Microsoft struts Windows 2000 VPN features
ATLANTA -- Microsoft this week will offer a glimpse into the future world of virtual private networking, a realm where it claims users won't worry about custom clients and can easily set up VPNs with business partners.
Microsoft is teaming with Cisco, Nortel Networks, 3Com, Altiga Networks and Routerware to show that Windows 2000 can establish and maintain VPNs over the Internet based on IP Security (IPSec) standardized encryption.
The interoperability of Windows 2000 tunneling with other vendors' equipment means it will be easier to set up corporate VPNs, says Craig Darling, a network analyst with Idex Laboratories, a veterinary-products testing firm in Westbrook, Maine.
In a Windows 2000 shop, network managers won't have to distribute VPN clients because they will already be on
end-user PCs as part of the operating system. "You don't have to worry about getting an IPSec client out to them. Orchestrating that for 2,000 or 3,000 users is quite a chore. You also won't have to orchestrate distribution of new software versions," Darling says.
Interoperability also gives customers the flexibility to buy VPN equipment from multiple vendors. For example, customers can use more than one vendor to supply VPN gateways at different corporate sites, but they can still use the Windows 2000 client to connect to all of them.
Mixing and matching VPN gateways would let Windows 2000 shops set up
branch-office VPN connections using Windows 2000 Server, while using more powerful, specialized gateways from other vendors at central sites.
With better compatibility among VPN vendors, customers can also easily establish VPNs with business partners. Without interoperability, partners have to haggle over which common VPN platform they will share.
The VPN demonstration relies on using previously shared encryption keys. Microsoft is having interoperability trouble with its mechanism for exchanging keys on the fly.
Microsoft's new VPN software replaces its current VPN offering in Windows 98, Point-to-Point Tunneling Protocol. PPTP was a first stab at creating secure encrypted tunnels over the Internet, but many users felt the protocol was too weak.
IPSec uses Triple Data Encryption Standard and is considered more secure. Now Microsoft can say it supports the highly regarded IPSec standard as well as Layer 2 Tunneling Protocol (L2TP), which is on its way to becoming a standard.
In Windows 2000, L2TP and IPSec are used in combination.
The NetWorld+Interop '99 Atlanta show will run a VPN interoperability test on its Interop Labs network. Vendors will try to establish IPSec tunnels and pass data with as many vendors as possible. Parti-cipants are Check PointSoftware, Cisco, Compatible Systems, Datafellows, Intel, InterDyn, Linux Free S/Wan, Microsoft, NetScreen, Nortel Networks, Radguard, RedCreek, VPNet and Xedia.
In other VPN news, Altiga is announcing auto discovery, a feature that enables multiple Altiga Access Concentrators to automatically advertise the internal IP addresses at each site. That ability eliminates manual configuration when new concentrators or subnets are added to the VPN, Darling says.
Altiga also is announcing support for two public-key standards that will enable its VPN Concentrators to talk to more vendors' public-key infrastructure gear. The standards, known as PKCS7 and PKCS10, make it easier for Altiga's Concentrators to share encryption keys with gear made by other vendors.
NetScreen Technologies will introduce a new VPN apppliance called NetScreen-5 for branch offices. The device sits between branch-office LANs and branch-office WAN connections. NetScreen-5 provides a firewall, traffic shaping and IPSec tunneling. The device ships this week for $1,500.