As one of the largest electronics component manufacturers and an industry leader, Acme.com strives to deliver quality in its products, customer service and business relationships. The company is experiencing rapid growth, in part through acquisitions of other companies. To maintain control over internal and external network traffic, Acme.com is investigating the viability of using Aventail VPN to segment and restrict access to resources on the network, protect data and ensure that only strongly authenticated users are authorized to obtain resources from the network. Aventail VPN provides layered security so that individuals within key departments--such as research and development, personnel and accounting--and various strategic planning groups can have different permissions.

Aventail VPN's client/server software will allow Acme.com to share select information over the Internet with its customers, suppliers, strategic partners and remote employees. Aventail VPN delivers a comprehensive virtual private networking solution that offers premium security; fast, reliable performance; and ease of use. One of the product's greatest strengths is that it provides tiered access control for real-world business environments, in which remote employees and third-party users need fast, easy access to information and applications on corporate networks.

Aventail VPN is built around a directed architecture that uses open standards. It easily integrates with other best-of-breed security solutions, including emerging authentication and encryption methods. The result is a flexible, scalable framework for highly secure communication, enabling companies to achieve a true competitive advantage while saving money.

Aventail's highly acclaimed VPN solution brings together the greatest possible combination of authentication, encryption, access control, data-stream filtering, APIs, and auditing and reporting capabilities so that corporations like Acme.com can easily map their security policies to their networks.

In addition to sharply reducing remote-access and dedicated-connection charges, Aventail VPN will:

· Secure intranet, remote-access and extranet communication between Acme.com and its employees (internal and remote), partners, suppliers and customers around the world;

· Scale easily and affordably, an important feature for Acme.com, which is expected to increase its remote user base by 200 percent within two years;

· Provide easy, centralized management for globally distributed sites, with the ability to set up various levels of access for different users, groups and sites while ensuring compliance with encryption policies as they relate to the U.S. and foreign governments;

· Restrict access so that users in key departments at Acme.com can have different permissions on the network and enable different sites to set up their own systems to control inbound traffic;

· Provide user authentication within the existing framework of NDS and Windows NT Domains to simplify management for the network administrator--relying on user identity rather than IP addresses for authentication has the added benefit of preventing passive attacks and spoofing;

·Relieve the burden typically associated with the end-user experience by providing a nonintrusive client that preserves everything on the desktop and making the VPN virtually invisible to the user;

·Support almost all variants of Windows and Unix machines for both servers and clients, so that Acme.com's remote users will have no trouble connecting to their local ISP using Windows95/3.1/NT desktops and laptops (Macintosh systems are not currently supported, though users can deploy a Windows environment on top of their Macintoshes to run the VPN when circumstances require it); and

· Leverage Acme.com's existing hardware and software investments in the LAN and WAN infrastructure, including Acme.com's X.25 EDI (Electronic Data Interchange) system.

While most VPNs provide basic encrypted tunneling, Aventail tightly integrates encryption, user-based authentication and access control, and does so in a way that allows Aventail VPN to interoperate with most security systems. Aventail is committed to solving Acme.com's VPN needs and will guarantee extensive customer support. By providing affordable, scalable, real-time secure communication over the Internet, Aventail VPN will enable Acme.com to grow its business seamlessly.

Network Computing's Evaluation of Aventail Corp.'s Response

Aventail's VPN solution is unique in its focus on user-based authentication, access control and auditing. IPSec implementations feature peer-to-peer encryption with no access control on application services (access control is typically provided by a firewall), and the VPN passes traffic in both directions. Aventail's solution presents a client/server approach to network security at the application layer with VPN servers protecting sensitive networks. The VPN server is entirely software-based and runs on readily available commodity hardware. Aventail's VPN client supports Windows95/3.1/NT, but lacks direct support for MacOS. The VPN client can run within a Windows emulator on MacOS, but this isn't optimal because emulation is not stable and slows desktop performance. Remote user support is offered through a partnership with iPass.

Unlike other VPN solutions in this roundup, Aventail's is based on configuring user access to accommodate access control, encryption and authentication. While LAN-to-LAN configurations are possible with the VPN server, they eliminate the advantages of user-based access control. The VPN server can access existing user databases, such as Windows NT Domains, Novell's NDS and RADIUS for authentication, negating the need for additional user management. The VPN server contains manyaccess rules that define who can access which services, the level of authentication needed, and the encryption requirements. These access rules can also be asymmetric, meaning that access to a resource from one location can be different from access to the same resource from a second location.

Currently, Aventail supports console management of the VPN server; however, in Q3 1998, remote management will be introduced. In Acme.com's distributed network, this limitation exists anywhere more than 20 servers need to be managed. Since each user participating on the VPN requires a client on the desktop, this also means hitting every desktop for client installation and modification. Client management is eased by Aventail's zero administration client, where the server detects obsolete software and configuration files and automatically updates the client.

Aventail's VPN server supports basic user name/password authentication, as well as more advanced schemes like token cards and certificates. Since the VPN server runs over IP, data traffic can be encrypted via existing methods with authentication as access control provided by Aventail. In the absence of existing encryption, as in Acme.com's case, the VPN server offers strong encryption with DES (Data Encryption Standard), Triple DES and SSL 3.0 (Secure Sockets Layer). Aventail will work with Acme.com to achieve the appropriate export rights for encryption.