Secure extranets arrive

As important as VPNs (virtual private networks) are, they aren’t the ideal solution for connecting two business partners. Enter a new breed of start-ups that is developing appliances that let businesses offer secure access to specific applications, without giving up full-blown network access like VPNs.

Flatrock Inc., Neoteris Inc., Netsilica Inc., and others make appliances or software that permit businesses to provide partners and remote employees access to network elements as defined by a system administrator.

Their collective approach deviates greatly from what a VPN can deliver.

A VPN connects two networks, creating an extremely secure connection. While this is great for connecting two remote offices, it is not the best for connecting networks owned and operated by separate companies. Out of this quandary comes instant virtual extranets or network layer VPNs.

“All of a sudden there are a whole lot of new companies that provide network layers VPNs,” said Jeff Wilson, executive director at Infonetics Research Inc. “The solutions are cheaper, easier to install, and provide greater control of users.”

Today the playing field is dominated by start-ups, but it is likely to gain the attention of established security, routing, and VPN players, analysts said.

The most celebrated player in the market is Neoteris. The Mountain View, Calif.-based company was created by Jim Clark of Silicon Graphics Inc. fame, and was first-to-market with an appliance that allows system administrators to dole out remote access to the company’s applications via a standard Web browser.

The company’s RemoteAccess and PartnerAccess appliances use 128-bit SSL (Secure Sockets Layer) to encrypt all sessions and do not require client-side software. Set up behind a corporate firewall and connected to a company’s application servers, the appliance receives redirected SSL connections and then establishes a connection to the application servers. The products support HTTP and HTTPS and will soon support Telnet. After it is set up, which Neoteris said takes less than 30 minutes, users can access file servers, Webified applications, and native e-mail programs. However, the company does not support legacy applications.

Despite that, the company has had some success. The company boasts 30 customers since the product was released three months ago, including Patrick Wilson at Finisar Corp.

“Neoteris’ solution is at the bleeding edge,” said Patrick Wilson, who uses RemoteAccess to connect his remote users of custom applications. “It takes 10 minutes to rack and stall, and five minutes to get configured on the network and poke a hole in our firewall.”

Meanwhile, in late January, Flatrock released its instant extranet product. In addition to promoting the potential savings in time and money, as well as the easy-setup angle, Flatrock also pitched its support for both Web front-ended and legacy applications.

Enterprises using Flatrock’s solution install an appliance behind their firewall and a subscriber appliance at the remote site. The remote appliance establishes a secure tunnel to the provider appliance via the Internet using IPSec or Blowfish as the encryption means.

Like Neoteris, users are given access to select applications, but Flatrock’s approach virtualizes applications to make them appear as if they are local to the remote user. This approach lets Flatrock support legacy applications – something Neoteris doesn’t seem too interested in doing. And if a user is away from the remote office, Flatrock users can use a VPN client to dial in to the remote appliance.

Despite their early progress, analysts see this space getting even more crowded.

“This is a good idea and a lot of brand new companies are going after the market now, but only time will tell,” Wilson said. “Anyone selling SSL accelerators and VPNs will go after this market. They’re paying attention and if they lose some deals, they’ll pay more attention.”

Jim Slaby, a senior industry analyst at Giga information Group Inc. in Cambridge, Mass., agrees. “This is a classic story of how a technology has crept under the radar of VPN vendors,” he said. “For now, these start-ups will score the low-hanging fruit as there is pent-up demand for the capability.”

However, Slaby does not expect traditional VPN players, such as Cisco Systems Inc., Nortel Networks Corp., and Checkpoint Software Technologies Ltd., to get into the game until early next year. “The big boys will snap up the technologies that look good to them.”

Prior to the flurry from the aforementioned, along with SafeWeb Inc., Yo Inc., and Netilla Networks Inc., the only player in the space was Aventail Corp., of Seattle, which delivers extranet and VPN services as a managed service.