VPN

VPN RFP Lab Eval: Final Thoughts —continued

by Lisa Phifer VP Core Competence, Inc. [January 4, 2002]

Scenario 1: Low-Tech Small Office with 10-25 Employees
How can ISPs satisfy small business accounts that want low-cost, no-effort, no-worry secure broadband Internet access? Our contenders pitched these three solutions:

‡ Performance specs supplied by vendors—not directly comparable since vendor test conditions may vary.

In this scenario, we set the feature bar low and imposed a $2000 price cap. NetScreen's proposal was clearly the lowest in both respects. RapidStream proposed the RSSA-1000 here, but we believe this customer might have be satisfied with the two-port $695 RSSA-500 (see Scenario 2). SonicWALL's 50-node SOHO3 ($995) is required here because the 10-node version ($495) would be too small.

Scenario 2: High-Tech Dot.com with 50 Employees
How can ISPs create incremental revenue opportunities by delivering security to small businesses willing to pay for premium services? This slightly larger SMB also required a DMZ for hosting and traveler/teleworker remote access:

‡ Performance specs supplied by vendors—not directly comparable since vendor test conditions may vary.

‡‡ Digital certificates require SonicWALL's Authentication Service: add $145 per TELE, $995 per PRO.

Here, we used the new NetScreen-50 to replace the retiring NetScreen-10 because the NetScreen-25 ($3595) supports just 25 IPsec tunnels. We substituted the new SonicWALL PRO 200 for the original PRO, but customers needing less firewall might also consider the PRO 100 ($1795, 6000 sessions @ 75 Mbps, VPN extra).

For this customer, we emphasized a rich feature set and incremental revenue from a la carte services. Using SonicWALL, IPRVnet could sell anti-virus, vulnerability scanning, and content filtering—all turnkey services. With NetScreen, IPRVnet could develop similar in-house services by licensing WebTrends software. RapidStream's proposal did not include these services, but IPRVnet might still roll its own with third-party software. Furthermore, NetScreen and RapidStream integrate traffic shaping features that could help IPRVnet differentiate its managed offerings at no additional cost (see Network and Firewall Features).

Scenario 3: Distributed Business with 200 Employees
Secure Intranet and Remote Access VPN services can lure new businesses and expand existing business accounts. Many SMBs are anxious to replace expensive telco branch office links and in-house RAS with more cost-effective Internet-based services. ISPs can tap this market by providing comprehensive, well-integrated, full-featured VPN solutions. Our contenders proposed these platforms:

‡ Performance specs supplied by vendors—not directly comparable since vendor test conditions may vary.

‡‡ Digital certificates require SonicWALL's Authentication Service: add $145 per TELE, $995 per PRO, $1195 for 50 VPN Clients.

Here, we were looking for smooth VPN integration with this midsized customer's existing network and services. As expected, every vendor proposed replacing this customer's firewall with a new appliance. All proposed key features we hoped to see, such as hub-and-spoke VPN, RADIUS authentication for remote access, and dynamic WAN IPs for teleworkers. Although not required by our RFP, NetScreen proposed redundant HQ gateways. For comparison, note that HA is also available on SonicWALL PROs and the RSSA-1000, but not the RSSA-2000.

The NetScreen-100 looks expensive here, but NetScreen might propose the NetScreen-50 ($5995) if it were responding to the RFP today. The SonicWALL PRO 300 appears comparatively inexpensive, but there is a catch. SonicWALL customers must buy digital certificates from VeriSign OnSite—a convenient but pricey upgrade. NetScreen and RapidStream appliances can be used with third-party Certificate Authorities (CAs). Another CA could prove more or less expensive, but the choice is yours—not the vendor's. All appliances can use preshared secret authentication at no additional cost.

All of these vendors resell SafeNet's VPN Client with different packaging and pricing. In our example, 50 mobile employees are covered by licenses included with RapidStream and SonicWALL appliances. Purchasing 50 VPN Client licenses from NetScreen would run $475. But double the number of clients; see how the outcome changes? Ultimately, IPRVnet would probably strike a volume deal for VPN Clients anyway.