While many software and hardware vendors now offer some partial VPN solution, VPNet Technologies is the first to offer a completely integrated VPN system. VPNet, founded in October 1995, was the first company formed with an exclusive focus on VPNs and the first to develop a dedicated, hardware-based VPN solution.

VPNet products are standards-focused, complying with the latest networking and security standards from the IETF. Experience in both networking and security disciplines is essential to developing and deploying high-performance, cost-effective VPN solutions. Here are some of the features and expertise VPNet offers:

· Wire speed IPSec (IP Security) VPNs, including Triple DES (Data Encryption Standard) encryption at 10 Mbps;

· Wire speed data compression for higher throughput and improved quality of service;

· Support for fully meshed tunnel-mode VPNs. While some tunneling solutions require all network traffic from a given site to be tunneled to only one destination, VPNet products support multiple simultaneous VPNs. Thus, VPN traffic can be targeted to multiple destinations, simultaneously improving performance, expanding connectivity and simplifying network design.

· Network address translation support, providing the capability to use private, unregistered addressing schemes for improved security and greater flexibility.

· A high degree of integration with the VPNywhere system, including all the components needed to implement a high-performance VPN, and centralized, secure VPN-centric configuration and management. The VPNmanager Tool Suite provides a single, Web-based interface for configuring an entire enterprise VPN. Using a simple, object-based interface, VPNs are configured quickly and securely, with all management traffic to and from VPNmanager secured using the SSL (Secure Sockets Layer) protocol.

VPNet's VPN Service Unit VSU-1010 and VSU-10 combine standards-based encryption, authentication, key management and compression technologies to provide IT networking support to multinational enterprise, branch-office and remote sites.

VPNremote client software lets telecommuters, mobile workers and other remote users take advantage of dialed Internet connections for convenient, low-cost, secure remote access. The VPNmanager Tool Suite lets network managers define, configure and manage VPNs from any computer hosting a Java-compatible browser. All the domestic VSU products support Triple DES encryption, the strongest data encryption technology. The international versions ship with 56-bit DES but can be upgraded later to Triple DES via software with no loss of performance.

We are confident that the total solution we are proposing will reduce your operation and management costs and provide superior telecommunications solutions that are truly interoperable.

Network Computing's Evaluation of VPNet Technologies' Response

VPNet offers a nearly complete solution, but like other respondents, such as Ascend and RedCreek, it doesn't provide a direct answer as to how departmental networks will be secured by the VPN. It appears the traffic will travel in the clear on Acme.com's LAN. Once the traffic goes over the WAN, the traffic will be encrypted. VPNet's response shows a great deal of detail in how the departments will be secured with numerous visual representations of the logical connections required by Acme.com.

Management of the VPN through VPNet's VPNmanager tool suite allows Acme.com to centrally manage its VPN via a Web and Java interface. Prior to managing the server, however, the client browser must have an X.509 certificate that identifies the administrator to the VSU units to be managed. This scheme currently supports only a single manager per VSU, although VPNet is changing its management structure from a single station to a role-based system that will allow tiered management.

VPNet's resulting network layout makes little change to the underlying network infrastructure using the VSUs with existing WAN equipment. Since Acme.com uses private addressing, the VSU can perform NAT (network address translation) as required for both VPN traffic and non-VPN traffic. However, the layout of the VPN hardware sits at the edge of the WAN access points at each site. While this arrangement allows traffic between sites to be encrypted, the traffic traveling from high security subnets to the VSU travels unprotected. This violates the objectives set out in the RFP. A useful feature in the VSUs is the ability to specify the workstations that can access the VPN. Thus, Acme.com can control who on a protected subnet can get to the VPN.

Remote users can access the VPN using VPNremote client software that runs on Windows95/NT. VPNet suggests Windows 3.x and MacOS users will need to migrate to Windows95 or NT to partake in the VPN. While some users can move to a Windows95/NT platform, the cost of retraining and disruption to users negates the usefulness of VPNremote for Acme.com. What's more, the cost for the VPNremote client is rather high and raises the total cost of deployment. VPNet's handling of IPX traffic is similar to the solution espoused by Bay and TimeStep--use an IPX in IP encapsulation such as NetWare IP. This is acceptable to Acme.com.

Mike Fratto can be reached at mfratto@nwc.com.