The LanRover VPN Gateway connects employees, customers, business partners and corporate systems in a complete, end-to-end virtual private networking solution. Now businesses can take advantage of the LanRover VPN Gateway for both powerful, inexpensive Internet-based business access and unparalleled communications security. By augmenting and interoperating with direct-dial and leased-line connections, including Shiva's full line of LanRover business access products, the LanRover VPN Gateway delivers unparalleled cost savings, security and performance.

As the innovative successor to long-distance dial-in, leased-line and frame relay connections, the LanRover VPN Gateway enables you to significantly cut telecommunications costs by routing corporate data across the Internet and other public networks, through completely private tunnels among remote clients, corporate networks and extranets. The LanRover VPN Gateway gives remote users--including field-based employees, telecommuters, branch offices, customers and suppliers--low-cost access to your business e-mail, data stores and applications.

By incorporating a full-featured, circuit-level firewall, leading-edge security technology that supports DES (Data Encryption Standard) and Triple DES, and intuitive, centralized management utilities with reliable, secure tunneling, Shiva's LanRover VPN Gateway provides companies with a complete VPN solution. In addition, the scalable, redundant architecture is highly reliable for both network administrators and users. This architecture is so flexible that it can be added to almost any network to work in conjunction with the existing infrastructure and support intranet, extranet, WAN and LAN-to-LAN connections. Key features of the LanRover VPN Gateway include:

· standards-based encryption and key management;

· state inspected firewall;

· Triple DES security;

· a choice of X.509 digital certificates, RADIUS, Security Dynamics or Windows NT Domains authentication schemes;

· tunnel status monitoring;

· GUI-based Shiva VPN Manager for configuration of multiple VPN Gateways from any Windows95/

NT system;

· group profiles that simplify configuration and deployment by applying a single change to multiple users; and

· load balancing, redundancy and failover across multiple gateways.

The LanRover VPN Gateway supports a spectrum of security technologies that preserve controlled access, data integrity and privacy. Apply your choice of X.509 digital certificates, RADIUS, Security Dynamics or Windows NT Domains authentication schemes. All sensitive data is protected in private tunnels with standard and Triple DES encryption. You pick the level of security you want to execute on a tunnel-by-tunnel basis.

The LanRover VPN Gateway is easy to implement. All security functions are transparent to users, who see no change in their applications. To make everything easier, the GUI-based Shiva VPN Manager allows your authorized administrators to control multiple VPN Gateways from any Windows95/NT system.

You don't have to sacrifice performance to get all the benefits of VPN. Unlike other VPN tools, Shiva's LanRover VPN Gateway unites fast, proven Pentium technology, dedicated ASIC encryption technology and a real-time, multitasking kernel for both security and performance. The hardware-driven encryption capabilities deliver the power required to ensure responsive performance. In contrast, software-based encryption functions, which append VPN to existing routers or firewalls, are efficient only at low data rates.

Network Computing's Evaluation of Shiva Corp.'s Response

Shiva's recent acquisition of Isolation Systems rounds out its remote-networking strategy with the inclusion of the InfoCrypt security devices into the LanRover product line. The VPN solution proposed by Shiva makes very little change to the overall LAN strategy of Acme.com. Like other vendors in this roundup, the WAN topology changes significantly by using the Internet and VPN technology to lower costs of leased lines. Shiva answers nearly all of Acme.com's requirements, with the exception of departmental security. Like 3Com, Shiva's implementation secures sites with a LAN-to-LAN VPN, but at the departmental level data still passes in the clear internally. Less than adequate coverage for sites in France left us wondering how Acme.com could secure communications among all its sites. While it is true that encryption use is severely curtailed in France, the lack of an encrypted link between France and the London office is unacceptable. At a fixed cost of $106,185, the price of Shiva's proposal is competitive with the bulk of the respondents.

For the most part, Shiva's response is what we would expect of a vendor with a long history in remote networking. Shiva is working to integrate Isolation Systems' products into its product line, and while this is still under way, Shiva offers some unique advantages in its product line. The LanRover VPN Gateway supports failover protection in the event a connection to a VPN gateway fails. Although you can expect to lose your networking sessions when the connection dies (a limitation in TCP/IP), the VPN gateway can initiate a connection to a secondary gateway. The LanRover VPN Gateway also supports load balancing across multiple servers to maximize performance. IPX traffic, problematic for typical VPN implementations, is solved by the recommendation of using NetWare IP and NetWare 4.0 servers to encapsulate IPX with IP.

Shiva's VPN technology uses standards-based IPSec with IKE. Shiva offers its own Certificate authority for certificate-based VPN management, and also supports Entrust. Shiva's recommendation to continue using user name/password pairs for remote users, and certificates for VPN gateways allows Acme.com to leverage its existing user databases for user-based authentication, while providing stronger authentication for gateway-to-gateway tunnels. We would rather have seen a two-tiered authentication system, where user name/

password authenticates the users and certificates encrypt the session.

Shiva provides three levels of service agreements--the LPP (LanRover Protection Plan), SPP (Software Protection Plan) and TPP (Technical Protection Plan)--in addition to a TSP (Technical Support Plan). The main difference between LPP and TPP is the inclusion of two service calls with LPP, for a cost increase of $170. Both plans cover software updates, overnight delivery of failed components, and a newsletter with upgrade information, service patches and known problems and workarounds. The SPP does not provide overnight delivery of failed hardware. The TSP provides a number of prepaid service incidents.