NT Takes Networks Private in a Virtual Way - Aventail Corp's virtual private networks - Company Business and Marketing

If your company is like most, taking advantage of the latest and greatest communications and Internet technology to increase corporate efficiency and productivity is a high priority. Traditionally, taking advantage of this technology has meant establishing virtual private networks (VPN), but the associated costs, in addition to security concerns, have prevented many corporations from doing so. A Seattle-based company called Aventail Corp. offers solutions that may make corporations give VPNs a second look.

A VPN is a secure connection between two or more locations over a public network. A corporation typically establishes a VPN between various remote sites or business partners. VPNs are based on three different models: the traditional remote access model, in which users dial into a corporate network; the traditional VPN, which comprises leased lines and carrier services; and a new VPN model that uses the Internet.

By basing their VPN services on the Internet, Aventail provides a solution that avoids recurring carrier access charges, the expense of installing leased lines or modem banks, and the cost of telecommunication vendor services that previous implementations of VPNs required. "As remote access and leased-line infrastructure becomes more expensive, harder to manage, and less scalable, companies are looking for alternative solutions that allow them to leverage their existing Internet investments," says Evan Kaplan, Aventail president and CEO. Aventail is positioning its MobileVPN and PartnerVPN products as viable Windows NT- and UNIX-based VPN solutions.

MobileVPN is an alternative to traditional dial-in network access that replaces modem banks and telecommunication lines with a single Internet connection, through which all remote access traffic enters the corporate network. PartnerVPN functions in much the same way, but is designed for intercorporate communications with partners or distributed sites, requiring an Aventail VPN Server on each end of the Internet link. The Mobile VPN model features a single Aventail VPN Server. Both solutions act as a circuit-level gateway, acting as a proxy at the session layer; no direct connections are made to the actual corporate network as a result.

Because the Internet is not known as a terribly secure conduit for sensitive and critical business information, basing a VPN on the Net raises the issue of security. MobilVPN and PartnerVPN are based on the concept of directed VPNs, in which two unidirectional connections are employed between networks, instead of tunneling, in which one bidirectional connection is employed. Bidirectional connections are more insecure because security breaches can affect both connected networks; in a unidirectional connection, only one network is affected.

A directed VPN uses IP to establish directional control of information across a VPN. It also offers capabilities above and beyond typical tunneling solutions, including the ability for IS managers to specify access on the basis of sources, destinations, applications, encryption/authentication and other filtering profiles. Directed VPNs also provide data encryption and user-based authentication. In contrast, VPNs based on tunneling are not as secure or do not offer as many features.

In addition, Aventail has imbued its MobileVPN and PartnerVP products with multiple security protocol compatibility: Its VPN software now supports SOCKS V5, PPTP, IPSEC and L2TP. The products are also designed specifically to securely traverse existing firewall products.

"The difference between firewall solutions and Aventail's VPN solutions is that with Aventail, you have control over individual users, as opposed to individual user locations," says Ron Rappaport, an analyst with Zona Research Inc. (Redwood City, Calif.), who says that the critical issue in whether VPNs achieve any kind of enterprise penetration lies with the SOCKS protocol. "Whether the industry will adopt or embrace SOCKS is the ultimate criteria in determining whether VPNs become a security option higher up in the decision-making process," concludes Rappaport.

[ILLUSTRATION OMITTED]

COPYRIGHT 1997 101 Communications, Inc.
COPYRIGHT 2004 Gale Group