[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vpn
Subject:    Re:
From:       Jean Chouanard <chouanard () parc ! xerox ! com>
Date:       1998-08-06 22:27:52
[Download RAW message or body]

Another point that I would like to add:
Most of the time, hardware based vpn solution will offer you an IP tunnel
vpn at the IP protocol level, supporting others IP protocols that TCP and
UDP that can be very useful when your end-user used weird application. 
Not all the software based vpn offer that. Some works as application proxy
for tcp and have a (nice) way to support udp also, but that is all.

Hardware base solution have also the advantage, if they are independent box
and not a (PCI) card, of being clients independents and supporting multiple
end users. 
No license per client, no hassle trying to see if all your end users have
some compatible client (OS and HW), no end users laptop support after... 
It may be a price attractive solution for these reason, depending on your
topologies.

I agree to disagree :-) with the fact that HW based vpn offer more
security. If you are not connecting two trusted LANs, users authentication
might be a nightmare.

Also, various vendors are offering a mix of software and hardware solution.
For example support of IPsec in soft & hard solution. 
It will be very interesting in the few months to see how real is the
compatibility between different vendors.

	jean

At 11:25 AM 8/6/98 -0700, someone using Richard Ting's login wrote:
>Michael,
>
>Depending on the type of business problem you are trying to solve, a
>software-based VPN may be more appropriate. Both hardware and software
>VPNs have their merits.
>
>Hardware-based VPNs will typically offer better performance due to the
>fact that there is a dedicated device performing the encryption. This
>type of solution will work well in a LAN-LAN trusted environment. An
>example of this would be if you are trying to connect two or more
>locations of the same corporation together.


>
>It is questionable whether hardware VPNs will offer significant
>performance benefit for mobile users since the main factor here is
>dependent on the line speed and modem.  No matter how fast the hardware
>VPN box can perform, your throughput will still be throttled by the line
>and modem.
>
>Software VPNs can provide a level of policy management, access controls,
>and user-based authentication that many hardware VPNs do not. These can
>be particularly useful in building an extranet where you have business
>partners, customers, and suppliers needing access to your internal
>corporate network. The extranet environment is more of an untrusted
>relationship model. An edge to edge encryption model, which most
>hardware
>VPNs use, is not necessarily the best suited for this extranet
>environment.
>
>I would disagree that hardware-based VPNs offer a higher level of
>security
>and would be curious as to how that conclusion was reached.
>
>Thanks,
>
>Richard Ting
>
   - jean -

****************************************************************
TO POST A MESSAGE on this list, send it to vpn@listserv.iegroup.com

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn@listserv.iegroup.com

****************************************************************

[prev in list] [next in list] [prev in thread] [next in thread]