ADI offers a VPN product line that scales from a simple, software-based VPN client to a full T3 VPN switch supporting large enterprise network environments. VPN is one of the most promising new technologies to leverage the flexibility and cost advantages of the Internet. It lets enterprises reduce their dependence on expensive leased-line networks and troublesome remote-access solutions by establishing connections across shared IP networks.

For VPN to fulfill its promise of reducing operating costs, however, it must deliver simple setup and maintenance procedures as well as extensive security and high performance--objectives that are generally in conflict. By delivering automated network operations and management, dynamic adaptation to changing network topology and enhanced security at wire speed performance, the ADI product family offers tangible advantages over other VPN products and services.

ADI's innovative Automated Operation and Security (AOSę) system technology delivers:

·ęEase of installation and automated VPN management. With AOSę, ADI's VPN solutions are as simple to install and manage as a typical network hub. They require no manual configuration or on-site maintenance. The ADI Management Server (AMS) permits network managers to administer user access and corporate policy controls centrally through a highly intuitive, easy-to-use graphical interface. ADI products can be deployed with little or no additional training.

· Dynamic connectivity. ADI's VPN products efficiently route traffic through meshed networks, providing both redundancy and optimized traffic management. Meshed VPNs decrease enterprise network operating expenses by reducing the need for expensive circuits. Based on the administrator-defined policy, traffic is routed from the source directly to the destination, eliminating the intermediate hops typical in a statically configured VPN. ADI's VPN products maintain the necessary intelligence to optimize bandwidth by making dynamic routing decisions. Current VPN solutions based on the static configuration of IP networks are not equipped to meet the demands of modern corporations, which are continuously confronted with changes in network connectivity and topology.

· Security. ADI's VPNs deliver comprehensive security to guarantee safe transmission of mission-critical data over public networks through the implementation of (1) a VPN management and authentication process and (2) a content encryption and authentication protocol that complies with IPSec (IP Security) standards. The VPN management process is facilitated through mutual authentication based on ISO X.509 certificates, which are burned-in during the manufacturing process. Once authenticated, management information is protected with 1,024-bit RSA public/private key and triple-DES (Data Encryption Standard) bulk encryption. The content-

encryption process uses the IPSec standard to ensure the confidentiality and integrity of the message.

ADI's Dynamic VPN Switching combines networking and security technologies to deliver a complete VPN solution that satisfies the requirements of the full range of VPN applications: private-line replacement, remote-access augmentation, extranets and community-of-

interest segmentation.

Network Computing's Evaluation of Assured Digital's Response

Assured Digital is a newcomer with a seemingly complete VPN system. ADI makes some big promises in its response, and we have yet to see whether it can actually fulfill them. However, ADI did return a complete response to our RFP, including department-level security, centralized and tiered management, and an installation timeline. One of ADI's selling points is ease of installation and management. The product line is designed to be essentially plug and play with an intuitive management system--all of which lowers training and implementation costs.

ADI employs a number of standard network protocols, such as IPSec with IKE (Internet Key Exchange, formerly ISAKMP/ Oakley), DHCP, OSPF, RIP V2 and others. ADI seeks to lower WAN costs not only by leveraging the Internet as a WAN backbone, but by using routing protocols such as RIP and OSPF to find the shortest path between two points. However, in an IP network, this would be handled by the routers at the next hop. Since ADI hardware can terminate WAN connections directly, this advanced functionality is built-in.

Centralized management is key to Acme.com, especially as it grows. User management is particularly difficult because of the sheer numbers. To ease the management burden, ADI lets users log in the VPN device, which is a RADIUS client. However, this assumes that the remote client is using encrypted passwords, such as CHAP (Challenge Handshake Authentication Protocol), or token security. Otherwise, passwords in the clear are an open door. The RADIUS client can authenticate against existing user databases.

ADI's tiered management scheme also eases management. A central administrator can establish administrative domains, each with its own administrators. Not only does this ease the management burden on central IS departments, but branch domains can react more quickly to personnel changes. Since many of Acme.com's sites are remote, the tiered management scheme and rapid response to changing conditions it provides make sense.

ADI's management system offers policy-based management of devices, centralizing device management and security policy control in one location. The policies contain the configuration information and security parameters for devices that are updated regularly. This tight security management ensures that remote devices comply with the security policy defined at the administrative level, rather than relying on distributed staff to implement security rules.