Scorecard
| Client mgt |
Client perform- ance |
Security features |
User account- ing |
Admin. |
Install- ation and Docu- menta- tion |
Total | |
| 20% | 20% | 15% | 15% | 15% | 15% | ||
|
TimeStep Permit Enter- prise 1.2 |
8 | 7 | 8 | 8 | 6 | 7 | 7.35 |
|
Indus River River Works Enterprise VPN 1.2 |
6 | 8 | 7 | 9 | 7 | 6 | 7.15 |
|
Altiga VPN Concen- trator Series 1.2 |
6 | 7 | 7 | 7 | 8 | 8 | 7.10 |
| Intel VPN Gateway Plus 6.7 | 8 | 7 | 8 | 7 | 6 | 6 | 7.05 |
| Check Point VPN-1 Gateway 1.2 | 7 | 7 | 9 | 7 | 6 | 6 | 7.00 |
|
Lucent Security Manage- ment Server 4.1 |
6 | 7 | 8 | 8 | 7 | 6 | 6.95 |
| VPNet VPNware 2.51 | 6 | 8 | 5 | 6 | 7 | 7 | 6.55 |
| RadGuard cIPro System 4.0 | 6 | 7 | 8 | 6 | 6 | 6 | 6.50 |
| Red Creek Ravlin 7100 3.3 | 5 | 7 | 7 | 6 | 5 | 7 | 6.15 |
| Data Fellows F-Secure VPN+ 4.2 | 5 | 7 | 8 | 6 | 6 | 4 | 6.00 |
|
Info- Express VTCP/Secure 4.2 |
5 | 8 | 5 | 7 | 4 | 4 | 5.60 |
Note: Individual category scores are based on a scale of 1-10. Percentages are the weight given each category in determining the total score. The World Class Award goes to products that earn 9.0 or above on our scorecard.
NetResults
Ravlin 7100 v3.30
Red Creek Communications
Web site
Pricing: $19,000
Pros: Easy to set up; quick to configure and install
Cons: Mgmt does not scale to large numbers of users or servers
VPN Concentrator Series v1.2
Altiga Networks, Inc.
Pricing (1,000 clients): $5,760 (street)
Pros: Excellent management utility; very good picture of what is happening now on server; easy to deploy
Cons: Accounting weak; cannot use Internet while tunneled efficiently
SafeNet/Soft-PK
Information Resource Engineering, Inc.
Web site
Pricing (1,000 clients): $7900; add $10,000 for server
Pros: Client-only solution good for multiple vendor environment
Cons: Hard to roll out large numbers of users with provided tools
Permit Enterprise v1.2
TimeStep Corp.
362 Terry Fox Drive
Kanata, Ontario
Canada
K2K-2P5
Tel: (613) 599-3610
Fax: (613) 599-3617
Pricing (1,000 clients): 25,490
Provides excellent support for large user database through CA; hardware easy to install and configure; Strong enterprise management tools, Best PKI support.
Sum-of-parts approach lacks coherence
VPN-1 Gateway v4.1
Check Point Software Technologies
Check Point Software Technologies Inc.
Three Lagoon Drive, Suite 400
Redwood City, CA 94065 Tel: +972-3-753-4555
Fax: +972-3-575-9256
Web site
Pricing (1,000 clients): 56,000 to $96,000 (higher price includes recommended CA); add $10,000 for server
Integrated firewall simplifies some configurations; firewall at client is clean
Pure VPN application complicated by Check Point environment
RiverWorks Enterprise VPN v1.2
Indus River Networks, Inc.
31 Nagog Park
Acton, MA 01720
(p) 978-2668100
(f) 978-26681111
Web site
Pricing (1,000 clients): 150,000
Dialup user orientation solves dual problems of Internet and VPN at once; easy installation; powerful diagnostics
High price; no firewall option for client
VPN Concentrator Series v1.2
Altiga Networks, Inc.
124 Grove Street
Suite 205
Franklin, MA 02038-3206
Telephone: (508) 541-7300
Fax: (508) 541-7030
Pricing (1,000 clients): 5,760
Excellent management utility provides very good picture of what is happening now on server; easy to deploy
Accounting weak; cannot use Internet efficiently while tunneled
LanRover VPN Gateway v6.7
Intel Corp.
28 Crosby Drive
Bedford, MA 01730-1437
Phone 1-781-687-1000
Fax 1-781-687-1001
Pricing (1,000 clients): 17,375
Simple installation on client; client deployment tool helps with large installations; good client security options
Lacks accounting data for IPSEC sessions; no analysis tools.
Security Management Server v4.1
Lucent Technologies
600 Mountain Ave.
Murray Hill, NJ 07974
United States
908 582-8500
Web site
Pricing (1,000 clients): 9,995 to $13,490 (higher price includes recommended accelerator)
Very complete management toolkit; nice multi-system configuration and control
Lucent firewall+VPN gets in the way of some VPN configurations
VPNware 2.51
VPNet Technologies, Inc.
1530 Meridian Ave. San Jose, CA 95125
Phone: (408)445-6600
Fax (408)445-6611
Pricing (1,000 clients): 34,050
Client deployment easy; supports multiple VPN topologies; RADIUS supports configuring client parameters
Java management GUI not stable; no accounting data
cIPro System v4.0
RadGuard
575 Corporate Drive
Mahwah, NJ 07430
Tel: (201) 828 9611
Fax: (201) 828 9613
Pricing (1,000 clients): 45,000 (approx. street price)
Management integrated with HP-OV (optional) for enterprise environments; offers configuration flexibility
Lacks accounting data
Ravlin 7100 v3.30
Red Creek Communications
3900 Newpark Mall Road
Newark, CA 94560
Main: (510)745-3900
Fax: (510)745-3999
Web site
Pricing (1,000 clients): 19,000
Easy to set up; quick to configure and install
Management does not scale to large numbers of users or servers
F-Secure VPN+ v4.2
Data Fellows Corp.
675 N. First Street, 8th floor
San Jose, CA 95112, USA
tel (408) 938 6700
fax (408) 938 6701
Web site
Pricing (1,000 clients): 48,990 (add $10,000 for server)
SMS-like functionality to manage more than VPN; strong Windows networking integration
Complex management environment; Requires Windows networking
VTCP/Secure v4.2
InfoExpress, Inc.
425 First Street, Suite E
Los Altos, CA 94022
650.947.7880 Voice
650.947.7888 Fax
Pricing (1,000 clients): 70,000 (add $10,000 for server)
Multi-platform client and server support; client live failover
User interface primitive and barely functional; it's difficult to manage environment
How we did it
We built a test bed that included a single client workstation connected to a tunnel server. At the other end of the tunnel server was a server we used for connectivity and performance testing. The test server was a 500 MHz Alpha system with 256M bytes of memory running Digital Unix. We used the slowest system in our lab, a 200 MHz Pentium PC running Windows 95 OSR2.5, as the client workstation to try and emulate the performance characteristics of a typical notebook user dialing in to the network.
For each of the products we tested, we looked at installation and configuration on the client workstation, and we tested performance to see how adding VPN software changed the overall end user experience. We didn't test interoperability, because few enterprises run one vendor's client against another's firewall. While it would have been nice to test the claims that vendors make regarding the total number of tunnels supported on their products, we felt that the only reliable way to make such a test would be to have hundreds or thousands of workstations dialed in. For that reason, we looked only at the impact that adding VPN encryption would make on the end user's network performance and latency. We decided not to use analog modems to connect from the workstation to the tunnel server because we've found that even in a controlled environment, analog modems offer inconsistent results from test to test. We used an ISDN connection, limited to a single 64K bit/sec channel, which gave us delay and latency similar to that of a modem while offering a repeatable test environment. Both the workstation and server ran our TCP/IP-based latency and throughput test software. The test software measured latency from the client workstation to the test server, using both small and large IP packets with compressible data. The throughput test measured unidirectional TCP throughput, which would be typical of an HTTP download of a slightly compressible file, such as a graphic image or executable program.Snyder is a senior partner at Opus One in Tucson, Ariz., specializing in security and messaging technologies. He can be reached at joel.snyder @opus1.com. Scorecard, NetResults and How We Did It
Key findings, vendor contact info, pricing and a look at our test methodology.
Review and buyer's guide: VPNs
In-depth review of site-to-site VPNs, plus an interactive database that lets you find the VPN that best matches your criteria. Network World, 5/10/99.
