Network managers should view this consolidation with caution, however. When buying VPN hardware and software, be absolutely sure the product offers total IPSec compatibility. Your vendor should be participating in the various industry VPN bakeoffs, and hold VPN Consortium membership or International Computer Security Association certification, as all offer some proof of interoperability.
An important result of all this motion in the VPN marketplace is the scaling of the "Intel wall," a barrier present in standard PCI-based computing systems that has effectively limited CPU-based encryption to about 6M bit/sec. The general trend of the computer industry -- faster and cheaper -- has also been present in the VPN market. Vendors such as Chrysalis, RedCreek Communications and IRE, which have pushed high-end VPN acceleration products in the $5,000 range, are seeing tremendous competition as hardware-based VPNs become cheap and commonplace. Vendors such as Nokia, NetScreen Technologies, Alcatel and Radguard are offering complete VPN systems with 50M bit/sec to 100M bit/sec encryption throughput for about $10,000. In general, the price for high-speed encryption at near 100M bit/sec speeds has dropped by approximately 50% in the past 18 months.
Network managers are already accustomed to budgeting for equipment in January that costs less in July. VPN equipment will follow the same trend. The biggest sweet spot for budgets is going to be in the greater-than-100M bit/sec market, in which products at 100M bit/sec to 1G bit/sec will continue to drop amid increased competition.
Ready for companies
Enterprise-level features, such as high availability and client deployment tools, are now readily available with VPN product offerings.
As recently as last week RedCreek teamed with Cyber IQ Systems to announce a high-availability VPN package called the ReD i-Cluster that ties together two RedCreek Ravlin 7160 VPN gateways using Cyber IQ HyperFlow3 clustering and load-balancing product.
In terms of high availability, vendors had only limited support for master/slave VPN servers in mid-1999. Now enterprise managers have no less than four load-balancing/high-availability VPN products available from Rainfinity, Foundry Networks, Stonesoft and Nokia. In addition, as our testing demonstrated (see story, page 76), Radguard, NetScreen and Alcatel (Timestep) also make reliable and network-ready high-availability VPN devices that will help bring VPNs out of the lab and into production networks.