| We invited leading IPSec-based VPN vendors to
provide their best products for serving up enterprise-class
remote access to thousands of users. We tested 10 products from
ActiveLane, Avaya,
Check Point Software running on Nokia's hardware, Cisco, Cylink,
Imperito Networks, NetScreen Technologies, Secure Computing,
SonicWall and Symantec.
(For declining vendors, see
story.)
In our evaluation, we considered deployment and support
burden, management overhead, suitability for enterprise
networks, flexibility, reporting capabilities and client support
(see How
we did it). Rather than focus on a particular model of VPN
server, we encouraged VPN vendors to show us an entire set of
products that address remote access VPNs, including
concentrators, management applications, and hardware and
software clients (see NetResults for full
product listing).
Cisco and Check Point came in way ahead of the pack in our
tests. While Cisco barely edged out Check Point in the overall
score, we handed both products a World Class award because both
companies have clearly considered the issues of enterprise
remote access and built products that are easy to use, deploy
and update, but are not arbitrarily limiting in terms of policy,
platform or features.
Honorable mention, though, goes to NetScreen and Avaya. While
neither product set offers all the features and flexibility of
the winners, they've assembled systems that generally do a good
job attacking the problem of large-scale remote access and offer
specific product details that also might sway a decision in
their favor. Avaya's specialized support for voice-over-IP (VoIP)
applications is better than any other, while NetScreen's broad
range of hardware lets you precisely fit resources to
requirements.
Deployment
VPN clients have two pieces: the client software and the
abstract policy that defines how communications are encrypted.
Deployment means getting the software and policy information to
end users and keeping both updated as the network configuration
and topology changes.
|
