Start-up Turns Spare PCs into VPN Appliances

WAKEFIELD, MASS. (04/22/2000) - If you want the advantages of a 'Net-based virtual private network, but don't want the hassle of setting one up, you might give OpenReach.com a try.

From this start-up's Web site, you download software to turn spare PCs into VPN appliances and install them on the LAN at each proposed node of your VPN. After that, the VPN is pretty much ready to roll, according to OpenReach.com CEO Mark Tuomenoksa.

The service will be demonstrated at NetWorld+Interop 2000 in Las Vegas May 7-12.

All customers need is a Pentium 90-MHz PC or better as well as a dedicated Internet connection at each site.

The service, called OpenReach Service, would be ideal for VPNs among business partners, says Gagan Rastogi, network analyst with Network Strategy Partners in Boston. Ordering dedicated links requires too much lead time, he says.

OpenReach Service is also suited to staff-strapped companies that want a VPN but can't afford the training or personnel to set one up, Rastogi says.

The VPN-enabled PCs create IP Security (IPSec) architecture tunnels when traffic is sent to any of the other nodes, OpenReach.com says. Otherwise, if traffic is going to a Web site on the Internet, it is sent unencrypted.

The OpenReach.com network operations center (NOC) assigns each PC an IP address and distributes a list of all other PCs on the network. They use digital certificates to identify themselves to each other, and OpenReach.com acts as the certificate authority.

Private encryption keys are generated by each OpenReach-enabled PC, Tuomenoksa says. He claims that is done in such a way that not even OpenReach. com's key exchange has access to the private keys. The pro-cess is patent-pending, and Tuomenoksa declined to give details.

Customers can also access the NOC via a Web browser and get reports on latency between sites. That information can be used to check service-level agreements customers may have with ISPs.

OpenReach software includes a Linux-based operating system and supports IPSec tunnels and Triple-DES encryption. It also includes a firewall that the company intends to make compatible with those made by major firewall vendors.

Downloading the software is free, but the service costs $100 per month for a site connected to the 'Net by a 384K bit/sec link. The service costs $300 per month for connections between 384K bit/sec and 4M bit/sec. Anything above that speed costs $1,000 per month. Rastogi says a 'Net connection plus a VPN service from a service provider would cost more.

OpenReach Service will be available in June.

OpenReach.com: www.openreach.com

Join the newsletter!

Error: Please check your email address.

More about InteropNetwork Strategy PartnersOpenReachSECWakefield

Show Comments