Nortel aims to make big VPNs a little easier

In an attempt to make large-scale VPN deployments easier, Nortel Networks Corp. has added access, management and security features to its latest Contivity Secure IP Services Gateway, the Contivity 5000. Industry observers say the vendor is on the right track, although one analyst questions Nortel’s prospects with this most recent device.

Brampton, Ont.-based Nortel in May unveiled the Contivity 5000, a VPN platform that offers routing capabilities, 400Mbps of encrypted data throughput, support for 5,000 tunnels, firewall and management features designed to make WAN security simpler for enterprises.

According to John Doyle, director, product marketing, corporate edge services with Nortel, the 5000 addresses a trend toward larger VPN deployments.

“The market has changed from a principally remote-access market to one where lots of people are adding site-to-site capabilities.”

But big VPNs bring big challenges, Doyle said, pointing out that network managers face the unenviable task of controlling the devices, as well as matching VPN configuration with security policies.

To make implementation less arduous, the 5000 works with new Contivity software (v4.8), which includes “Tunnel Guard.” This feature lets the VPN see if end-users have firewalls and antivirus software enabled on their computers before allowing them access to the network. As well, a “Firewall User Authentication” function in the Contivity software tells the 5000 which users have access to what. Unauthorized users can be denied access to various sections of the network.

Nortel says up to eight 5000s can be clustered and load balanced behind Alteon switches for failover. Also, the 5000 employs Nortel’s method of combining dynamic routing protocols and IPSec – a feature that improves routing efficiency in secure environments.

Alongside the 5000, Nortel offered up Contivity Configuration Manager 2.0, the latest management program that lets users push a single configuration to multiple VPNs, thereby cutting down on the amount of time required to set up each box, Doyle said.

Nortel also unveiled its Remote Access Manager, a service that presents dial-up users with lists of service providers, local phone numbers, prices and service level stats, so off-site employees can source the best method of connecting to the VPN.

The new products help the enterprise distribute security across myriad sites and users, “now that these large enterprise requirements are becoming more pronounced,” said Ed Daugavietis, Nortel’s senior manager, virtual private networks.

Ronald Gruia, Toronto-based enterprise communications program leader with Frost & Sullivan, said the 5000 suits Nortel’s product line. By leveraging the vendor’s wireless local area network, IP telephony and security products, Nortel’s customers “can have end-to-end coverage from a single vendor.”

But Roberta Fox, president of Fox Group Consulting in Markham, Ont., questioned Nortel’s chances of success. “I question their ability to sell,” she said, pointing out that many enterprises already have VPNs; the new Contivity might speak to service providers more than corporations.

Nortel’s reps, however, said most current enterprise VPN implementations cannot handle 5,000 tunnels. As VPN deployments scale up in size, the 5000’s ability to support so many users becomes all the more important.

Robert Mulvanity seemed to agree. As director of networks and operations for the Commonwealth of Massachusetts’ Executive Office of Public Safety, Criminal History Systems Board, he is partly responsible for ensuring state law enforcement agencies adhere to federal security guidelines regarding communication. Mulvanity said the Board’s current Contivity infrastructure, comprising Contivity 1100s and 2700s, must be able to handle more users if it’s to support future functions, such as secure wireless access to records.

“The 2700 as a phase-one approach is fine. But we’re absolutely going to have to step up.”

The 5000, available now, is priced at US$45,000, but Tunnel Guard and other features packaged in Contivity software 4.8 will not be available until July. Remote Access Manager will also be available in July. Doyle said pricing for that service depends on implementation.

Nortel is online at