Cisco Takes a Stab at SSL
The WebVPN software will provide Cisco's customers, which are using the 3000 devices to build VPNs based on IPSec technology, the option to also offer access through SSL. Using the technology, remote workers can secure access to Web applications, email, and client-server applications using a standard Web browser.
Industry experts had been expecting an SSL announcement from Cisco this week (see Cisco Prepping SSL Story).
So is the announcement significant? It's more of a necessity for Cisco, which is trying to catch up to the latest wave in SSL products. Cisco's first stab at SSL will likely be seen as a feature for existing installations rather than a cutting-edge product offering, observers say. Startups such as Aventail Corp. and Neoteris Inc., which was recently bought by NetScreen Technologies Inc. (Nasdaq: NSCN), have emerged as leaders in this category, offering products that scale into the thousands of user connections.
Cisco’s SSL offering addresses its current IPSec remote access customer base, but critics point out that the product lacks the scaleability that will be necessary for large-scale deployments and carrier reseller opportunities.
“My understanding is that this product is more a proof of concept for Cisco,” says John Girard, vice president and research director at Gartner Inc. “It still has issues with scaleability.”
The initial rollout of the software, which isn’t expected to be commercially available until January, scales to a couple of hundred concurrent SSL VPN sessions per device, says Pete Davis, product line manager for remote access VPNs at Cisco. Cisco expects to target its current VPN concentrator customers with the feature. The approach seems to be working.
Stephen C. Smith, a network manager for Keystone Mercy Health Plan, says that he chose Cisco over competing products because he was already using Cisco’s 3000 series for its IPSec remote access VPNs. Smith, whose company employs only about 1,800 workers, also says he only expects to be supporting a maximum of 100 to 200 employees on SSL.
“I didn’t see the need to buy another product that I’d have to manage in parallel,” he says. “We’re only doing a small implementation of SSL VPNs. IPSec will still be the primary remote access technology.”
While the new offering may suit smaller enterprise customers already using Cisco’s VPN concentrator, it will be a tougher sell into new accounts and service providers.
“If you need to support hundreds or thousands of users, this initial product is not for you,” says Girard.
Currently, the bulk of the SSL remote access VPN market is in the enterprise, but analysts say that there is a lot of potential in the carrier market as well (see VPN/Security Market Grows Strong). Typically, enterprise customers bring new technology in-house in the beginning, and then outsource the service as it grows, says Girard. As a result, carriers need a more robust and scaleable solution.
Aventail and Neoteris, the two main market leaders in SSL, both sell to carriers. AT&T Corp. (NYSE: T) is currently reselling a managed service offered by Aventail. Bell Canada (NYSE/Toronto: BCE) is using Aventail appliances to offer a managed service (see Service Providers See Green in SSL). And T-Manage Inc. is using gear from Neoteris (see Neoteris Scores Service Provider Win).
Cisco claims that the product’s pricing will help it compete against more scaleable offerings. The Cisco VPN 3005 concentrator offers 200 IPsec tunnels and 25 concurrent SSL sessions, at a list price of $2,995 per box. Competitor Aventail offers a similar box that starts at $13,995. Neoteris’s low-end device, the A-1000 supports 50 users for $9,995 and up to 250 concurrent users for $24,995.
Cisco’s 3060 VPN Concentrator, which has the most horsepower of its entire 3000 product line, offers roughly 100 concurrent SSL VPNs for a list price of about $40,000.
In comparison, Neoteris’s A-5000 supports 100 concurrent SSL users for $39,995 and up to 2,500 users for $114,995. Aventail has an appliance that scales up to 1,000 concurrent SSL sessions for $49,995.
Cisco is one of the last large equipment providers to announce an SSL solution. Earlier this year, Nokia Corp. (NYSE: NOK) announced its SSL solution (see Nokia Sweetens SSL ). Last week Nortel Networks Corp. (NYSE/Toronto: NT) announced its offering (see Nortel Takes Its Own VPN Route). NetScreen has acquired Neoteris (see NetScreen Snags SSL Leader). The only large-scale IPSec vendor left to watch is Check Point Software Technologies Ltd. (Nasdaq: CHKP). The company has a rudimentary solution, but it has indicated that it’s working on a more robust product.
— Marguerite Reardon, Senior Editor, Light Reading