Start-up aims to simplify VPN mgmt.

Start-up IP Dynamics Corp. wants to make joining a VPN as easy as typing in a password.

At the VPNCon show last week, the company introduced its VP3 Software Suite, which translates directory names into IP addresses and automates VPN set-up so a user only has to enter his password in conjunction with his digital identification to join or change a VPN.

In addition to simplifying the end user’s duties, VP3 centralizes management so additions and changes to VPN membership are entered once and take effect across the network with no distribution or manual reconfigurations required.

Typical VPNs today allow connections between specific machines. Usually these are PCs with VPN software running on them and VPN gateways that stand between the Internet and private networks. Any time a new user or site is added, each machine involved in the VPN must be updated, creating complex management problems.

“VP3 will help relieve the headache people are having managing policies and access rights,” says Jeff Phillips, an analyst with TeleChoice. It also makes it simple for companies to create VPNs with business partners and suppliers, he says. No other VPN provider has an architecture like it, Phillips says.

VP3 technology is the brainchild of former Santa Clara University computer engineering professor Hasan Alkhatib, who raised US$20 million in venture capital from firms including Intel Capital, SUNeVision and TAMC. Based in Campbell, Calif., the company has 37 employees. Alkhatib says China Telecom plans to use IP Dynamics equipment to support a service and claims a U.S. provider will base a VPN service on it soon.

VP3 software is based on standard DNS technology. With VP3, net managers define VPNs by domain name on a central server, called the Virtual Domain Name (VDN) server. The VDN server is connected to the Internet from a corporate network or resides within a service provider network. VDN software runs on Solaris, Windows NT and Windows 2000.

Each VPN group gets its own domain name, and members get their own names as part of these domains. So one user could be the member of several VPN domains with a different personal name for each VPN. Net managers enter these names and set security policies associated with each VPN domain.

The system requires client software on each machine that will engage in VP3 VPNs. PC platforms supported are Windows 98, 2000 and NT.

This software client communicates with the VDN server to authenticate the user, which is done via a password and a digital ID that’s been distributed by the enterprise network staff or the service provider. The ID is stored on the PC, and if a user is moving to a different machine, the digital ID must be brought along on a floppy disk. The new machine must also be running the VP3 client.

Once authenticated, the requesting machine is given the IP address of the VPN member machine being sought, and the two machines create an IP Security connection between them.

IP Dynamics refused to provide enterprise network pricing but said a service provider could be profitable selling a VP3-based offering for US$20 to US$30 per end user per month.

IP Dynamics can be reached at http://www.ipdynamics.com.