Virtual Private Networks Made Easy

FRAMINGHAM (03/03/2000) - A large enterprise resource planning software vendor discovered that its archrival had jacked into its last four online conferences.

Ouch. Chalk up another customer for Inc. sells secure virtual private networking as a service built on the fly.

The idea is to let companies with incompatible virtual private networks (VPN) communicate over the Internet securely. If your organization has an online conference planned for tomorrow outside the firewall, you can call today.

The Redwood City, Calif.-based company will build you a private, secure network for the meeting and tear it down afterward. All you have to do is sign the purchase order. The company's biggest hurdles may be convincing large information technology shops that the idea works and preventing big telecommunications companies from copying the idea.

Fortune 500 companies want security, but they're not always willing to do a lot to ensure it. Solid network security requires a big initial investment, as well as expertise in authentication and VPN technology. Moreover, IT is appropriately skeptical about plunging a lot of resources into a changeable technology that lacks standards.

According to Michael Howard, principal analyst at Infonetics Research Inc. in San Jose, "Today, in order to set up secure connections, you have to go through a lot." He says companies must "use a leased line, or both be on the same frame-relay service or somehow set up a private net between the two businesses."

What large companies want, says President and CEO Tyrone F. Pike, is "secure webtone" - as well as bullet-proof security for Internet communications that's provided transparently on demand, with no performance penalty.

The key is's real-time event-based service management. "They're making some pretty complex stuff seem simple," Howard says.

Naturally, performance is a major concern at large IT shops that are mulling over signing on with "You need to prove you're not slowing them down," Pike says.

Joseph J. Ekstrom,'s chief technology officer, says drag is minimal because "actual bandwidth is becoming less of a constraint" at most shops.

Under, he says, "all the IPSec [activity] is taking place in our tunnel termination equipment. So it's all done with a hardware assist. The equipment does all this; the problem is the management of it."

More than a year ago, when officers at's former incarnation, SwitchSoft Inc., were studying virtual network management, "VPN boxes were getting widespread," so the company decided to refocus on the secure-VPN service, says Ekstrom.

Howard says's expertise gives the company more than just a first-to-market advantage. To do what the company does, he says, "there's a lot of arcane, nasty problems that have to be solved. And you can't read manuals and solve these problems - you need to have been there, done that."

Proving What's Possible's biggest hurdle in selling to large companies is that "they think it's impossible," Pike says. "We offer policy-based control over a complex infrastructure. We've been able to do it. Some others have not."

If you build a better mousetrap, bigger companies may swipe it. But hopes that its specialized expertise will influence the Ciscos and AT&Ts of the world to consider joining the company instead of trying to beat it. "I think we'll find a way to partner with a big carrier," Pike says. has seized on secure conferencing, but it's easy to envision other uses for the service. X-Collaboration Software Corp. in Boston rents out a document life cycle management application as an application service provider.

By using's technology, it eliminates the need to embed Secure Sockets Layer-based encryption in its application.

With the server load thus lightened, X-Collaboration says, the company can support 30% more applications per server.

But, says Eric Josephson, director of technical services at X-Collaboration,'s big draw is "greater-than-bullet-proof security." He says Secure Sockets Layer security has been broken - but's hasn't.

If can prove to IT that its service isn't a performance drag and can stave off larger competitors, its "idea is a fundamental service that we'll see everywhere five years from now," Howard says.

Ulfelder is a freelance writer in Southboro, Mass.

VPNX 101 acknowledges that the VPN technologies it offers exist elsewhere. The company's value proposition lies in its integration of the technologies - and the fact that it offers them as a service.

The company's secret weapon is a proprietary service management application called VPNX that "takes away some of the detail work on configuring addresses, setting up firewall filters and so on," says John Watkins,'s vice president of product management.

VPNX pulls in information from different tunnel types and maps it into specially created, highly secure Layer 2 and Layer 3 networks, Watkins says.

"This preserves security but lets us mix-master different technologies," he adds. "We do all the protocols we need to."

Essentially, VPNX dynamically creates IP subnetworks for secure conversations.

"The app is creating and destroying these networks using policy-based network management," Watkins says. Then, out goes the data again.

Limited Competition

Right now, VPNX has very little competition. Most products sold in the network security game - including the Secure VPN portfolio from Murray Hill, N.J.-based Lucent Technologies Inc., Franklin, Mass.-based Altiga Networks' Microsoft-friendly VPN concentrators, New York-based Toshiba America Inc.'s turnkey VPN offerings and Cisco Systems Inc.'s Access VPN program - either include or can be purchased with extensive professional services and training.

San Jose-based Concentric Network Corp., for example, offers Enterprise VPN and CustomLink VPN, which include cradle-to-grave setup and VPN hosting. And service providers such as Washington-based PSINet Inc., local exchange carriers and big communications carriers all offer some VPN services. A few operate on an on-demand basis.

But these products and services are cost-effective only if the VPN will be used on a regular, semipermanent basis, say analysts. The setup can be tedious, which translates into big bucks spent on an outsourced vendor or consultant.

Moreover, if equipment must be installed on the customer's premises, there's usually an ongoing maintenance contract, which can become expensive.

Today, the goal of most VPN equipment makers is to eliminate the need to install equipment at the customer's site. The technology is slowly getting there, and when it does, expect to see many more providers offering services similar to those of - Steve Inc.

President and CEO Tyrone F. Pike says VPNX offers "policy-based control over a complex infrastructure"Location: 805 Veterans Blvd., Suite 316, Redwood City, Calif. 94063Telephone: (650) 569-4900Web: www.vpnx.comNiche: Secure VPNs offered on an as-needed basis to corporationsWhy it's worth watching: The service rolls several notoriously prickly technologies, such as high-level wide-area network security and network management, into a one-stop service. The fact that it's outsourced with a menu of options and pricing schemes will make it attractive to companies that need flexible, irregular VPN service.

Number of employees: 75

Founded: As SwitchSoft Systems Inc., the company originally sold policy-based switch-management systems. It changed its business focus to the current outsourced VPN business and renamed itself in January 1999.

Company officers: Tyrone F. Pike, president and CEO; Joseph J. Ekstrom, chief technology officer; Kurt Johnson, chief financial officerBurn money: Mayfield Fund, Telos Venture Partners and othersRed flags for IT:

- must constantly prove its claim that its service doesn't crimp network performance.

- Outsourcing tedious VPN setup and maintenance is a great idea, so it's sure to be ripped off by bigger vendors. If doesn't grab a big share of the market quickly, it could be squashed by the likes of AT&T Corp. and MCI WorldCom Inc.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Altiga NetworksAT&TCiscoCrimp AustraliaInfonetics ResearchLucentLucent TechnologiesMCIMCI WorldComMicrosoftPSINetToshibaVPNX.comWorldComX-Collaboration Software

Show Comments