Network Computingwww.networkcomputing.com

TimeStep's flagship product line, PERMIT Enterprise, is the most complete secure VPN solution for branch-office internetworking (intranets), peer-to-peer networking with business partners (extranets) and Internet remote LAN access. Proven to be fully IPSec-compliant (IP Security) in previous ANX (Automotive Network eXchange) IPSec interoperability tests, PERMIT Enterprise will adapt to any organization's VPN needs, regardless of the size or complexity of its applications. High-performance gateways coupled with robust IPSec clients, all tightly controlled via a powerful management suite, allow PERMIT Enterprise to deliver unprecedented flexibility and scalability.

PERMIT Enterprise enables your business to establish secure communication paths via the Internet to branch offices and to remote workstations or mobile users anywhere, with strong encryption and data integrity. Designed for VPN applications that can easily encompass thousands of nodes, PERMIT Enterprise integrates secure VPN, access control and authentication in a single solution.

PERMIT Enterprise lets network managers create multiple secure VPNs through its powerful central management suite, PERMIT/Director�. Using a simple GUI, network managers can assign users to different VPN groups based on the business needs of the external partner or internal employee--whether he or she on-site or on the road. This is made possible via the LDAP-compliant directory, which stores X.509 attribute certificates that define user profiles.

Through this group-based policy manager, network managers can create detailed profiles that customize a user's access privileges to the corporate network and determine who can speak to whom. This is ideal for business-to-business communications in which several customers, vendors and colleagues can collaborate in real time over a secure multicompany extranet. For example, automobile manufacturers and their suppliers can share design specifications and arrange shipments, lawyers can share confidential briefs with clients and colleagues, and banks can transfer funds and portfolio information.

PERMIT Enterprise is also the only IPSec-compliant solution with an open architecture capable of hooking into any standard X.509 PKI (public key infrastructure). This allows PERMIT Enterprise to deliver the Internetwide scalability and advanced business intranet and extranet solutions that multinational corporations and network service providers demand. Integration of Entrust Technologies' PKI technology enables PERMIT Enterprise to offer sophisticated capabilities, such as cross-certification, digital certificate management, certificate revocation checking and LDAP-compliant directory structure support.

Other Key Benefits Include:

· sophisticated tunneling options, such as TimeStep's

unique Virtual Tunneling� for mobile users;

· remote configuration of the secure network;

· an easily expanded, modular component architecture;

· the ability to have layered secure VPNs, with multiple groups of communicating nodes using the same hardware;

· support for multiple secure VPNs;

· unprecedented scalability for secure VPNs that can painlessly encompass thousands of nodes;

· true interoperability, putting the IPSec standard to work for you, with automatic extranet connections to business partners, customers and suppliers;

· true standards-based architecture, guaranteeing your infrastructure will be upgradable for years

to come;

· flexible support of a range of the best in cryptographic algorithms, including DES (Data Encryption Standard), Triple DES, CAST, RC5, Blowfish, IDEA (optional), RSA, DSS, HMAC, MD5 and SHA1, making international secure VPNs practical; and

· hardware designed specifically for secure VPN performance and to meet FIPS 140-1 security criteria.

Network Computing's Evaluation of TimeStep Corp.'s Response

TimeStep's response covers nearly every Acme.com requirement except integration with the existing user database. It also bypasses the issue of support for IPX, though this was not a stated requirement. Permit Enterprise, TimeStep's VPN solution, provides hardware encryption, remote client and the Entrust PKI server and database. These pieces need not be purchased together, though TimeStep's packaging saves money. Like Bay's solution, TimeStep's response provides VPN security among Acme.com's key departments. TimeStep's consulting and service offerings don't seem to be as extensive as Bay's and those of others, including Shiva and PSINet. Consulting seems to be an evolving department in its portfolio of services.

TimeStep Enterprise is a complete solution, which is unique among the responses we received. While Permit Enterprise doesn't support existing user databases, the bundled Entrust PKI certificate authority server offers a robust user management scheme with the potential for providing the basis of a scalable, extensible user database that can be leveraged by Permit and other network services. This is fundamental for Acme.com, which is interested in building infrastructure to support current and future projects. Entrust provides the basic certificate authority services complete with an Informix database. Permit Director imports users from Entrust and, by moving users into groups, implements a security policy. When the policy is set, Permit Director publishes attribute certificates back to the Entrust database.

Like Bay's and ADI's proposals, TimeStep's solution protects departmental networks with Permit 2520 gateway. The 2520 is a 4-Mbps security gateway that supports IPSec connectivity with IKE. TimeStep assumes that Ethernet traffic rarely goes above the 4-Mbps limit and all WAN links are at T1 speeds or lower. While that aptly describes Acme.com's current WAN, it leaves little room for expansion on the busier New York, London and Paris links. TimeStep doesn't directly support IPX--its suggestion is to tunnel IPX in IP--but unlike Bay, TimeStep doesn't support PPTP or other Layer 2 tunneling protocols on the gateways. TimeStep is based in Canada and has received approval to export 56-bit DES encryption. However, there is no discussion about encryption controls for the sites located in France, where approval for key lengths longer than 40 bits are difficult to come by.

Support and training don't seem as complete as the services offered by Bay. While the standard support package is similar to others', including Shiva's and RedCreek's, the option to customize the support plan should provide the means to tailor support needs to a multinational company like Acme.com.