Nortel Tunes VPN Gear

Nortel beefs up its Contivity VPN gear to go after higher-end users

May 6, 2003

4 Min Read
Nortel Tunes VPN Gear

Nortel Networks Corp. (NYSE/Toronto: NT) today announced a major upgrade to its Contivity line of customer premises virtual private networking (VPN) products, including a new hardware platform, called the Contivity 5000, along with several new software enhancements (see Nortel Debuts VPN Gear).

The latest moves are all about scaleability. Specifically, Nortel has doubled the number of branch offices, offsite workers, customers, partners, and suppliers that can be connected through the Contivity product line. And with the new software enhancements, it improves the management and security features needed to provide large-scale VPNs.

The reason to go after these high-end VPN deployments is simple: It’s where the money is. The total revenue last year for VPN and firewall appliances topped out at $1.4 billion, according to Infonetics Research Inc. More than half of that money was generated from the sale of high-end solutions that offer greater scaleability and performance, says Jeff Wilson, an excutive director at Infonetics.

Nortel already has a long list of carriers using Contivity to offer managed VPN and remote access services for enterprise customers, including BellSouth Corp. (NYSE: BLS), Cable & Wireless (NYSE: CWP), Equant (NYSE: ENT; Paris: EQU), Sprint Corp. (NYSE: FON), and WorldCom Inc. (OTC: WCOEQ).

But the company is by no means the only vendor offering these products. For the fourth quarter of 2002, Nortel trailed Cisco Systems Inc. (Nasdaq: CSCO) and a joint offering from Check Point Software Technologies Ltd. (Nasdaq: CHKP) and Nokia Corp. (NYSE: NOK) in terms of market share. These companies had 33 percent and 20 percent respectively, while Nortel had about 10 percent of the market, according to Infonetics. NetScreen Technologies Inc. (Nasdaq: NSCN) was a close fourth with 9 percent market share.

So how does Nortel’s new Contivity 5000 platform stack up against the competition? Once again, Nortel doesn’t appear to be the leader in terms of performance. According to Wilson, Netscreen’s 5400, introduced last spring, has much better performance and scaleability (see NetScreen Intros Security Lineup). It can support encrypted traffic throughput of over 6 Gbit/s, whereas Nortel says it supports 400 Mbit/s on the Contivity 5000. Even if it falls short of Netscreen’s performance, this is still a marked improvement from Nortel’s previous generation of product, the Contivity 4600, which supports roughly 200 Mbit/s of throughput.

Nortel’s claim that it can support 2,500 remote access tunnels and 5,000 site-to-site tunnels brings the product up to snuff. The performance is comparable to that of competitors Cisco, Checkpoint/Nokia, and Netscreen. But these numbers could be viewed an a necessary upgrade, as the previous generation product only supports about half the number of site-to-site tunnels.

Beyond pure scaleability, however, Nortel has added some features that make noted improvements.

“I wouldn’t say they are simply playing catchup,” says Wilson. “They are ahead of these competitors in terms of functionality, especially when it comes to routing within VPN tunnels.”

This is where Nortel’s Secure Routing Technology comes into play. This feature allows traffic within VPN tunnels to be routed using protocols like RIP and OSPF. As VPN networks scale, it is easier and less expensive to manage routed VPNs. According to Nortel, this feature can reduce the cost of managing and deploying site-to-site VPNs by 40 percent. Wilson says that Nortel has been at the forefront of incorporating routing in its VPNs, even ahead of Cisco, the leader in IP routing.

The new Contivity software release 4.8 also includes a feature to ensure that remote users do not inadvertently open security holes in the network. This feature, called Tunnel Guard, checks whether remote users are employing virus protection and personal firewalls in accordance with a company's security policies. At the same time, the Firewall User Authentication feature allows certain portions of the VPN service to be cordoned off with password protection.

The Remote Access Manager 2.0 enables tens of thousands of dial-up users to access the corporate infrastructure via the closest, cheapest, or best-performing ISP access point.

The Contivity 5000 and the software features, which can be run on any Contivity platform, will be available in the third quarter of 2003. The list price for the Contivity 5000 is $45,000. This price includes one crypto accelerator card.

— Marguerite Reardon, Senior Editor, Light Reading

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like