High-Tech Dot-Com Proposals

These totals reflect vendor-proposed solutions. However, NetScreen and Rebel.com did not propose CPE for broadband-enabled teleworkers—RapidStream and SonicWALL offered teleworker CPE as an option. Equipping all workers (DSL or dial) with software yields the smallest price tag—an important factor in cost-conscious accounts. But we described our high-tech dot-com as willing to pay for premium services—to a point. For this kind of customer, we believe a teleworker CPE option is an important sales opportunity.

Therefore, the second price given in our table for RapidStream and SonicWALL includes outfitting 20 teleworkers with CPE. One could estimate comparable NetScreen or Rebel.com teleworker configurations by adding NetScreen-5's (from $495 each) or NetWinder 3100's ($1795 each).

Rebel.com proposed the NetWinder 3100 in all three scenarios. Rebel markets the NetWinder as a general-purpose appliance. For example, in this scenario, Rebel suggested that the NetWinder might also be used as an email host or act as a backup mail spool. "All in one" appliances can be attractive to small cost-conscious businesses. In this case, however, we'd probably harden the firewall by eliminating non-essential services.

SonicWALL proposed the SonicWALL PRO ($2995, firewall at 80 Mbps, 100 tunnels at 5 Mbps) for dot-com headquarters. For broadband-connected teleworkers, they suggested the SonicWALL TELE2 ($595, firewall at 70 Mbps, 5 tunnels at 2.5 Mbps). Both appliances include VPN support.

For our dot-com headquarters, NetScreen recommended a NetScreen-10 ($3995, 4000 firewall sessions, 100 tunnels at 16.6 Mbps with 1600 byte packets). According to NetScreen, the "average time to create a typical configuration from scratch [is] 2 to 4 hours."

At dot-com headquarters, RapidStream proposed the RRSA 2000 ($4995, 4000 firewall sessions at 240 Mbps, 200 tunnels at 50 Mbps). For remote teleworkers, RapidStream suggested either their VPN client or the RSSA 500 ($695, 50 firewall sessions at 20 Mbps, 1 tunnel at 10 Mbps). "Since a dot-com may have technical people with a NAT box already installed on their home network, RapidStream has certified the leading NAT boxes that support IPsec pass-through to work with the RapidStream VPN client."

Scenario 3: Distributed mid-size business with 200 employees
Vendors proposed a mix of CPE to upgrade this SMB's existing network of point-to-point branch office links to more economical IPRVnet DSL and Secure Intranet services. VPN clients were proposed to replace in-house dial-up with IPRVnet's Secure Remote Access service. Again, two vendors included a CPE option for teleworkers; two did not. Our calculated price range includes one headquarters gateway, four branch office gateways, 0-20 teleworkers with DSL, and 30-50 mobile workers with dial-up:

Not surprisingly, all vendors proposed replacing this customer's existing HQ firewall with new CPE. However, only NetScreen supplied explicit cost-justification for doing so—that is, savings in software updates and support, reduced demand on branch office CPE.

RapidStream and NetScreen also offered topology recommendations:

• A hub and spoke system allows any NetScreen device to act as a relay (hub) for VPN sessions established between the hub and two VPN devices. Therefore, the NetScreen-5 Elite at each branch office requires only one tunnel to HQ. "The other 9 VPNs could be used for B2B or remote access."
• RapidStream's VPN tunnel switching similarly lets the RSSA 1000's located at each branch office connect back to the RSSA 4000 at HQ. This feature "reduces complexity of configuration and policy management, lowering IPRVnet's ongoing administration costs." With all—public or private—branch office traffic tunneled to HQ, hackers cannot penetrate the network by compromising a branch office Internet connection.

NetScreen proposed adding a second NetScreen-100 ($9995) for high availability (HA). A similar RapidStream HA configuration would add a second RSSA 4000 ($7495). A RapidStream HA configuration would add a second RSSA 4000 ($7495). SonicWALL and Rebel.com did not propose HA configurations, and our RFP did not present HA as a requirement. We consider HA a "nice to have" upsell opportunity. An HA option can alleviate concerns about single-point-of-failure for mission-critical traffic. But we wonder how many customers of this size would ultimately purchase this option?