Another important corporate feature is client deployment tools for remote-access VPN configurations. Although we didn't see a lot of new products in 2000, the market was still busily absorbing those introduced in 1999, including Intel's (Shiva) remote-access client deployment tool, a new version of IRE's SafeNet client and deployment tool, and the latest version of Indus River's RiverWorks IPSec client and remote-user management tool.
At the same time, most products are lacking in enterprise management for large and meshed VPN networks, and we didn't see new products this year that addressed this problem. Some vendors, such as VPNet, have had this capability for some time. However, corporate management is missing from most products, and we'll be looking for this as a key feature for VPN vendors (new and old) to introduce in 2001 to keep VPNs in sync with the rest of the network.
Network managers who have been waiting for better management features will see some progress, but there's still a long way to go before VPN products will be fully integrated into enterprise networks. Be prepared for higher-than-average management and operations costs for a few years.
Pervasivee VPN technology
Because VPN technology has moved from "magic" to "mundane" this year, more products at the low end are being introduced and refined. For example, small office/home office firewall devices for DSL and cable modem users are now commonly available with VPN features. Vendors such as SonicWall, NetScreen and WatchGuard have pushed hard to bring VPNs to this marketplace at reasonable costs.
This isn't limited to firewalls. Most routers now include some IPSec VPN features, and the open source community is working to get IPSec into freeware and commercial Unix implementations. FreeS/WAN and KAME, two open source IPSec implementations, are available on multiple platforms and have made important stability and compatibility strides this past year.
Network managers may be inundated with IPSec possibilities, but the danger is always in the management side. Getting it to work is now possible, but fitting it into the enterprise infrastructure is no easier than in recent history. IPSec standards writers are beginning to work on simplifying VPN management, but the results are still a few years out.