Requirement summary:
- Availability: 99.9% uptime
- Security: Allow only authorized users access
- Centralized management including usage statistics
- Remote access connectivity for telecommuters, mobile sales, executives
- 70 users accessing central site
- Future requirement for 10-50 users accessing each of 8 subsidiaries
- Protocols: IP and IPX
- Keeping remote access costs low is an objective
- Solution must integrate into existing network infrastructure and allow for future growth
- Remote users are approximately a mix of 50% local and 50% long-distance (based on actual customer experience)
- PSTN and Internet are available to all remote users
- User:Port ratio applied is industry guideline of 10:1
Recommendation:
A hybrid access solution that combines both direct dial and VPN remote access addresses Powell Electrical Manufacturing Co.'s remote access requirements of high availability and security at a more economical price point than a pure remote access server or pure VPN solution (see Chart 1: Remote Access Analysis Report). A direct dial remote access solution is cost-effective for local connections, because there are no time and distance charges. A VPN remote access solution saves money for long-distance users who dial a local ISP POP instead of an 800 number or direct long distance calls back to the central office, which is billed by the minute. Given Powell's mix of local and long distance users, the most cost-effective solution is a mix of both direct dial and VPN remote access. In addition to the cost savings, employing the Intel / Shiva LanRover direct dial remote access and LanRover VPN solutions at each site provides built-in redundancy for all remote users, allowing them access over the PSTN or Internet. Local users could continue to access the network through the direct dial server, but as a backup could use the LanRover VPN solution to gain access to their site and vice versa. The routing capability of the Intel / Shiva VPN solution provides an alternate route to the central site over the Internet, and the integrated ICSA-certified firewall provides redundancy for the regional firewall. The LanRover direct dial servers and LanRover VPN solutions can be managed from the central site, and the Shiva Access Manager RADIUS server provides centralized authentication, authorization, and accounting for all remote users, regardless of how they access their site. A secondary RADIUS server offers redundancy, and can be accessed over the internal network, PSTN or Internet. The Shiva Accountant can be used in conjunction with Shiva Access Manager to produce detailed usage reports and charts for capacity planning and individual billback (see Chart 2: Sample Shiva Accountant Usage Reports).Equipment cost:
The recommended configuration for each site is based on the industry guideline that 10% of remote access users will be online at any one time. This translates into 1-5 concurrent users per subsidiary site and 7 concurrent users at the central site. Individual sites are set up with both a direct dial and VPN server, each of which can accommodate the full load of concurrent users independently (for backup purposes). The working assumption based on Intel's experience is that approximately 50% of users have local access and 50% are long distance. For today's remote access implementation at the central site, Intel recommends a LanRover D56 with 12 V.90 modems (scalable to 24 modems) and support for 23 ISDN connections and a VPN Express that will support up to 50 concurrent VPN tunnels. In addition, the Shiva Access Manager is recommended for Authorization, Authentication, and Accounting. Used with the Shiva Accountant, detailed usage reports can be generated. Intel's Product and Pricing Recommendations for Central Site (Today):| Product | # Concurrent Users | Quantity | U.S. List Price/Unit | Total List Price |
|
LanRover D56 |
12 V.90/23 ISDN | 1 | $9,599 | $9,599 |
|
Shiva Configurator |
N/A | 1 | Included | Included |
|
VPN Express |
50 | 1 | $3,495 | $3,495 |
|
VPN 50 client license |
N/A | 1 | Included | Included |
|
VPN Manager |
N/A | 1 | Included | Included |
|
Shiva Access Manager Lite |
250 | 1 | $1,500 | $1,500 |
|
Shiva Accountant |
Unlimited | 1 | $1,195 | $1,195 |
|
Total Today’s Solution |
$15,789 |
Intel’s Product and Pricing Upgrade Recommendations for Incorporating Central and Subsidiary Site Growth (Tomorrow)
| Product | # Concurrent Users | Quantity Per Site | U.S. List Price/Unit | Total List Price |
|
LanRover Plus |
8 | 1 | $3,921 | $3,921 |
|
Shiva Configurator |
N/A | 1 | Included | Included |
|
VPN Express |
50 | 1 | $3,495 | $3,495 |
|
VPN 50 client license |
N/A | 1 | Included | Included |
|
VPN Manager |
N/A | 1 | Included | Included |
|
Total Tomorrow’s Solution |
$7,416 |
Product Descriptions
LanRover Plus is a modular remote access server that supports a mix of up to eight analog and ISDN users. It supports dial in, dial out, and LAN-to-LAN over multiprotocol connections and a wide breadth of security options. LanRover D56 is a digital remote access server with a unique non-blocking, multiprocessing architecture optimized for PPP packet termination. LanRover VPN Express is a full-featured VPN solution in an economical, compact system bundled with a 50-client license. It features include standards-based IPSec tunneling, ICSA-certified firewall, X.509 digital certificates, 168-bit encryption, and automated key management. Chart 1: Cost analysis of deploying Direct Dial only, VPN only, or Hybrid Solution Chart 2: Sample Shiva Accountant Usage Report (shows 24-hour usage pattern for direct dial and VPN remote access)
RELATED LINKS
Additional responses
Plus the original RFP and a sample RFP from The Gartner Group.
Review: VPNs
We test 15 products. Network World, 5/10/99.
Interactive VPN buyer's guide
Find a VPN that best matches your critieria.
