Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Cisco warns UC users of limited support for Windows 7
VMware bolsters desktop virtualization product
VMware bolsters desktop virtualization product
Microsoft Exchange set; SharePoint, OCS to follow
Veterans agency looks beyond EMC for multi-million storage deal
Security pros seek hacking, forensics skills
Cisco doubles down on collaboration with 61 new products
Open source software ready for big business
Google AdMob buyout latest in long line of acquisitions
NYSE puts stock in 10G Ethernet
Cisco extends Tandberg deal deadline
Internet battlefield program marshals NATO forces
Review: SharePoint Server 2010 beta pulls it all together
Mobile users get faster WAN links
Apple as an obsessive-compulsive case study
/

Reviews /

Response to RFP: Radguard

Today's breaking news
Send to a friendFeedback

By
Network World, 05/10/99

Background

Radguard offers Powell Electrical Manufacturing Co. its cIPro-System, a self-contained flexible solution that will answer its current needs as well as provide the infrastructure for future growth of the Powell network and business needs.

The following offer includes several options that Powell can choose from according to its needs and priorities.

Assumptions/Options

  • Management and monitoring. The Powell will manage its networking in-house. If Powell chooses not to use its own personnel, the cIPro System's flexible design will allow Powell to purchase a managed service with one of Radguard's partners, whereby installation, management, security monitoring, etc. will be outsourced. This will entail a different pricing structure, to be determined with the said partner.

  • Network Architecture. Powell may choose to do one of the following, in addition to replacing its RAS:

    • Continue to use the current Frame Relay infrastructure as its major site to site communications infrastructure, and add an Internet connection for remote access purposes only.

    • Add a backup infrastructure (e.g. Internet or any other public network).

    • Add a new infrastructure (e.g. over the Internet) and use the current WAN as a backup.

    • Replace the current infrastructure altogether with Internet connections only.

  • DMZ. Powell may choose to segment its network, to move its mail and web servers, and in the future other servers, into a designated, secure area outside the LAN. The cIPro System's unique cIPro-DMZ provides an affordable solution to this issue.

  • Security. No matter what Powell chooses to do, Radguard's cIPro-System would allow Powell to transmit all corporate data securely, utilizing IPSEC/IKE with up to 168 bit 3DES encryption, whether data go over Frame Relay, the Internet or other public networks.

  • Firewall. Since Powell will use an Internet connection for at least remote access, it might choose to use the connection for other purposes. The cIPro-System's components can provide firewall functionality to allow Powell to use this connection securely.

  • Redundancy. The cIPro-System's unique redundancy scheme will allow Powell to have hot standby connections at each site. Depending on the chosen network architecture, these can be used on different networks, or on different entry points to the same network (e.g. via 2 or more different ISPs). This will allow Powell to surpass its target of 99.9% uptime and fault tolerance requirement.

Recommendations

Radguard's cIPro System will interconnect Powell's central office and its subsidiaries, by deploying a cIPro-HQ (which includes a Certificate Authority) in the central office and cIPro-VPNs in each remote location. All VPNs will be centrally managed using an HP-Openview platform at the central office.

The RAS functionality will be replaced by installing the IPSEC cIPro-client software for each member of the traveling groups. This will allow all traveling personnel to connect to the internal network securely, using multiple ISPs. The move to the Internet from Powell's existing dial up architecture will reduce considerably the costs of remote Intranet access.

The following cIPro System attributes will prove especially useful in answering Powell's specifications:

  • Simple installation. A plug-and-play installation that requires minimal changes to the current network. Auto-topology learning allows cIPro devices automatically to learn the structure of the network, thereby eliminating the need for tedious configuration.

  • An enterprise X.509 Certificate Authority eliminates the hidden cost of purchasing certificates

  • The cIPro system is compatible with a number of different authentication schemes

  • Client licenses are determined by the number of users and not connections users may make. The addition of remote access destinations is a management factor relating to security policy and does not entail additional costs.

  • Increased security - all internal traffic will be IPSEC protected, including SNMP management. cIPro devices will only accept SNMP traffic that is IPSec/IKE protected.

  • Each cIPro component can support up to 100mbps, which will allow for future upgrades of the connections to the WAN/WANs.

  • RADGUARD's Commitment to IPSEC (the cIPro System is ICSA IPSEC certified), will allow for future applications, depending on Powell's changing business needs (e.g. Extranet connections with trading partners and suppliers).

  • The cIPro system's management system, cIPro-MNG, is a GUI, policy-based network management system which provides complete control over secure network communications, with simple drop down menus and easy to follow graphic icons.

  • Adding to the flexibility of cIPro-MNG is the capability to work as a stand-alone product or with HP Open View. In both formats, cIPro-MNG presents VPNs in the form of easy to understand network maps. The user clicks on easily recognizable icons in order to select and change the policies of specific gateways. Both versions provide the same level of security audit functions, including textual information on SNMP traps and visual indication of alarm events.

  • The cIPro system includes fault tolerance and restoration features to maintain network traffic even under the harshest conditions. It supports automated redundant topologies directly to the gateway and comprehensive back-up features for network certification, topology and security association policies.

  • Option for ways other than dial-up (DSL, Cable, etc.) for engineers requiring heavy bandwidth. Supported by the cIPro Client.

  • Optional cIPro-DMZ in central site for servers, keeping internal networks on a separate, more secure segment

  • As long as Powell continues to use IPX over the WAN, the cIPro system will allow forwarding of IPX traffic.

Support and Maintenance

All RADGUARD products include a full one year warranty, in addition to regular product upgrades for the duration of the warranty. Support is provided by RADGUARD's technical support department.

Cost

The above configuration, which includes the equipment necessary for the central office and the 8 subsidiaries, as well as the management software and a 100 client license amounts to $59,500. This quote includes the following components:

  • 1 100 Mbps headquarter VPN gateway (combined enterprise certificate authority and IPSec device)

  • 8 100 Mbps VPN gateways for remote sites

  • 100 clients for remote access

  • VPN Management software

  • Secure certification tokens

Options:

  • DMZ functionality to the Central Office with a cIPro-DMZ: $5,500

  • Additional cIPro-VPN devices for redundancy: $6,450 per site

  • Firewall module for Internet connections (including NAT functionality): starts at $950 per site

For further information please consult http://www.radguard.com.

RELATED LINKS

Additional responses
Plus the original RFP and a sample RFP from The Gartner Group.

Review: VPNs
We test 15 products. Network World, 5/10/99.

Interactive VPN buyer's guide
Find a VPN that best matches your critieria.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.