I thought I'd write a little more on VPNs, with an eye to
showing how our stuff is (of course) the coolest thing out there,
but also to try to pull together some information.
Firstly, there seem to be several people selling stuff that
does IP tunneling over encrypted tunnels:
- Us (Network Systems)
- Sun (SunScreen)
- Raptor
- some others, I think, but the names escape me..
As far as I know, all solutions are proprietary, none will
interoperate. This will change when IPSec gets more formalised, since it's
basically a standard for doing the same thing.
I think SunScreen does DES (this is actually a guess, they may do
something else, or several somethings), with a fancy key distribution system
(SKIP) that uses central servers. This sounds easy to administrate
centrally. Like YP (sorry, that's a bit of a dig, isn't it?). It is
probably very handy if central administration of a big VPN is what you
want.
Raptor does I know not what. I poked around their web site a bit,
but I could not find the details.
We do DES, IDEA, triple-DES, and something propietary. Key
distribution is peer-to-peer with key signatures verified out of band etc.
Very very PGP web-of-trust. For internal use by US companies in other
countries, we have had good luck exporting the 'everything except triple DES'
package, with (reportedly) about 4 weeks of paperwork, and I gather we do
have people to help you with that.
The basic reason why we win on cost is as follows:
- we are leveraging an existing software base, so development
and maintenance costs are amortised over several years and
several products.
- our hardware is incredibly simple. If you open a Borderguard,
you'll find a wee little board with a few chips. It's slightly
more complex than a modem, built in lower volumes than a typical
modem, which is why it's not $US99.95.
The other guys are writing lots of software from scratch, and
delivering it on hardware with disks and memory management units and so on.
It's all Unix capable, which is completely unnecessary for this particular
application.
If what you want is a VPN box, NSC competes pretty well on features,
and wins hands down on price. If you want something else, application
proxies or what have you, we don't sell that stuff, Raptor, TIS et al
do, it costs more than a VPN box. We sell apples, they sell orange trucks.
If you want an apple, cool, we'll talk. If you need a truck, go talk to
the guys who sell trucks.
I am intending to leave things open so the other guys can jump in
and a) fill in details on their VPN, and b) describe all that other stuff
their boxes do, and I apologise if I have come across as just another
goob flogging his employer's wares.
Andrew
Follow-Ups:
|
|
