Entrust adds VPN module

Entrust Technologies today announced a new virtual private network module for its public key infrastructure software to issue digital certificates.

Entrust's announcement, made just days before the Network+Interop trade show in Atlanta, headed a slew of VPN announcements today, including a VPN appliance from Sonic Systems, a VPN add-on card from Red Creek Communications, and Altiga Networks' high-speed VPN offering.

The VPN market also got attention today from Intel, which is acquiring VPN company Shiva for $185 million, $6 a share in cash. (See related story.)

Entrust also said it supports multiple VPN protocols so its PKI software works with most VPN hardware and software vendors, 15 altogether. That makes it easier to set up secure connections over the Net even when each end uses VPN technology from different vendors.

"The Entrust PKI can support virtually all environments for VPN vendors, all off of one system, and that is unique in the industry," Entrust CEO John Ryan said, outlining Entrust's VPN strategy. "We have worked with virtually every vendor in the wide area network--firewalls, routers, and VPN gateways. They basically can assure that Entrust will work with any boxes they have in their setting."

VPNs, which set up secure, encrypted connections over the public Internet, are attractive to network managers because VPNs are much cheaper than using leased lines for secure private networks.

A PKI system can be used to issue and manage digital certificates, which vouch for the identity of a person or device online to the devices at each end of a VPN's encrypted tunnel through the Internet. The PKI also can manage cryptographic keys or ciphers that VPN devices use to encrypt and decrypt data and to apply digital signatures.

"We are more than a vendor who can put certificates in the devices--we help enable this encrypted session to become a reality," Ryan added. He said today's announcement puts Entrust ahead of certificate authority rivals VeriSign, GTE CyberTrust, and Baltimore Technologies, an Irish firm that entered the U.S. market last month.

Entrust's new product, VPN Connector, is now available. It's a small add-on to Entrust's PKI system that facilitates handling certificates for VPN gateways. It works with VPNs from 3Com, Cisco Systems, Hi/fn, Network Associates Radguard, Red Creek, and VPNet.

Entrust's PKI software now supports the following VPN protocols: IPSec (IP Security), IKE, PKCS (Public Key Cryptography Standard) 7, PKCS 10, and Cisco's Certificate Enrollment Protocol (CEP).

Entrust named VPN vendors that have used the Entrust/IPSec Negotiator Toolkit to make their products work with Entrust's PKI. They include Ascend, Axent/Raptor, Bay Networks, Check Point Software, Hewlett-Packard, Milkyway Networks, Nortel Networks, TimeStep, Shiva, and V-One.

By year's end, Entrust will release its Access product, based on technology licensed from Check Point. Access is designed for companies that don't have a PKI but want a gateway server to authenticate users and generate certificates. Access will be a standalone version of Check Point's technology.

In other VPN news:

Sonic Systems announced SonicWall VPN, an under-$1,000 Internet security appliance that works as a VPN, firewall, and content filtering box. The standalone appliance, which supports the IPSec protocol for VPNs, is designed for branch offices and smaller companies.

Red Creek Communications announced a VPN network interface card called the Ravlin PCI for Windows NT 4.0, which puts VPN technology on a board that can be inserted into a PC. Microsoft will support the new PCI card for Windows NT 4.0 and version 5.0. Based on IPSec, the Ravlin VPN turns the NT Server into a secure commerce, Web, and terminal server for VPN tunnels. The new card, to be demonstrated at N+I, will ship to customers next month. Pricing was not released.

Startup Altiga Networks introduced its VPN concentrator line to allow enterprise networks to accommodate everything from dial-up modems to high-speed cable or DSL connections. The family includes products engineered to handle 50 to 5,000 simultaneous broadband connections, is priced from $10,000 to $50,000, and is due to ship by March 1999.

Novell said its BorderManager VPN software has won Commerce Department approval to export its BorderManager VPN software with 128-bit encryption to non-U.S. firms in 40 countries around the world. Novell also moved a new product in its BorderManager Internet security management line, VPN 3, into a controlled beta program.

Rainbow Technologies said its FastMap encryption chip is now available to manufacturers in production quantities. The company also announced its line of NetSwift-1000 PCI cards for VPN hardware and software providers. Both products move complicated cryptographic processing onto a specialized piece of hardware. NetSwift-1000, which supports IPSec, will be available in production quantities by March. Evaluation samples are available now.