F5 Buys Into SSL VPNs
F5 Networks Inc. (Nasdaq: FFIV) is the latest vendor to get into the SSL VPN market.
On Wednesday, the Layers 4-7 load balancing appliance vendor announced it was spending $25 million in cash to buy SSL VPN startup uRoam Inc. (see F5 Buys uRoam, Reports Strong Q3).
F5 wasn’t the only vendor eyeing uRoam. NetScreen Technologies Inc. (Nasdaq: NSCN) had supposedly been talking to the company for months, but talks shut down when NetScreen was unwilling to dish out uRoam’s asking price of at least $40 million, say sources in the industry (see NetScreen SSL Move Likely).
It seems that uRoam may have been desperate to sell, since it settled for a price tag substantially less than the $37.5 million it had raised in three rounds of funding.
There’s no disputing that F5 got a good deal, but why is everyone so hot for SSL?
Most enterprises view SSL (Secure Sockets Layer) as a way to extend remote access to employees. Because SSL VPNs (virtual private networks) can be accessed via a Web browser, they’re easier to use than IPSec VPNs, which generally require client software to be downloaded onto a user’s PC.
(For a more detailed explanation of SSL, see the Light Reading report on Security Processors.)
As more enterprises ask for the technology, more vendors are looking for ways to integrate it into their products. Because SSL VPNs straddle the line between networking and security, two main groups of vendors are looking at adding the functionality to their products. One group comprises security appliance and software vendors like Check Point Software Technologies Ltd. (Nasdaq: CHKP). Nokia Corp. (NYSE: NOK) has added SSL VPN to its offerings (see Nokia Sweetens SSL ).
Another group of vendors making Layers 4-7 switches and load balancing appliances, like F5, are looking to get into the game, too. Earlier this week, NetScaler Inc., a small startup in the Layers 4-7 switch market announced it was adding SSL VPN to its switch (see NetScaler Adds SSL to VPN). Nortel Networks Corp. (NYSE/Toronto: NT) announced in February that it was adding SSL acceleration and SSL VPN support to its Layers 4-7 Alteon switch (see Nortel Vouches for VPNs).
Others, like Cisco Systems Inc. (Nasdaq: CSCO) and Nauticus Networks Inc., have added SSL acceleration, which offloads SSL authentication and termination from servers to improve performance (see Nauticus Dives Into the Data Center). Cisco, the market leader in the Layers 4-7 market, is rumored to be working on SSL VPN and will likely make an announcement sometime later this year.
“I’ve heard a lot of vendors talking about adding SSL VPN over the past year,” says Michael Hoch, research director at Aberdeen Group Inc. “It makes sense for load balancing devices, based on where they sit in the network.”
It also makes sense from a financial perspective. In the past year, the Layers 4-7 switch market has seen very little growth. And it’s not expected to grow much in the next few years. According to Yankee Group, Layers 4-7 switches generated about $320 million in 2002. The market is only expected to grow to about $800 million by 2006. On the other hand, overall spending on VPN products and services, according to Infonetics Research Inc., is projected to grow 42 percent from $25.3 billion to $35.8 billion between 2003 and 2007. And remote access will likely be a big part of this figure. By 2005, 74 percent of mobile workers are expected to use VPNs, up from 59 percent in 2003, says Infonetics (see Infonetics Forecasts SSL VPN Market).
“The Layers 4-7 switch market is not growing fast enough to take small companies like F5 to the next level,” says Zeus Kerravala, senior research analyst with Yankee. “It they want to grow bigger they need to look to adjacent markets.”
F5 has already begun adding security features like intrusion detection to its load balancer, but Kerravala says F5 will need to educate the market about the benefits of adding an access technology like SSL VPN to a load balancer.
“It’s not an obvious market for them to move into,” he says. “Remote access is networking, but it’s usually managed by different people than the ones who handle load balancing.”
He says that companies already offering IPSec access products might have a better chance at selling SSL VPNs. Even though Nortel has added SSL to its switching product, it also sells an IPSec VPN product. Cisco and NetScreen would also have a similar advantage, since they also sell IPSec equipment.
At least one Layers 4-7 switch vendor says it doesn’t have plans for SSL VPN anytime soon.
“SSL VPN seems a little bit off focus,” says Doron Abrahami, senior marketing analyst at Radware Ltd. (Nasdaq: RDWR). “I think F5 would be taking a big gamble with SSL-based VPNs, considering that they just got out of the caching business.”
Although SSL VPN gear is often considered to be enterprise equipment, it's likely to be deployed by telecom operators in some instances (see Carrier-Managed CPE IP VPNs). One operator specializing in VPN services, Fiberlink Communications Corp., is already developing an SSL VPN service in association with an unnamed partner (see Fiberlink Snares $50M ).
Vendors already offering SSL VPN equipment include:
- Array Networks Inc.,
- Aspelle Ltd.,
- Aventail Corp.,
- Check Point Software Technologies Ltd. (Nasdaq: CHKP),
- Neoteris Inc.,
- Netilla Networks Inc.,
- NetScaler Inc.,
- Nokia Corp. (NYSE: NOK),
- Nortel Networks Corp. (NYSE/Toronto: NT),
- SafeWeb Inc.,
- uRoam Inc. (now being acquired by F5), and
- Whale Communications Ltd.