing customized access to corporate resources on a per user basis.

Unlike many VPN tunnel terminators, the Altiga VPN Concentrator is a router not a bridge. The ability of the Concentrator to support RIP V1 and 2 in addition to OSPF allows the product to exchange routing tables with the Cabletron SmartSwitch Router. This routing table exchange allows the Concentrator to discover network destinations without the need to configure all network routers with static routes thereby minimizing the installation and management burden.

The VPN Concentrator is a versatile standards-based communications platform. PEMC has the choice of selecting the client most appropriate for your environment. If the highest level of security is not warranted in your network, client can use the PPTP client resident in their Microsoft machines. Our ability to support PAP, CHAP, MSCHAPv1 and V2 along with MPPE will provide a high level of security. If an enhanced level of security is desired, PEMC can deploy the Altiga IPSec client. The client can be deployed without educating the user about IPSec and burdening the helpdesk. PEMC can pre-configure the client with a minimal amount of information, an ID and destination, prior to downloading the client to the users. The client policies are created and stored in the VPN Concentrator. When a client connects, he is identified and the associated policies for that client are pushed to the client from the Concentrator. The Altiga IPSec client is included with the Concentrator and is shipped with an unlimited license reducing the cost of the solution and eliminating incremental costs associated with adding new users.

Performance and Scalability

The Altiga VPN Concentrator is designed to provide the highest levels of encrypted throughput in the industry. The platform can provide 100Mbps of 3DES encrypted throughput without decreasing performance and increasing latency. The enormous level of throughput is accomplished in DSP based Scalable Encryption Processors (SEPs). The SEPs can be added modularly to the Concentrator to provide increased encrypted throughput in increments of 25 Mbps 3DES. As the number of users

rise and the demand for encrypted throughput increases, PEMCs investment in a VPN solution is protected.

The VPN concentrator hardware encryption is based on the Analog Devices DSP Encryption Engine. The advantages of the Altiga hardware based encryption dramatically exceed the perceived advantages of other hardware implementations.

The total encrypted throughput offered by the Analog Devices DSP is far superior to other encryption accelerators. Analog Devices states their DSP encryption engine is capable of 155 Mbps of encrypted throughput.

This DSP implementation has the advantage of providing the specialized processing of an ASIC while at the same time being software based. As existing standards change and new standards become solidified, the DSP can be reprogrammed. As the world is continually striving toward standards for compatibility, the ability to reprogram the DSP implementation means the ability to react quickly to the standards bodies while protecting your investment in the install base.

In addition, use of DSP technology allows Altiga to modify the core security engine to tailor operation specifically for the remote access VPN application. This programmability has allowed Altiga to develop DSP software which enables effective, low-latency context switching that is critical to delivering high performance over hundreds or even thousands of active sessions. Altiga has also programmed the DSP to deliver hardware assist for PPTP encryption, yielding the only solution in the industry with hardware acceleration for PPTP applications.

Just because a device incorporates hardware encryption does not mean it has been optimized to provide the level of functionality required by the enterprise VPN. The Altiga VPN Concentrator has been architected as a VPN communications platform. The hardware and software design have been optimized to provide the connectivity, throughput, standards support, and management which should be expected from every enterprise solution but is only provided by the Altiga VPN Concentrator.

The encrypted throughput capability of the Altiga VPN Concentrator allows PEMC to provide the level of service to all users without regard to connection speed and required throughput. This is extremely important when considering the availability and increasing use of broadband connectivity.

Security

The Concentrator's ability to authenticate users against existing authentication servers or internally, integrate firewall capabilities, provide unprecedented throughput without regard for encryption method, and define and control access policies centrally allows PEMC to define the level of security required for your users without compromise.

Altiga recommends the highest level of encryption for all users because the platform has been designed to meet this goal. No functionality is lost or throughput reduced by providing security to all users at the highest level.

In addition to securing the tunnels, securing the management of the Concentrator is also very important. The Concentrator employs a role-based management interface. The role of the manager is based on his login and associated access rights. Network access to the Concentrator is encrypted providing secure access to the management of the device(s).

Fault Tolerance

With the VPN device sitting in the core of the corporate network providing for all remote users, a failure of the device will have devastating effects. Altiga has recognized the impact a failure can have on the corporation and developed a robust platform with an MTBF of more than 200,000 hours. The unit is equipped with dual flash, redundant fans, load sharing redundant power supply option and with the ability to support multiple hardware encryption modules. Even with this focus on uptime during the development of the product, we recognize that a failure can still occur and impact the operations.

Altiga Networks, in recognition of the fact that an extremely high MTBF does not constitute fault tolerance, has developed a redundancy solution which will provide uptime in excess of 99.9%.

With a continued focus on industry standards, Altiga Networks has incorporated VRRP support into the VPN Concentrator communication platform. Our VRRP implementation allows the on-line and hot standby unit to communicate with each other. The units are continuously monitoring the health of the other. Upon detection of a failure of the primary unit, the backup unit will assume the identity of the primary. The backup unit will assume the IP address and MAC address of the primary thereby eliminating any manual intervention or reprogramming of the remote clients. The manager(s) will be alerted that a failure and backup has occurred so the appropriate repair action can be taken.

Management

Part of the promise of VPN is easier management and reduced support infrastructure. The management and support burden cannot be reduced unless PEMC has total control of the VPN solution. A VPN installation without extensive and complete management visibility and control is not a solution. The VPN Concentrator from Altiga Networks can be configured, administered, and monitored from a console Command Line Interface (CLI), Telnet, Web Browser and SNMP. These versatile management capabilities allows PEMC to select the secure access method(s) most appropriate for your environment.

Management is broken down into three distinct functions: Configuration Management, Administrative Management, and Proactive Performance Management.

Configuration Management: All Concentrator configuration is stored and maintained within the unit. The intuitive interface allows a manager to quickly and easily deploy the Concentrator. All configuration enhancements are performed dynamically and do not require a reboot of the unit prior to taking affect. This reduces the impact on the existing users of the platform.

Configuring and managing how users will access the Corporate network can be the most time consuming and difficult task of deploying a VPN solution. Altiga has simplified this task while at the same time providing extensive and granular access control.

Groups and Users are core components in managing the security of VPNs and in configuring the VPN Concentrator. Groups and Users have attributes that determine their access to and use of the VPN. Users are members of Groups and Groups are members of the Base Group. Users inherit attributes from Groups and Groups inherit attributes from the Base Group.

Groups simplify system management. By configuring the Base Group first, then specific Groups and finally Users as members of Groups, you can quickly manage access and usage rights for large numbers of users. Users not assigned to a specific group will automatically utilize the attributes of the Base Group.

Associating users with specific Groups eases the configuration of the VPN while providing very granular control over who has access to certain resources. For example, you can allow the Telecommuters access to WinFrame, e-mail and the Intranet web servers while allowing only Engineering the additional access to servers maintaining the bandwidth intensive AutoCAD files.

When configuring Groups and Users, only the attributes that differ from those defined in the Base Group need to be defined. All other attributes will be inherited from the Base Group.

Administrative Management: The network administrator is able to define the role of other management personnel accessing the unit. Roles can be defined to limit who has the ability to make configuration changes, can view statistics and configurations, and view connection status including protocol used, time of connection and total throughput. The administrator can log users off and reboot the unit at a specified time.

Administration also includes the ability to view events and the system log.

Proactive Performance Management: Statistics can be viewed real-time by any of the systems administrators. Statistics include number of connections through the Concentrator, duration of each connection, throughput of each connection as well as system statistics including total encrypted, memory utilization and CPU utilization. These statistics can be used to perform capacity planning and trend analysis but would require a great deal of effort to systematically gather the statistics and manually perform the required analysis. To reduce this time consuming burden, Altiga Networks has developed a Monitoring application to automate this process.

The Altiga Monitoring Station was developed using Java to offer the user the flexibility to install the application on any available platform, such as Microsoft(r) Windows(r), and Unix(r), etc. This is a Java application and does not require a browser. The AMS polls the VPN Concentrators using the SNMP protocol, retrieving all necessary statistics from the various MIBs that are supported by the devices. It also collects events generated by the device as an additional means of displaying the device's status. The AMS provides an enterprise-wide view of the VPN Concentrators, displaying a summary of each device's status and vital operating statistics. There are several charts and graphs available depicting the trends of users and throughput in the enterprise. Similarly, administrators are able to examine each VPN Concentrator. Each device also has a set of charts and graphs portraying its current and historical performance characteristics.

Key Features include:

  • Find a user - Searches all devices to locate where the user is connected.
  • Sort the devices - Sort the device list based on any of the viewed statistics, such as number of users, CPU utilization, IP address, and kilobyte throughput.
  • Create your own graphs by selecting a statistic to collect and monitor.

The charts and graphs available from the AMS will allow PEMC to be proactive in monitoring and managing the VPN and take the necessary actions, such as increasing the encrypted throughput of the Concentrator, before there is a negative impact on the network or user community.

Recommendation

Install the Altiga Networks VPN Concentrator at the corporate site. The Concentrator offers the capacity, flexibility, management, and uptime required by PEMC. PEMC can choose to use the PPTP client already available on the existing machines to tunnel or can install the Altiga IPSec client for an increased level of security.

All of the clients can continue to use their existing modems to connect to your desired ISP for tunneled connectivity to the corporate resources. We recommend that the engineers and other telecommuters requiring large amounts of bandwidth be migrated to broadband connections. Broadband connectivity such as cable modems and DSL are economically viable and will reduce telecommuter connection time while increasing productivity. The migration to high-speed access can be driven by the requirements of the users and not be limited by lack of throughput capability of the VPN Concentrator.

As PEMC decides to allow users in the remote offices to telecommute, you are not forced to install VPN Concentrators in the remote offices. Users will dial into their nearest ISP POP and be tunneled to the corporate VPN Concentrator. Once authenticated, the Altiga VPN Concentrator will route them to their desired network. This will allow you to continue to use the cost effective frame relay service in place today while gaining the flexibility of offering remote office telecommuting without incurring additional hardware and network costs.

Pricing

Altiga C10 VPN Concentrator: $10,000
Altiga IPSec Client: Free with VPN Concentrator
Altiga Monitoring Station: $4,995 (pricing for revision, available 10/99)
Fault Tolerant VRRP System: $10,000

RELATED LINKS

Additional responses
Plus the original RFP and a sample RFP from The Gartner Group.

Review: VPNs
We test 15 products. Network World, 5/10/99.

Interactive VPN buyer's guide
Find a VPN that best matches your critieria.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.