Embed Size (px)
DESCRIPTION
Competitive Analysis of Shiva by Intel and Recommendations for next steps.
Citation preview
1R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
April 14, 2000
WSO PLBP - VPN
Competitive Market, Channel and Strategy
2R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
VPN MARKET
TAM: $85M (1998) - $1.5B (2003) with 77% CAGR
SAM: $20.3M (1998) - $172M (2003) with 53% CAGR
VPN PLBP Key Messages
Key Messages:•VPN is a primary enabler of converged data networking, facilitating the consolidation of private infrastructure into shared public infrastructure: one virtual network•VPN is the only viable means for broad based remote access and
e-business applications•VPN is currently a stand-alone capability that will be absorbed into access routers, switches, MSADs and Internet appliances
3R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
VPN Product Segments
• Dedicated VPN hardware: devices that support VPNs via hardware; the products are divided into the following subcategories:
• Low-end: support 100 or fewer simultaneous tunnels• Midrange: support 101 to 1,000 simultaneous tunnels• High-end: support more than 1,000 simultaneous tunnels
• Dedicated VPN routers: hardware support for encryption and support for routing protocols
• VPN-enabled routers: routers with software support for tunneling and encryption
• VPN-Enabled Software Firewalls: software firewalls with support for tunneling and encryption
4R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
VPN Market Matrix Comparison
Six vendors identified for competitive analysis vs. Intel• Nortel• Cisco/Altiga/Compatible• Lucent/Xedia• Efficient Networks/Netscreen• Microsoft• Checkpoint
5R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Matrix ComparisonVPN Vendor ComparisonVendor Maximum
Throughput/Tunnels
Supported Routing Protocols
Security - Intrusion Detection/Firewall
LDAP Site-to-site Failover
Support QoS
CA Support
IPsec RADIUS
Enhanced Logging & Reporting
DHCP Support
Client OS Support
Client Deployment Solution
Client Firewall
Management User Interface
Multi-tenant capability\
Nortel Networks
NA/5000 RIPv1, RIPv2 Yes / From Checkpoint
Yes Yes Yes Entrust, VeriSign
Yes Yes Yes Win95, 98, NT, Mac OS
No No HTML, GUI, Yes
Cisco (Routers) 90+ Mbps/2000 RIPv1, RIPv2, OSPF, EIGRP
No / Yes NO Yes Yes Entrust, Verisign, Netscape
N/A Yes Yes No No No CLI, telnet Yes
Altiga (Cisco) 100Mbps/5000 RIPv1, RIPv2, OSPF
No / Yes Yes Yes No No Yes Yes Yes Win95, 98, NT, 2000, 3rd party MAC
No No GUI, telnet, CLI, HTTP
Yes
Compatible (Cisco)
780 Mbps /40000 RIPv2, OSPF No / No NO Yes No Entrust Yes Yes No Win95, 98, NT, 2000, MAC, LINUX, SUN
No No GUI, Telnet, CLI, SNMP
Yes
Lucent 75Mbps */2000 RIPv2, OSPF, IEGRP
Yes / Yes NO Yes No Entrust, VeriSign
Yes Yes Yes Win95, 98, NT,
No Yes (OEM) HTTP, SNMP No
Xedia (Lucent) 155Mbps / 4000
IP, RIP, RIP2, OSPF, BGP-4, IGMP2, DVMRP3
No / YesCRL retrieval
VRRP
Yes, TOS, Differential services, CBQ
Entrust, VeriSign
Yes No Yes 95/98/NT4 No Yes (OEM) CLI, Web, SNMP Yes
Intel 10Mbps/1000 Static No / Yes NO No No Entrust, Shiva
No No client only Win95, 98 NT
Yes No GUI, Telnet, CLI No
Intel (Spitfire) 95Mbps/5000-10000
Static No / Yes NO No No Entrust, Shiva
No No client only Win95, 98, NT, 2000
Yes No GUI, Telnet, CLI No
Microsoft 45-70Mbps / 1000-5000
RIP, OSPF No / Packet Filter
Yes Yes Yes w ith Active Directory
Yes Yes Yes Yes Win 95, 98, NT, WIN 2000
Built in No IAS, SNMP, Event View er, Netw ork Monitor
Yes
NetScreen (Efficient Networks)
1 Gbps25000 RIPv1, RIPv2 (f low point)
Yes / Yes NO Yes No VeriSign Yes SYSLOG, WebTrends, SNMP MIB-II, SNMPv2
Yes Win95, 98, NT
No Yes CLI, Web, GUI, Telnet, SNMP
Yes
Checkpoint 10Mbps, 45Mbps / 4500
RIPv1 v2, OSPF, VRRP, IGRP, BGP-4
Yes / Yes NO Yes No VeriSign, Entrust
Yes SNMP, GUI, NT Event Log
Yes Win95, 98, NT, UNIX
No Yes SNMP, Web N/A
3Com END LIFE END OF LIFE END OF LIFE
6R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Nortel• Market Share
• 14% World Wide Total Dedicated VPN• 30% World Wide Dedicated Low End• 15% World Wide Dedicated High-End
• Target Markets and Channels• SME• Large Enterprises - Fidelity Mutual Funds, Miami Herald• ISP - GTE Internetworking, Bell Nexia, NBTel, Sprint Global
Internet VPN Service
• SME and Large Enterprise markets served both by resellers/system integrators and Large Enterprise and ISP via resellers and Nortel Direct sales.
7R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Nortel• Why Nortel Wins
• Mature stable product• Full featured product line• Strong enterprise and ISP relationships• Strategic Market Alliances
• Strategic Marketing Alliances• Nortel incorporation of Checkpoint FireWall-1 allows Nortel Networks to further
strengthen its leading Extranet/Virtual Private Network (VPN) solution• RSA Security• Nortel integrated the Entrust IPSec Negotiator* Toolkit into the software
platform of its Contivity* Extranet Switch product line, making the product Entrust-Ready*.
• RND Network's IP load balancer, the Web Server Director (WSD),combined with Bay Networks ContivityTM Extranet Switch product family.
• Bay Networks has licensed Netscape® Directory Server software and will bundle it with each version from Bay Networks Contivity® Extranet Switch product family.
8R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Cisco (Altiga, Compatible)• Market Share
• 88% World Wide VPN enabled Routers
• Target Markets and ChannelsCompatible• SME CPE via Resellers/Integrators and Catalog • Enterprise Customers via Resellers/Integrators• Showcase accounts include Adobe Systems, Apple Computer, Corio, Entex
Information, JPL, Lawrence Livermore, Pacific Group, Yankee Group, Pacific Stock Exchange
• ISP Carriers
Altiga• Small to Medium Enterprises• Large Enterprises• ISP’s - UUNET Vendor Alliance Program, HarvardNet, MediaOne, Digital Signal
Communications.• Resellers/Channels/System Integrators• Technica Corporation, a leading government solutions (GSA) integrator, to provide
customized VPN solutions to enterprise and government agency clients.
9R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Cisco (Altiga, Compatible)• Why Cisco Wins
• Time to market - Quick release product cycles• Strong enterprise and reseller channels• Two Acquisitions in dedicated hardware market• Mind Set
• Strategic Marketing Alliances• Compatible
• Compatible and PSINet Join Forces to with Channel Offering via Ingram Micro to make Service/Hardware bundle available through Resellers Nationwide
• Compatible Partners with NETRIX to Offer VoiceOverVPN June 1999• Altiga
• Baltimore Technologies, GTE CyberTrust, Entrust Technologies, RSA Security, iPass, Funk Software and Microsoft Certified Solution Provider.
10R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Lucent (Xedia)• Market Share
• 17% World Wide Dedicated Mid-Range• 24% World Wide Dedicated VPN Router
• Target Markets and Channels• SME• Large Enterprises • ISP
SME and Large Enterprise markets served both by
resellers/system integrators and Large Enterprise ISP
11R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Lucent (Xedia)• Why Lucent Wins
• High performance IP routing and QoS• Multi-tenant Internet Access
• Strong market awareness through publications and trade magazines
• Proven award wining product I.e Best of Show N+I• Carrier class products
• Strategic Marketing Alliances• UUNET, Concentric Network, Internet Telephony,
AT&T Canada
12R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Efficient Networks (NetScreen)• Market Share
• 7% World Wide Dedicated Low End• 9% World Wide Dedicated Mid-Range
• Target Customer • Remote access customers • Small to medium-sized businesses • ISP/ASP
• Primary Channels• Hewlett-Packard resells NetScreen-100 under HP Covision
program• Hitachi- Seibu Software resells NetScreen products in Japan• Patriot Technologies leading reseller of security solutions adds
NetScreen products to it’s GSA schedule.• WebZone Inc
13R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Efficient Networks (NetScreen)• ISP/ASP Providers
• Tibco.net 24x7 hosting service providing content aggregation to Yahoo. AltaVista, AOL, NetCenter, mySap.com and CBS Sportsline uses NS-100 in it’s data center
• Virtual Media Technologies a provider of managed Internet Security for Business to Business e-commerce sold via CLEC’s and ISP’s
• Excite@Home offering NetScreen-5 to small-medium enterprise customers for secure broadband connectivity
• GTE Professional Services resells NetScreen-10, NetScreen-100 and NetScreen-1000
• Bluetrain.com and ASP focusing on small-medium size enterprises deploys NS-5, NS-10 and NS-100 at customer sites for secured VPN connections to their data
• Why NetScreen Wins• Recent acquisition of NetScreen/Flowpoint• Superior alliances with ISP/ASP providers• Strategic Partnerships with Equinox
14R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Checkpoint/Nokia• Market Share
• 25% World Wide Total Dedicated VPN
• 56% World Wide Dedicated High-End
• 66% World Wide Software VPN Firewall
• Target Customer • Check Point is experiencing success both with their existing
installed base of customers and through sales by Nokia to new customers
• 110K customer installations - high end• 50% of firewall installed on Solaris
• Primary Channels• Distribution, OEM, 25+ Telcos/ISPs
• 75 Direct VARs/1,000 channel partners
• ~10% of sales through SunSoft unit
15R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Checkpoint/Nokia• Why Checkpoint Wins
• Firewall-1 Security Suite: VPN, authentication, NAT, content security, auditing; third party integrated software
• VPN-1: HW and SW-based VPNs
• Provider-1: Management solution for security policies
• Floodgate-1: Enterprise traffic control/bandwidth management
• ConnectControl: Load balancing solution
• MetaIP: IP management
• Cyber Attack Defense System: NetQuota, ServerQuota, Internet Alerts, Intrusion Response Protocol, VPN-1 Enterprise Center, Malicious Activity Detection, RealSecure
• Strategic Marketing Alliances
16R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Checkpoint/Nokia• Strategic Marketing Alliances:
• Nokia appliance development• VeriSign: Certificate deployment (Entrust/Baltimore planned)• IBM: AIX development• Microsoft (unified policy based management)• ODS: OEM of Check Point software• TI/Software: new Check Point company focused on security for broadband
home market• Intel (SVN architecture to Itanium)• ISS: RealSecure development• Sun (Solstace Firewall-1) discontinued in October `99
• OPSEC:
• Open platform for security integration of best of breed solutions; 200 partners
17R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
EOL
3Com
• PathBuilder S400• PathBuilder S500• Superstack II NetBuilder SI Routers• OfficeConnect NETBuilder
18R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Intel• Market Share
• 4% World Wide Total Dedicated VPN• 7% World Wide Dedicated Low End• 5% World Wide Dedicated Mid-Range
• Target Customer • Remote access customers • Small to medium-sized businesses • Internet Service Providers who need VPN hardware and software to
sell as on-site equipment to small to mid-sized businesses.
• Primary Channels• iASP’s (including formerly Shiva Premium Plus VAR’s) who have been
selling our current VPN solutions and other internetworking products. ISPs are also a target channel through the iISP program. NCP VAR’s (including formally Shiva premium VAR’s)
19R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Intel• Why Intel Wins
• Mature stable product• Enhanced VPN client capabilities• Sell into existing LRAS installed base• Shiva name brand recognition in remote access space
• Why Intel Loses• Time to Market• Critical product features missing• Lack of strategic marketing alliances/partnerships• Heavy attrition in Sales channels• Need to reeducate channel, VARs, PVARs
20R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
MS Win 2000 vs. Intel• Windows2000 Server and Advanced Server
Strengths
• Interoperability and Standards Support Support for IPSec, L2TP, PPTP industry standard protocols Supports Industry Standard hardware, can support multiple encryption
accelerators, supports multiple networking devices, Ethernet, Token Ring, FDDI, ATM, T-1. T-3
Includes “free MS Certificate Authority Server” and supports multiple CA’s Centralized database for authentication, NT Domain, Active Directory and
Radius (Radius Server bundled free under Internet Authentication Services)
21R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
MS Win 2000 vs. Intel• Weak Points Windows2000 VPN Server
General purpose operating system, slow performance without acceleration hardware or multi-CPU processors
PCI bus bandwidth limitation for I/O device and network device IPSec setup on server (and client) is awkward and requires significant in
depth knowledge of IPSec VPN Policy Management limited and highly dependent on Active Directory
framework QoS Features require Active Directory framework in place Very weak and limited Logging and Troubleshooting Tools Policy Management limited without Active Directory and predominately
limited to Windows2000 clients
• Weak Points of VPN client support No IPSec client for Windows95/98 or NT 4.0 No L2TP client for Windows 95/98 or NT 4.0 Windows 95/98 and NT clients only supported under PPTP
22R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
MS Win 2000 vs. Intel• Intel VPN Gateway Strengths Compared to
WIN2000 VPN Server as Gateway VPN Manager easier to use with more intuitive tabbed screens, requiring
less IPSec and VPN knowledge to configure Gateway. Syslog server provides single point of view on Gateway, CA or client
configuration issues vs. Win2000 Servers (four basic troubleshooting programs).
Better price/performance ratio between VPN Gateway (Spitfire) versus Windows 2000 Server customized for VPN Gateway duties i.e. configured with IPSec accelerator cards, 3DES cards and multiple CPU processors.
VCDT program allows distribution of pre-configured VPN Client profiles.
Intel VPN Client Strengths SST and IPSec clients for Windows 95/98 and NT 4.0 Native support for L2TP/IPSec Windows2000 client
23R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
MS Win 2000 vs. Intel• Intel VPN Gateway Weaknesses compared to
WIN2000 VPN Server
CA support limited to Shiva CA and Entrust 4.0 both extra cost options Radius Server is extra cost option i.e. not bundled with Intel GW, client or
management programs. Intel GW can’t proxy to NT domain without Radius Proxying No Policy Manager for managing other Gateways or clients etc. No Active Directory support or proxying at present No support for PPTP Shiva CA doesn’t interoperate with other Certificate Servers on market i.e.
proprietary solution No ease of use advantage of Shiva CA versus Microsoft CA, both are easy
to setup.
24R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Summary of vendors vs. IntelIntel Lacking Following Key Product Features
-routing protocols
-intrusion detection/enhanced firewall
-QoS, Bandwidth Management
-3rd party Digital Certificate support and LDAP
-enhanced logging/reporting
-unified management including HTTP
-site-to-site failover/DHCP support
-personal firewall client
-3rd party clients I.e Linux, Unix, Mac
-RADIUS for IPSec
-carrier class architecture and throughput
I.e modular design, 500Mbps +
-Voice Over IP support
-Multi-tenant internet access
25R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
Network Product Vendor Comparison for 2002
3%
5%
0%
9%
21%
57%
21%
52%
8%
7%
3%
5%
25%
29%
1%
7%
8%
9%
0% 20% 40% 60%
Intel
Lucent
Microsoft
Nortel Networks
3Com
Cisco
Net
wo
rk P
rod
uct
Man
ufa
ctu
rers
Percent of Respondents
Small
Medium
Large
EOL
Infonetics Research - Corporate Access in the US 2000: The Big Picture
Will not be #1 or #2 with current strategy
26R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
VPN PLBP StrategyMarket Options
• Build/Acquire complete product line according to key deficits for obtaining #1 or #2 market segment share
• VPN Branded product line will eventually be merged with converged product platform but will provide foundation for MSAD product
• Both product lines co-exist until VOIP is added to VPN platform•VPN gateways become MSAD
• OEM Intel APIs, toolkits for building block security components once converged market is in place
• Sell VPN platform to existing OEM partners I.e DELL, Compaq, etc..
• Promote PC vendors to start building Internet appliances that will will need security building blocks I.e IPSec toolkits, APIs, crypto etc.
• Strategic partnerships I.e Linux to build APIs around IA platform - partner and resell to OEM vendors along with Intel silicon
27R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions
• Unique position to leverage on existing computing expertise• Leverage e-Business data center campaign• Directly complement and provide foundation for converged MSAD platform I.e
VPN, routing, firewall• The complete solution is compelling to our RCO channel partners who are
looking to consolidate vendors
• Economies of scale across CPG through shared architecture will allow us to drive costs down ahead of the price curve
• Reuse of routing, security and management software will maximize efficiency and time to market for new capabilities
• Shared silicon, hardware and packaging will allow us to drive high volumes at low costs
• NetStructure product positioning will allow Intel to offer unique and feature rich, branded differentiation
VPN PLBP StrategyWhy We Will Win
28R
®
WA
N S
yste
ms
Ope
ratio
nsW
AN
Sys
tem
s O
pera
tions • Strategic goals
• Build/Acquire features that have been identified necessary to
be #1 or #2 in VPN TAM• Realignment of engineering resources for VPN projects• Build Strategic relationships with leading industry vendors • Identify OEM opportunities and strategic alliances
• Products• Expand product portfolio to cover 2-5 user space, and personal firewall • Segment product portfolio to include delivery of access router for $ 1 000
price point MSRP • Migrate to common CPG hardware platform in early 2001
• Channel• Provide the channel with a complete product offering that enables value
added solutions selling immediately• Explore direct selling via e-Commerce
VPN PLBP StrategySummary
